Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect on Foxfire [Solved]

Started by cronemage , Dec 05 2009 06:20 PM

This topic is locked

#16
Perplexus

Posted 08 December 2009 - 10:24 PM

Lord of the Geeks

Malware Removal
1,185 posts

The log showed the move failed

Run OTL again with the custom scans as mentioned in a previous post and post a new log so we can see if it actually failed. This is probably my last post for tonight so I'll check in tomorrow morning

#17
cronemage

Posted 08 December 2009 - 10:43 PM

Member

Topic Starter
Member
20 posts

Have a good night! Here's the latest OTL log:

OTL logfile created on: 12/8/2009 10:35:30 PM - Run 4
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Documents and Settings\HP_Administrator.STEPH\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 99.22 Mb Available Physical Memory | 9.77% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.44 Gb Total Space | 143.85 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 5.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (RMSvc) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/01 02:02:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 02:26:57 | 00,000,000 | ---D | M]

[2009/11/27 21:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Extensions
[2009/12/08 06:05:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions
[2009/11/27 22:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/01 00:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/30 21:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/28 06:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\[email protected]
[2009/12/08 06:05:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 23:22:59 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 03:42:03 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/08 21:57:33 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/08 21:34:04 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/08 18:54:55 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/07 16:11:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/07 16:11:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/07 16:11:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/07 16:10:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/05 17:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/05 17:31:37 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:16:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/05 11:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\GooredFix Backups
[2009/12/05 10:54:04 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/05 10:41:35 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/04 04:40:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrivacIE
[2009/12/03 16:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/12/03 16:18:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/03 16:08:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/12/03 16:02:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/03 06:01:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\IETldCache
[2009/12/03 05:30:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/02 21:11:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Received Files
[2009/12/02 21:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\MSNInstaller
[2009/12/02 21:00:07 | 00,000,000 | ---D | C] -- C:\95f68d2ffe30c13af7d76c3b3815
[2009/12/02 20:41:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/02 15:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/02 12:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/01 00:40:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Malwarebytes
[2009/12/01 00:39:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/01 00:39:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 00:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/01 00:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPQ
[2009/11/30 23:29:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/11/30 23:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/11/30 23:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Snapshot Viewer
[2009/11/30 23:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
[2009/11/29 11:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HpUpdate
[2009/11/29 11:27:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/11/29 09:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
[2009/11/28 21:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Yahoo!
[2009/11/28 21:08:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPAppData
[2009/11/28 10:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HP
[2009/11/28 10:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
[2009/11/28 09:52:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/28 06:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Sun
[2009/11/28 02:01:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\UserData
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Macromedia
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Adobe
[2009/11/27 22:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
[2009/11/27 22:12:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
[2009/11/27 22:01:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/27 22:00:47 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:40 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/27 22:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/27 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/27 21:55:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\Downloads
[2009/11/27 21:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
[2009/11/27 21:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla
[2009/11/27 21:43:41 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/27 21:30:39 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Recent
[2009/11/27 21:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\PhraseExpress
[2009/11/27 21:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\PhraseExpress
[2009/11/27 21:20:08 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\SendTo
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Start Menu
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Videos
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Pictures
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Music
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Favorites
[2009/11/27 21:20:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Cookies
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Templates
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrintHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\NetHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\WINDOWS
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Wildtangent
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Real
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Intuit
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Identities
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Google
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\ApplicationHistory
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2005/09/24 09:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2009/12/09 00:14:15 | 00,260,096 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/08 22:37:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job
[2009/12/08 22:01:28 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/08 21:58:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 21:58:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 21:58:00 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 21:56:51 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/12/08 21:56:51 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/12/08 21:34:11 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/08 21:25:08 | 00,000,281 | RHS- | M] () -- C:\BOOT.BAK
[2009/12/08 18:31:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/08 18:30:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/08 16:06:01 | 46,376,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2009/12/08 16:05:21 | 00,122,143 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg.prepare
[2009/12/08 02:00:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/12/07 16:01:16 | 46,334,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/07 16:00:44 | 00,116,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/05 17:56:48 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\NTREGOPT.lnk
[2009/12/05 17:56:48 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ERUNT.lnk
[2009/12/05 17:31:37 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:41:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091207-160708.backup
[2009/12/05 10:41:35 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/04 03:02:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/03 21:09:38 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091205-103327.backup
[2009/12/03 18:23:32 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-210938.backup
[2009/12/03 17:46:05 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/03 17:46:05 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/03 17:46:05 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/03 17:40:41 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 17:39:29 | 01,577,792 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\IconCache.db
[2009/12/03 16:35:32 | 00,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2009/12/03 16:35:32 | 00,000,020 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/12/03 16:28:31 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:23:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/03 16:22:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 16:18:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 16:06:01 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/12/02 21:02:39 | 00,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/02 21:02:24 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
[2009/12/02 20:28:11 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/12/02 16:32:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/01 20:42:53 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-182332.backup
[2009/12/01 11:30:00 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/01 00:39:54 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/01 00:04:11 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/30 23:26:10 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/30 23:15:04 | 00,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/30 23:14:54 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/30 21:37:33 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-204253.backup
[2009/11/30 20:48:25 | 00,139,264 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpzjrd01.dll
[2009/11/29 11:33:53 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/29 08:24:02 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/28 11:14:16 | 00,004,095 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/28 10:59:20 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-213733.backup
[2009/11/28 10:56:41 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105920.backup
[2009/11/28 10:55:00 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105641.backup
[2009/11/28 10:54:02 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105500.backup
[2009/11/28 10:24:15 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:15:24 | 00,176,731 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2009/11/28 10:06:01 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/11/28 10:05:10 | 00,002,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:57:27 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/11/27 22:15:58 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:00:47 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:47 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:40 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 21:29:00 | 00,001,835 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:19:03 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/27 21:18:32 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/26 10:10:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files Created - No Company Name ==========

[2009/12/08 21:55:07 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\avenger.exe
[2009/12/08 16:06:01 | 46,376,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2009/12/08 16:05:21 | 00,122,143 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg.prepare
[2009/12/07 16:11:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/07 16:11:36 | 00,260,096 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/07 16:11:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/07 16:11:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/07 16:11:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/05 17:56:48 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\NTREGOPT.lnk
[2009/12/05 17:56:48 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ERUNT.lnk
[2009/12/03 16:28:31 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:22:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 01:55:46 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/12/03 01:54:31 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/12/03 01:53:29 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/12/03 01:53:10 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/12/02 21:10:57 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Windows Messenger.lnk
[2009/12/01 00:39:54 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 23:14:54 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/29 11:39:05 | 00,002,253 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPSU_48BitScanUpdate.log
[2009/11/29 11:33:53 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/28 10:24:15 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:49:09 | 00,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
[2009/11/28 09:49:09 | 00,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
[2009/11/27 22:15:58 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:13:49 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 22:00:47 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:36 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:30 | 46,334,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/27 22:00:30 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 22:00:30 | 00,116,698 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/27 21:28:57 | 00,001,835 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:28:55 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/27 21:20:09 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/27 21:20:08 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/11/27 21:20:07 | 05,767,168 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/11/27 21:18:28 | 00,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2009/11/27 21:18:28 | 00,001,471 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/11/27 21:18:28 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/07/18 02:19:16 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/18 02:19:15 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/05/30 17:06:31 | 00,000,078 | ---- | C] () -- C:\WINDOWS\DUXBURY.INI
[2009/04/23 05:24:16 | 00,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2008/04/26 11:40:49 | 00,000,157 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/04/26 11:39:32 | 00,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/12/31 15:24:20 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/16 11:49:38 | 14,459,752 | ---- | C] () -- C:\Program Files\bloodgulch.map
[2007/08/11 15:16:20 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/08/11 15:10:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/07/14 15:40:30 | 00,000,716 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2007/07/14 15:40:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/04/30 17:19:50 | 00,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/17 17:22:37 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/04/14 02:23:32 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/31 13:12:11 | 00,000,482 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/09/30 17:38:58 | 01,483,776 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[2006/08/11 19:40:23 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 19:40:06 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/11 18:31:02 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/11 18:27:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/07 04:15:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 03:50:22 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 03:45:07 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 03:44:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 03:42:32 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 03:39:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 03:29:15 | 00,004,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 03:27:51 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 03:12:14 | 00,003,257 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 03:11:10 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 03:07:07 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 02:43:41 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 02:43:41 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 02:43:22 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 15:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 08:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/06 16:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/12/04 04:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/28 10:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/03/07 03:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/08/16 15:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/10/01 22:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2008/05/12 21:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/25 15:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2008/12/25 22:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/12/25 22:53:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2007/10/18 20:21:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/16 15:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2008/08/31 12:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/03/27 23:17:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhraseExpress
[2009/07/21 23:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/09/29 20:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/03 16:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/09/08 11:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/11/30 23:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/08/24 20:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Online
[2009/06/09 21:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/27 21:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/06 20:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/14 08:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/12/08 22:37:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< >

< :Files >

< c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\uqdhon >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE3CF4E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

#18
cronemage

Posted 08 December 2009 - 10:47 PM

Member

Topic Starter
Member
20 posts

BTW, I'm still getting new tabs popping up in Foxfire.

#19
Perplexus

Posted 09 December 2009 - 07:42 AM

Lord of the Geeks

Malware Removal
1,185 posts

Ok, we're going to give ComboFix another shot before we move on to yet another way to skin this cat

Delete ComboFix from your desktop and let's get a fresh copy.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#20
cronemage

Posted 09 December 2009 - 12:28 PM

Member

Topic Starter
Member
20 posts

ComboFix 09-12-08.07 - HP_Administrator 12/09/2009 11:59:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.606 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator.STEPH\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-08 22:03 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2009-12-05 23:56 . 2009-12-05 23:56 -------- d-----w- c:\program files\ERUNT
2009-12-05 16:54 . 2009-12-05 16:54 -------- d-----w- C:\_OTL
2009-12-04 10:40 . 2009-12-04 10:40 -------- d-sh--w- c:\documents and settings\HP_Administrator.STEPH\PrivacIE
2009-12-03 22:28 . 2009-12-03 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-12-03 22:08 . 2009-12-03 22:08 -------- d-----w- c:\windows\system32\scripting
2009-12-03 22:08 . 2009-12-03 22:08 -------- d-----w- c:\windows\system32\en
2009-12-03 07:56 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-12-03 07:55 . 2004-08-04 03:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-03 07:54 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-03 07:53 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\faxpatch.exe
2009-12-03 03:04 . 2009-12-03 03:04 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\MSNInstaller
2009-12-03 03:00 . 2009-12-03 11:16 -------- d-----w- C:\95f68d2ffe30c13af7d76c3b3815
2009-12-03 02:41 . 2009-12-03 02:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-03 02:30 . 2008-04-15 15:17 295424 ------w- c:\windows\system32\dllcache\termsrv.dll
2009-12-02 21:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-02 21:53 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-02 21:53 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-02 21:53 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-02 21:53 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-02 21:53 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-02 21:53 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-02 21:53 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-02 21:53 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-02 21:53 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-02 21:53 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-02 21:53 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-02 21:53 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-02 21:51 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-02 21:50 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-02 21:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-02 21:50 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-02 21:49 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-02 21:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-02 21:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-01 06:40 . 2009-12-01 06:40 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Malwarebytes
2009-12-01 06:39 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 06:39 . 2009-12-01 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 06:39 . 2009-12-05 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 06:39 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 06:21 . 2009-12-01 06:21 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HPQ
2009-12-01 05:23 . 2009-12-01 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SBT
2009-12-01 05:23 . 2009-12-01 05:23 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-01 05:12 . 2009-12-01 05:12 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
2009-11-29 17:27 . 2009-12-01 02:49 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HpUpdate
2009-11-29 17:27 . 2009-11-29 17:27 -------- d-----w- c:\windows\Hewlett-Packard
2009-11-29 15:27 . 2009-11-30 23:54 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
2009-11-29 15:19 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-29 15:19 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-29 03:08 . 2009-11-29 03:08 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Yahoo!
2009-11-29 03:08 . 2009-12-03 11:27 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HPAppData
2009-11-28 16:17 . 2009-11-28 16:17 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HP
2009-11-28 16:15 . 2009-11-28 16:15 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
2009-11-28 16:08 . 2007-01-17 16:37 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 16:08 . 2007-01-17 16:37 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 16:07 . 2007-11-06 01:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-11-28 16:07 . 2007-11-06 01:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-11-28 16:07 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 16:07 . 2007-01-17 16:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 16:06 . 2007-10-31 10:35 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2009-11-28 16:06 . 2007-10-31 10:35 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2009-11-28 16:06 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 16:06 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-11-28 16:06 . 2007-01-17 16:31 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 15:52 . 2009-11-28 15:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-28 08:01 . 2009-11-28 08:01 -------- d-sh--w- c:\documents and settings\HP_Administrator.STEPH\UserData
2009-11-28 05:13 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-28 05:12 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-28 05:12 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-28 05:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-28 04:13 . 2009-11-28 04:13 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
2009-11-28 04:12 . 2009-11-28 04:12 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
2009-11-28 04:01 . 2009-11-28 04:01 -------- d-----w- C:\$AVG
2009-11-28 04:00 . 2009-11-28 04:00 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 04:00 . 2009-11-28 04:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-28 04:00 . 2009-11-28 04:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 04:00 . 2009-11-28 04:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 04:00 . 2009-12-08 22:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-28 04:00 . 2009-12-04 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-28 04:00 . 2009-11-28 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-28 03:52 . 2009-11-28 03:52 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
2009-11-28 03:43 . 2009-12-08 22:47 -------- d-sh--r- c:\windows\system32\dllcache
2009-11-28 03:30 . 2009-11-28 03:30 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\PhraseExpress
2009-11-28 03:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-28 03:19 . 2006-03-07 09:44 51976 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 03:19 . 2006-03-07 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-11-28 03:19 . 2006-03-07 08:46 136 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
2009-11-28 03:18 . 2006-03-07 10:06 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-11-28 03:18 . 2006-03-07 10:06 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2009-11-28 03:18 . 2006-03-07 09:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-11-28 03:18 . 2006-03-07 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-11-28 03:18 . 2006-03-07 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Wildtangent
2009-11-28 03:18 . 2006-03-07 08:51 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2009-11-24 02:07 . 2009-11-24 02:07 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2009-11-17 23:53 . 2009-11-17 23:53 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\program files\Conduit
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Conduit
2009-11-17 00:47 . 2009-11-17 14:12 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\XfireXO
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\program files\XfireXO
2009-11-12 00:39 . 2009-11-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-11-12 00:14 . 2007-11-07 02:04 1373528 ----a-r- c:\windows\hpzshl01.exe
2009-11-12 00:14 . 2008-01-07 14:10 10563 ----a-r- c:\windows\hpwscr19.dat
2009-11-12 00:14 . 2007-11-07 02:15 1140056 ----a-r- c:\windows\hpzmsi01.exe
2009-11-12 00:13 . 2009-11-12 00:14 -------- d-----w- c:\windows\yellowtail
2009-11-12 00:10 . 2009-11-28 16:15 176731 ----a-w- c:\windows\hpwins19.dat
2009-11-12 00:10 . 2008-01-07 14:08 997 ----a-r- c:\windows\hpwmdl19.dat
2009-11-09 22:44 . 2009-11-09 22:44 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\SupportSoft
2009-11-09 22:43 . 2009-11-09 22:43 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-09 22:43 . 2009-11-09 22:43 -------- d-----w- c:\program files\ComcastUI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 17:51 . 2004-08-10 04:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-09 17:34 . 2006-03-07 09:42 -------- d-----w- c:\program files\Quicken
2009-12-05 23:59 . 2009-12-05 23:59 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 23:54 . 2006-03-07 09:26 83312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 22:35 . 2007-12-15 19:02 58 ---h--w- c:\windows\popcreg.dat
2009-12-03 22:35 . 2007-12-15 19:02 20 ----a-w- c:\windows\popcinfot.dat
2009-12-03 22:28 . 2007-12-15 19:02 -------- d-----w- c:\program files\PopCap Games
2009-12-03 22:12 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-03 22:12 . 2009-12-03 22:12 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-12-03 22:12 . 2009-12-03 22:12 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-12-03 22:12 . 2009-12-03 22:12 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-12-03 22:12 . 2009-12-03 22:12 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-12-03 22:12 . 2009-12-03 22:12 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-12-03 22:12 . 2009-12-03 22:12 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-12-03 22:12 . 2009-12-03 22:12 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-12-03 22:12 . 2009-12-03 22:12 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-12-03 22:12 . 2009-12-03 22:12 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-12-03 00:59 . 2009-11-28 16:19 152576 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 00:57 . 2009-11-28 16:18 79488 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-01 05:22 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage
2009-12-01 02:48 . 2005-01-25 01:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-12-01 02:45 . 2006-03-07 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-29 14:24 . 2009-11-28 03:20 145 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
2009-11-29 03:08 . 2006-08-10 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-28 16:55 . 2008-12-10 01:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:24 . 2008-12-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-28 16:15 . 2006-03-07 09:50 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-11-28 16:02 . 2006-03-07 09:34 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-28 15:59 . 2008-11-27 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-28 04:15 . 2008-01-16 02:56 -------- d-----w- c:\program files\QuickTime
2009-11-28 04:14 . 2007-08-16 02:10 -------- d-----w- c:\program files\Common Files\Apple
2009-11-28 04:13 . 2007-04-08 20:52 -------- d-----w- c:\program files\Apple Software Update
2009-11-28 04:01 . 2008-05-13 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-28 04:00 . 2009-12-01 04:34 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-28 04:00 . 2009-12-01 04:34 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-28 04:00 . 2009-12-01 04:33 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-28 04:00 . 2009-12-01 04:33 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-28 04:00 . 2008-05-13 04:16 -------- d-----w- c:\program files\AVG
2009-11-28 03:49 . 2006-03-07 09:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 03:49 . 2006-03-07 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-28 03:39 . 2006-03-07 09:29 -------- d-----w- c:\program files\WildTangent
2009-11-28 03:39 . 2006-03-07 08:46 -------- d-----w- c:\program files\GemMaster
2009-11-28 03:29 . 2009-11-28 03:28 1835 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
2009-11-24 01:16 . 2007-01-09 16:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-22 20:51 . 2007-10-07 03:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ZoomBrowser EX
2009-11-22 20:47 . 2007-10-07 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-22 06:25 . 2008-06-11 21:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xfire
2009-11-19 17:48 . 2009-12-01 06:04 872960 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 17:48 . 2009-12-01 06:04 43008 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 17:48 . 2009-12-01 06:04 340480 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 17:48 . 2009-12-01 06:04 346624 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-15 23:21 . 2009-01-20 04:42 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-13 08:25 . 2009-11-17 00:47 52224 ------w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-11-13 08:25 . 2009-11-17 00:47 114688 ------w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-11-11 10:54 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GameHouse
2009-11-11 10:54 . 2008-05-13 04:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2009-11-02 03:27 . 2008-09-20 01:28 -------- d-----w- c:\program files\Windows Live
2009-11-02 03:25 . 2008-08-05 01:56 -------- d-----w- c:\program files\MIcrosoft
2009-10-16 18:12 . 2009-11-28 08:01 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-12-10 02:21 . 2007-09-16 17:49 14459752 ----a-w- c:\program files\bloodgulch.map
.

------- Sigcheck -------

[-] 2009-12-09 . 1494C60EE680E8E79A2D3E25D5FE50FF . 96512 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[7] 2009-12-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-28 2020120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\MCX2\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PhraseExpress.lnk - c:\program files\PhraseExpress\phraseexpress.exe [2009-3-8 3794256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-28 04:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\PhraseExpress\\phraseexpress.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/27/2009 10:00 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/27/2009 10:00 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/27/2009 10:00 PM 285392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
QWAVE REG_MULTI_SZ QWAVE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 12:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F71618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76acf28
\Driver\ACPI -> ACPI.sys @ 0xf751fcb8
\Driver\atapi -> atapi.sys @ 0xf73dc7b4
\Driver\iaStor -> iaStor.sys @ 0xf7400b10
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf728dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf729aa21
SendHandler -> NDIS.sys @ 0xf727887b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\ARPWRMSG.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2009-12-09 12:24:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-09 18:24

Pre-Run: 154,387,468,288 bytes free
Post-Run: 154,361,352,192 bytes free

- - End Of File - - A51526E906D46390F4641A911E020EEF

#21
Perplexus

Posted 09 December 2009 - 07:35 PM

Lord of the Geeks

Malware Removal
1,185 posts

Ok, we're going to try something else.

------------------
Step 1:
------------------

We will have to create a small 'fix CD' to solve this problem.
Please download RC.ISO and save it somewhere you can find it.
Also download MagicISO and install it.

Start MagicISO. You should see a window informing you about the full version of MagicISO.
In the bottom right select Try It! and the program will open.
Click on File and then on Open and navigate to the RC.ISO file you downloaded. Select it, and click Open.

First, we'll need to add a clean version of atapi.sys to the current RC.ISO

In the upper right pane, double click on the i386 folder.
Right click in the upper right pane and select Add Files...
Navigate to C: and select atapi.sys
Then click Open to add atapi.sys to the CD image.
Click File and select Save As...
Name the file RCplus and save it somewhere you can find it.

Next, we'll need to burn the newly created image to a disk that we can use to fix the problem.

Put a blank CD-R disk in your CD burner and close the tray. If an AutoPlay window opens, close it.
Click on Tools and select Burn CD/DVD with ISO.... A window will appear.
Click on the little folder to the right of CD/DVD Image File then navigate to the newly created RCplus.iso Image file and click Open.
In the CD/DVD Writing Speed drop-down menu choose the 8X setting.
Under Format make sure that Mode 1 is selected.
And finally, click on the Burn it! button to burn RCplus.iso to disk.

Once the disk is burned, put it in the machine you want to fix and restart it.
Boot to the CD just as you would with a Windows XP disk.
At the Welcome to Setup screen, press R to enter the Recovery Console.
Choose the installation to be repaired by number (usually 1) and press Enter.
When you are asked for the Administrator password, enter the password or leave it blank (default) and press Enter.

At the C:\Windows> prompt, type the following commands pressing Enter after each one. Note: Watch the spaces.

D:
cd i386
copy atapi.sys c:\windows\system32\Drivers
exit

After putting in the third command, you should receive the message 1 file copied which will indicate that the operation succeeded.
Now take out the CD and reboot your computer to normal mode.

------------------
Step 2:
------------------

Run OTL again using the following custom scan

/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
/md5stop

------------------
Step 3:
------------------

Please post back with the following:

How your machine is running
OTL log

#22
cronemage

Posted 09 December 2009 - 07:54 PM

Member

Topic Starter
Member
20 posts

I'll have to go get a blank CD. Might take a bit as I have the flu and also there was a blizzard. Probably won't be able to get it tonight, but I will see what I can do. Thanks for your patience.

#23
Perplexus

Posted 09 December 2009 - 07:56 PM

Lord of the Geeks

Malware Removal
1,185 posts

Not a problem. Get some rest, I'll still be here

#24
Perplexus

Posted 09 December 2009 - 08:18 PM

Lord of the Geeks

Malware Removal
1,185 posts

Since you don't have a blank disc yet, I got some advice from a colleague. So let's give this a try:

------------------
Step 1:
------------------

1. Right-click My Computer, and then click Properties.
-or-
Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, click Settings under Startup and Recovery.
3. Under System Startup, make sure Time to display list of operating systems is checked and set to 8 seconds.
4. Make sure Time to display recovery options when needed is checked and set to 30 seconds.
5. Hit Ok and then Ok again.

------------------
Step 2:
------------------

We need to create a clean copy of the file we are going to replace.

Open notepad and copy/paste the text in the code box below into it.

@echo off
copy C:\WINDOWS\ServicePackFiles\i386\atapi.sys C:\atapi.sys
del %0
exit

Click File > Save As... and in the dropdown box for Save as type select All Files
Then in the File name box type copy.bat and hit Save

This will create a batch file name copy.bat on your desktop.

Double click copy.bat to run it. You may see a black box appear, this is normal.

------------------
Step 3:
------------------

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'
5. At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):

cd \

copy c:\atapi.sys c:\windows\system32\drivers\
6. Type y to the prompt and press 'Enter'.
7. Type exit and press 'Enter'. Your computer should reboot.

------------------
Step 4:
------------------

Run OTL again using the following custom scan

/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
/md5stop

------------------
Step 5:
------------------

Please post back with the following:

How your machine is running
OTL log

#25
cronemage

Posted 09 December 2009 - 09:25 PM

Member

Topic Starter
Member
20 posts

Well, I finally got the console option screen, but when I chose the recovery console I got the following message:

file \minint\system32\biosinfo.inf could not be loaded. The error code is 14. Setup cannot continue.

Argh.

#26
Perplexus

Posted 09 December 2009 - 09:46 PM

Lord of the Geeks

Malware Removal
1,185 posts

Let's try uninstalling the Recovery Console and re-installing it.

------------------
Step 1:
------------------

How to delete the Recovery Console
To delete the Recovery Console:

1. Restart your computer, click Start, click My Computer, and then double-click the hard disk where you installed the Recovery Console.
2. On the Tools menu, click Folder Options, and then click the View tab.
3. Click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
4. At the root folder, delete the Cmdcons folder and the Cmldr file.
5. At the root folder, right-click the Boot.ini file, and then click Properties.
6. Click to clear the Read-only check box, and then click OK.

Warning: Modifying the Boot.ini file incorrectly may prevent your computer from restarting. Make sure that you delete only the entry for the Recovery Console. Also, change the attribute for the Boot.ini file back to a read-only state after you finish this procedure. Open the Boot.ini file in Microsoft Windows Notepad, and remove the entry for the Recovery Console. It looks similar to this:
C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons
7. Save the file and close it.
8. Reboot.

------------------
Step 2:
------------------

Use the following steps to install and access the Microsoft® Windows® XP Recovery Console after Windows XP is already installed on your computer.

1. Open the Run dialog box.
* From the Windows XP default Start menu, click Run.
* From the classic Start menu, click Run.

2. In the Run dialog box, in the Open text box, type: C:\WINDOWS\i386\winnt32.exe /cmdcons, and then click OK.

3. In the Windows Setup dialog box, click OK.

4. In the next Windows Setup dialog box, to install the Recovery Console, click Yes.

5. Files copy. In the Windows Setup dialog box, to finish the installation, click OK.

=================================

See if you can access the recovery console.

#27
Perplexus

Posted 09 December 2009 - 10:15 PM

Lord of the Geeks

Malware Removal
1,185 posts

If you can access it, I've updated the instructions to replace the iastor.sys file as well (atapi.sys and iastor.sys need to be replaced at the same time)

Sorry for the confusion!

------------------
Step 1:
------------------

We need to create a clean copy of the file we are going to replace.

Open notepad and copy/paste the text in the code box below into it.

@echo off
copy C:\WINDOWS\ServicePackFiles\i386\atapi.sys C:\atapi.sys
copy C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys C:\iastor.sys
del %0
exit

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'
5. At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):

cd \

copy c:\atapi.sys c:\windows\system32\drivers\
copy c:\iastor.sys c:\windows\system32\drivers\
6. Type y to the prompt and press 'Enter'.
7. Type exit and press 'Enter'. Your computer should reboot.

------------------
Step 3:
------------------

Run OTL again using the following custom scan

/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
/md5stop

------------------
Step 4:
------------------

Please post back with the following:

How your machine is running
OTL log

#28
cronemage

Posted 10 December 2009 - 06:31 AM

Member

Topic Starter
Member
20 posts

So far, so good. Got everything to do what you asked. No google redirects nor new tabs popping up so far. Found out my email was compromised, but reset my passwords and put a seal on it. Just gets better and better lol. Here's the OTL log.

OTL logfile created on: 12/10/2009 6:07:58 AM - Run 5
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Documents and Settings\HP_Administrator.STEPH\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 321.16 Mb Available Physical Memory | 31.63% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.44 Gb Total Space | 143.51 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (RMSvc) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/01 02:02:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 02:26:57 | 00,000,000 | ---D | M]

[2009/11/27 21:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Extensions
[2009/12/09 12:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions
[2009/11/27 22:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/01 00:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/30 21:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/28 06:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\[email protected]
[2009/12/09 12:35:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 23:22:59 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 03:42:03 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/10 05:56:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/10 05:56:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/12/10 05:38:48 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/08 21:57:33 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/07 16:11:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/07 16:11:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/07 16:11:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/07 16:10:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/05 17:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/05 17:31:37 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:16:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/05 11:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\GooredFix Backups
[2009/12/05 10:54:04 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/05 10:41:35 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/04 04:40:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrivacIE
[2009/12/03 16:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/12/03 16:18:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/03 16:08:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/12/03 16:02:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/03 06:01:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\IETldCache
[2009/12/03 05:30:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/02 21:11:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Received Files
[2009/12/02 21:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\MSNInstaller
[2009/12/02 21:00:07 | 00,000,000 | ---D | C] -- C:\95f68d2ffe30c13af7d76c3b3815
[2009/12/02 20:41:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/02 15:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/02 12:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/01 00:40:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Malwarebytes
[2009/12/01 00:39:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/01 00:39:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 00:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/01 00:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPQ
[2009/11/30 23:29:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/11/30 23:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/11/30 23:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Snapshot Viewer
[2009/11/30 23:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
[2009/11/29 11:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HpUpdate
[2009/11/29 11:27:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/11/29 09:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
[2009/11/28 21:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Yahoo!
[2009/11/28 21:08:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPAppData
[2009/11/28 10:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HP
[2009/11/28 10:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
[2009/11/28 09:52:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/28 06:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Sun
[2009/11/28 02:01:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\UserData
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Macromedia
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Adobe
[2009/11/27 22:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
[2009/11/27 22:12:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
[2009/11/27 22:01:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/27 22:00:47 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:40 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/27 22:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/27 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/27 21:55:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\Downloads
[2009/11/27 21:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
[2009/11/27 21:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla
[2009/11/27 21:43:41 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/27 21:30:39 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Recent
[2009/11/27 21:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\PhraseExpress
[2009/11/27 21:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\PhraseExpress
[2009/11/27 21:20:08 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\SendTo
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Start Menu
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Videos
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Pictures
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Music
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Favorites
[2009/11/27 21:20:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Cookies
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Templates
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrintHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\NetHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\WINDOWS
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Wildtangent
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Real
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Intuit
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Identities
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Google
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\ApplicationHistory
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2005/09/24 09:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2009/12/10 06:07:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job
[2009/12/10 06:05:55 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ9Ÿ9
[2009/12/10 06:05:06 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/10 06:03:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 06:03:39 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/10 06:03:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/10 05:58:03 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/12/10 05:58:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/12/10 05:56:27 | 00,000,283 | RHS- | M] () -- C:\boot.ini
[2009/12/10 05:41:52 | 00,000,212 | RHS- | M] () -- C:\BOOT.BAK
[2009/12/10 03:30:54 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 03:30:54 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 03:30:54 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 03:09:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/10 02:00:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 16:32:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/09 14:33:04 | 46,405,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/09 14:32:40 | 00,122,177 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/09 12:15:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/09 12:14:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/09 11:45:53 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Shortcut to ComboFix.lnk
[2009/12/09 11:44:34 | 03,847,337 | R--- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ComboFix.exe
[2009/12/09 11:34:18 | 00,000,031 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2009/12/05 17:56:48 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\NTREGOPT.lnk
[2009/12/05 17:56:48 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ERUNT.lnk
[2009/12/05 17:31:37 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:41:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091207-160708.backup
[2009/12/05 10:41:35 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/03 21:09:38 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091205-103327.backup
[2009/12/03 18:23:32 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-210938.backup
[2009/12/03 17:40:41 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 17:39:29 | 01,577,792 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\IconCache.db
[2009/12/03 16:35:32 | 00,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2009/12/03 16:35:32 | 00,000,020 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/12/03 16:28:31 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:23:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/03 16:22:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 16:18:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 16:06:01 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/12/02 21:02:39 | 00,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/02 21:02:24 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
[2009/12/02 20:28:11 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/12/01 20:42:53 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-182332.backup
[2009/12/01 11:30:00 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/01 00:39:54 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/01 00:04:11 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/30 23:26:10 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/30 23:15:04 | 00,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/30 23:14:54 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/30 21:37:33 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-204253.backup
[2009/11/30 20:48:25 | 00,139,264 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpzjrd01.dll
[2009/11/29 11:33:53 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/29 08:24:02 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/28 11:14:16 | 00,004,095 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/28 10:59:20 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-213733.backup
[2009/11/28 10:56:41 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105920.backup
[2009/11/28 10:55:00 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105641.backup
[2009/11/28 10:54:02 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105500.backup
[2009/11/28 10:24:15 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:15:24 | 00,176,731 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2009/11/28 10:06:01 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/11/28 10:05:10 | 00,002,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:57:27 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/11/27 22:15:58 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:00:47 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:47 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:40 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 21:29:00 | 00,001,835 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:19:03 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/27 21:18:32 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/26 10:10:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files Created - No Company Name ==========

[2009/12/10 06:05:55 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ9Ÿ9
[2009/12/10 05:56:24 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2009/12/09 11:45:53 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Shortcut to ComboFix.lnk
[2009/12/09 11:44:34 | 03,847,337 | R--- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ComboFix.exe
[2009/12/08 21:55:07 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\avenger.exe
[2009/12/07 16:11:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/07 16:11:36 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/07 16:11:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/07 16:11:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/07 16:11:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/05 17:56:48 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\NTREGOPT.lnk
[2009/12/05 17:56:48 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ERUNT.lnk
[2009/12/03 16:28:31 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:22:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 01:55:46 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/12/03 01:54:31 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/12/03 01:53:29 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/12/03 01:53:10 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/12/02 21:10:57 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Windows Messenger.lnk
[2009/12/01 00:39:54 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 23:14:54 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/29 11:39:05 | 00,002,253 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPSU_48BitScanUpdate.log
[2009/11/29 11:33:53 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/28 10:24:15 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:49:09 | 00,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
[2009/11/28 09:49:09 | 00,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
[2009/11/27 22:15:58 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:13:49 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 22:00:47 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:36 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:30 | 46,405,649 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/27 22:00:30 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 22:00:30 | 00,122,177 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/27 21:28:57 | 00,001,835 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:28:55 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/27 21:20:09 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/27 21:20:08 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/11/27 21:20:07 | 06,029,312 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/11/27 21:18:28 | 00,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2009/11/27 21:18:28 | 00,001,471 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/11/27 21:18:28 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/07/18 02:19:16 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/18 02:19:15 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/05/30 17:06:31 | 00,000,078 | ---- | C] () -- C:\WINDOWS\DUXBURY.INI
[2009/04/23 05:24:16 | 00,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2008/04/26 11:40:49 | 00,000,157 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/04/26 11:39:32 | 00,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/12/31 15:24:20 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/16 11:49:38 | 14,459,752 | ---- | C] () -- C:\Program Files\bloodgulch.map
[2007/08/11 15:16:20 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/08/11 15:10:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/07/14 15:40:30 | 00,000,716 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2007/07/14 15:40:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/04/30 17:19:50 | 00,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/17 17:22:37 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/04/14 02:23:32 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/31 13:12:11 | 00,000,482 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/09/30 17:38:58 | 01,483,776 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[2006/08/11 19:40:23 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 19:40:06 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/11 18:31:02 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/11 18:27:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/07 04:15:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 03:50:22 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 03:45:07 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 03:44:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 03:42:32 | 00,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 03:39:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 03:29:15 | 00,004,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 03:27:51 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 03:12:14 | 00,003,257 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 03:11:10 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 03:07:07 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 02:43:41 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 02:43:41 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 02:43:22 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 15:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 08:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/06 16:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/12/04 04:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/28 10:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/03/07 03:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/08/16 15:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/10/01 22:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2008/05/12 21:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/25 15:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2008/12/25 22:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/12/25 22:53:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2007/10/18 20:21:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/16 15:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2008/08/31 12:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/03/27 23:17:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhraseExpress
[2009/07/21 23:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/09/29 20:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/03 16:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/09/08 11:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/11/30 23:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/08/24 20:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Online
[2009/06/09 21:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/27 21:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/06 20:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/14 08:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/12/10 06:07:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2009/12/03 06:39:32 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/09 22:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 18:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 18:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\autochk.exe
[2008/04/13 18:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/09 15:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\cmdcons\autochk.exe
[2004/08/09 14:00:00 | 00,588,800 | ---- | M] () MD5=B3415B9D6026F65E43089ABED096C38C -- C:\RECYCLER\S-1-5-21-2111036070-2844673818-1438337608-1008\Dc1\autochk.exe
[2004/08/10 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004/08/09 15:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\I386\AUTOCHK.EXE

< MD5 for: BEEP.SYS >
[2004/08/09 22:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/09 22:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/09 22:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 05:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/09 22:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IASTOR.SYS >
[2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: IMM32.DLL >
[2008/04/13 18:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/13 18:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 18:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[2008/04/13 18:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/09 22:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 10:07:27 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 04:57:10 | 00,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 07:54:07 | 00,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2009/03/21 07:54:07 | 00,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll
[2004/08/09 22:00:00 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2009/03/21 08:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 08:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 08:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 18:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 18:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[2009/03/21 07:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 11:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 11:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\mswsock.dll
[2008/06/20 11:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/09 22:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 18:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 18:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
[2008/06/20 11:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 13:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 13:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 13:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[2008/04/13 13:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/09 22:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/09 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 05:23:36 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
[2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/09 15:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\ntfs.sys
[2004/08/09 14:00:00 | 00,574,592 | ---- | M] () MD5=B78BE402C3F63DD55521F73876951CDD -- C:\RECYCLER\S-1-5-21-2111036070-2844673818-1438337608-1008\Dc1\ntfs.sys
[2004/08/10 05:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/09 15:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\I386\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
[2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/09 22:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/09 22:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 18:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 18:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe
[2008/04/13 18:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/09 22:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/09 22:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 18:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 18:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 18:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[2008/04/13 18:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/09 22:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2005/06/10 18:17:13 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/09 22:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/09 22:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/04/15 09:17:37 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=7A014D2211FF90C76F20B776822B332E -- C:\WINDOWS\$hf_mig$\KB895961-v4\SP3QFE\termsrv.dll
[2008/04/15 09:17:37 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=7A014D2211FF90C76F20B776822B332E -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/15 09:17:37 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=7A014D2211FF90C76F20B776822B332E -- C:\WINDOWS\system32\dllcache\termsrv.dll
[2008/04/15 09:17:37 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=7A014D2211FF90C76F20B776822B332E -- C:\WINDOWS\system32\termsrv.dll
[2008/04/15 08:53:29 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=7A2A4B3082866B7437CFC78C3E0BDE7E -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2005/03/10 08:49:51 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=C29A5286E64D97385178452D5F307B98 -- C:\WINDOWS\$NtUninstallKB895961-v4_0$\termsrv.dll
[2008/04/13 18:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\$NtUninstallKB895961-v4$\termsrv.dll
[2008/04/13 18:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 18:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/09 22:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 18:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 18:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 18:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[2008/04/13 18:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/09 22:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
[2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/09 22:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE3CF4E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

#29
Perplexus

Posted 10 December 2009 - 07:48 AM

Lord of the Geeks

Malware Removal
1,185 posts

Very nice! Good job on that

Now let's do another ComboFix run to see how everything is looking before we proceed with the clean. By the way, if your email was compromised then you have to assume all your accounts have been compromised. If you do any online banking, you should change those passwords immediately from a clean machine.

Delete ComboFix from your desktop so we can download a fresh copy.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#30
cronemage

Posted 10 December 2009 - 09:22 AM

Member

Topic Starter
Member
20 posts

Here's the log:

ComboFix 09-12-09.04 - HP_Administrator 12/10/2009 9:08.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.475 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator.STEPH\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 11:57 . 2005-06-17 13:33 872064 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-12-10 11:57 . 2005-06-17 13:33 872064 ----a-w- C:\iastor.sys
2009-12-08 22:03 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-08 22:03 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2009-12-05 23:59 . 2009-12-05 23:59 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 23:56 . 2009-12-05 23:56 -------- d-----w- c:\program files\ERUNT
2009-12-05 16:54 . 2009-12-05 16:54 -------- d-----w- C:\_OTL
2009-12-04 10:40 . 2009-12-04 10:40 -------- d-sh--w- c:\documents and settings\HP_Administrator.STEPH\PrivacIE
2009-12-03 22:28 . 2009-12-03 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-12-03 22:08 . 2009-12-03 22:08 -------- d-----w- c:\windows\system32\scripting
2009-12-03 22:08 . 2009-12-03 22:08 -------- d-----w- c:\windows\system32\en
2009-12-03 07:56 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-12-03 07:55 . 2004-08-04 03:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-03 07:54 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-03 07:53 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\faxpatch.exe
2009-12-03 03:04 . 2009-12-03 03:04 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\MSNInstaller
2009-12-03 03:00 . 2009-12-03 11:16 -------- d-----w- C:\95f68d2ffe30c13af7d76c3b3815
2009-12-03 02:41 . 2009-12-03 02:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-03 02:30 . 2008-04-15 15:17 295424 ------w- c:\windows\system32\dllcache\termsrv.dll
2009-12-02 21:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-02 21:53 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-02 21:53 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-02 21:53 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-02 21:53 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-02 21:53 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-02 21:53 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-02 21:53 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-02 21:53 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-02 21:53 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-02 21:53 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-02 21:53 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-02 21:53 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-02 21:51 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-02 21:50 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-02 21:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-02 21:50 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-02 21:49 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-02 21:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-02 21:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-01 06:40 . 2009-12-01 06:40 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Malwarebytes
2009-12-01 06:39 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 06:39 . 2009-12-01 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 06:39 . 2009-12-05 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 06:39 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 06:21 . 2009-12-01 06:21 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HPQ
2009-12-01 06:04 . 2009-11-19 17:48 43008 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 06:04 . 2009-11-19 17:48 872960 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 06:04 . 2009-11-19 17:48 340480 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 06:04 . 2009-11-19 17:48 346624 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 05:23 . 2009-12-01 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SBT
2009-12-01 05:23 . 2009-12-01 05:23 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-01 05:12 . 2009-12-01 05:12 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
2009-12-01 04:34 . 2009-11-28 04:00 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-01 04:34 . 2009-11-28 04:00 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-12-01 04:33 . 2009-11-28 04:00 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-01 04:33 . 2009-11-28 04:00 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-29 17:27 . 2009-12-01 02:49 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HpUpdate
2009-11-29 17:27 . 2009-11-29 17:27 -------- d-----w- c:\windows\Hewlett-Packard
2009-11-29 15:27 . 2009-11-30 23:54 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
2009-11-29 15:19 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-29 15:19 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-29 03:08 . 2009-11-29 03:08 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Yahoo!
2009-11-29 03:08 . 2009-12-03 11:27 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HPAppData
2009-11-28 16:19 . 2009-12-03 00:59 152576 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 16:18 . 2009-12-03 00:57 79488 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-28 16:17 . 2009-11-28 16:17 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HP
2009-11-28 16:15 . 2009-11-28 16:15 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
2009-11-28 16:08 . 2007-01-17 16:37 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 16:08 . 2007-01-17 16:37 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 16:07 . 2007-11-06 01:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-11-28 16:07 . 2007-11-06 01:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-11-28 16:07 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 16:07 . 2007-01-17 16:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 16:06 . 2007-10-31 10:35 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2009-11-28 16:06 . 2007-10-31 10:35 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2009-11-28 16:06 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 16:06 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-11-28 16:06 . 2007-01-17 16:31 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 15:52 . 2009-11-28 15:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-28 08:01 . 2009-11-28 08:01 -------- d-sh--w- c:\documents and settings\HP_Administrator.STEPH\UserData
2009-11-28 08:01 . 2009-10-16 18:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-28 05:13 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-28 05:12 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-28 05:12 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-28 05:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-28 04:13 . 2009-11-28 04:13 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
2009-11-28 04:12 . 2009-11-28 04:12 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
2009-11-28 04:01 . 2009-11-28 04:01 -------- d-----w- C:\$AVG
2009-11-28 04:00 . 2009-11-28 04:00 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 04:00 . 2009-11-28 04:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-28 04:00 . 2009-11-28 04:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 04:00 . 2009-11-28 04:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 04:00 . 2009-12-09 20:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-28 04:00 . 2009-12-04 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-28 04:00 . 2009-11-28 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-28 03:52 . 2009-11-28 03:52 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
2009-11-28 03:43 . 2009-12-10 09:09 -------- d-sh--r- c:\windows\system32\dllcache
2009-11-28 03:30 . 2009-11-28 03:30 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\PhraseExpress
2009-11-28 03:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-28 03:19 . 2006-03-07 09:44 51976 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 03:19 . 2006-03-07 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-11-28 03:19 . 2006-03-07 08:46 136 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
2009-11-28 03:18 . 2006-03-07 10:06 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-11-28 03:18 . 2006-03-07 10:06 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2009-11-28 03:18 . 2006-03-07 09:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-11-28 03:18 . 2006-03-07 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-11-28 03:18 . 2006-03-07 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Wildtangent
2009-11-28 03:18 . 2006-03-07 08:51 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2009-11-24 02:07 . 2009-11-24 02:07 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2009-11-17 23:53 . 2009-11-17 23:53 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\program files\Conduit
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Conduit
2009-11-17 00:47 . 2009-11-17 14:12 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\XfireXO
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\program files\XfireXO
2009-11-17 00:47 . 2009-11-13 08:25 52224 ------w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-11-17 00:47 . 2009-11-13 08:25 114688 ------w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-11-12 00:39 . 2009-11-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-11-12 00:14 . 2007-11-07 02:04 1373528 ----a-r- c:\windows\hpzshl01.exe
2009-11-12 00:14 . 2008-01-07 14:10 10563 ----a-r- c:\windows\hpwscr19.dat
2009-11-12 00:14 . 2007-11-07 02:15 1140056 ----a-r- c:\windows\hpzmsi01.exe
2009-11-12 00:13 . 2009-11-12 00:14 -------- d-----w- c:\windows\yellowtail
2009-11-12 00:10 . 2009-11-28 16:15 176731 ----a-w- c:\windows\hpwins19.dat
2009-11-12 00:10 . 2008-01-07 14:08 997 ----a-r- c:\windows\hpwmdl19.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 17:34 . 2006-03-07 09:42 -------- d-----w- c:\program files\Quicken
2009-12-05 23:54 . 2006-03-07 09:26 83312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 22:35 . 2007-12-15 19:02 58 ---h--w- c:\windows\popcreg.dat
2009-12-03 22:35 . 2007-12-15 19:02 20 ----a-w- c:\windows\popcinfot.dat
2009-12-03 22:28 . 2007-12-15 19:02 -------- d-----w- c:\program files\PopCap Games
2009-12-03 22:12 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-03 22:12 . 2009-12-03 22:12 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-12-03 22:12 . 2009-12-03 22:12 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-12-03 22:12 . 2009-12-03 22:12 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-12-03 22:12 . 2009-12-03 22:12 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-12-03 22:12 . 2009-12-03 22:12 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-12-03 22:12 . 2009-12-03 22:12 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-12-03 22:12 . 2009-12-03 22:12 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-12-03 22:12 . 2009-12-03 22:12 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-12-03 22:12 . 2009-12-03 22:12 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-12-01 05:22 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage
2009-12-01 02:48 . 2005-01-25 01:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-12-01 02:45 . 2006-03-07 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-29 14:24 . 2009-11-28 03:20 145 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
2009-11-29 03:08 . 2006-08-10 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-28 16:55 . 2008-12-10 01:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:24 . 2008-12-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-28 16:15 . 2006-03-07 09:50 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-11-28 16:02 . 2006-03-07 09:34 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-28 15:59 . 2008-11-27 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-28 04:15 . 2008-01-16 02:56 -------- d-----w- c:\program files\QuickTime
2009-11-28 04:14 . 2007-08-16 02:10 -------- d-----w- c:\program files\Common Files\Apple
2009-11-28 04:13 . 2007-04-08 20:52 -------- d-----w- c:\program files\Apple Software Update
2009-11-28 04:01 . 2008-05-13 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-28 04:00 . 2008-05-13 04:16 -------- d-----w- c:\program files\AVG
2009-11-28 03:49 . 2006-03-07 09:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 03:49 . 2006-03-07 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-28 03:39 . 2006-03-07 09:29 -------- d-----w- c:\program files\WildTangent
2009-11-28 03:39 . 2006-03-07 08:46 -------- d-----w- c:\program files\GemMaster
2009-11-28 03:29 . 2009-11-28 03:28 1835 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
2009-11-24 01:16 . 2007-01-09 16:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-22 20:51 . 2007-10-07 03:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ZoomBrowser EX
2009-11-22 20:47 . 2007-10-07 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-22 06:25 . 2008-06-11 21:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xfire
2009-11-15 23:21 . 2009-01-20 04:42 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-11 10:54 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GameHouse
2009-11-11 10:54 . 2008-05-13 04:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2009-11-09 22:43 . 2009-11-09 22:43 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-09 22:43 . 2009-11-09 22:43 -------- d-----w- c:\program files\ComcastUI
2009-11-02 03:27 . 2008-09-20 01:28 -------- d-----w- c:\program files\Windows Live
2009-11-02 03:25 . 2008-08-05 01:56 -------- d-----w- c:\program files\MIcrosoft
2009-10-29 07:45 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 04:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 04:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 04:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 04:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-12-10 02:21 . 2007-09-16 17:49 14459752 ----a-w- c:\program files\bloodgulch.map
.

------- Sigcheck -------

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-12-07_22.38.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-10 12:04 . 2009-12-10 12:04 16384 c:\windows\Temp\Perflib_Perfdata_a3c.dat
+ 2005-08-31 04:07 . 2009-12-10 09:30 53640 c:\windows\system32\perfc009.dat
- 2005-08-31 04:07 . 2009-12-03 23:46 53640 c:\windows\system32\perfc009.dat
+ 2009-03-08 10:31 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 10:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2009-12-03 11:32 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-12-03 11:32 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-12-03 11:32 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-12-03 11:32 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-12-10 00:46 . 2009-12-09 23:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009120920091210\index.dat
+ 2009-12-10 00:46 . 2009-12-09 23:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009113020091207\index.dat
+ 2005-08-30 20:51 . 2009-12-10 11:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-12-07 22:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-09 21:29 . 2009-12-09 21:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2005-08-30 20:51 . 2009-12-10 11:46 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-09 13:43 . 2009-12-09 23:08 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-12-10 09:08 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-12-10 09:05 . 2009-12-10 09:10 5020 c:\windows\SoftwareDistribution\EventCache\{D1357D66-BAAE-461E-9196-A4DEBC108D1C}.bin
+ 2004-08-10 04:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
- 2005-08-31 04:07 . 2009-12-03 23:46 382022 c:\windows\system32\perfh009.dat
+ 2005-08-31 04:07 . 2009-12-10 09:30 382022 c:\windows\system32\perfh009.dat
- 2004-08-10 04:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
+ 2009-03-08 10:32 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
- 2009-03-08 10:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 04:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 04:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 04:00 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-12-03 11:32 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-12-03 11:32 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-12-03 11:32 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-12-03 11:32 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 04:00 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 04:00 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-12-03 12:06 . 2009-12-10 11:46 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-12-03 12:06 . 2009-12-07 22:18 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-10 09:08 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-10 09:08 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-10 09:08 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-10 09:08 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-10 09:08 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2004-08-10 04:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
- 2009-03-08 10:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-08 10:32 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-10 04:00 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 04:00 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
- 2009-12-03 11:32 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-03 11:32 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-10 09:08 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-12-03 11:23 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2009-03-08 10:39 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2009-12-03 11:32 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-10 09:08 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-28 2020120]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\MCX2\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PhraseExpress.lnk - c:\program files\PhraseExpress\phraseexpress.exe [2009-3-8 3794256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-28 04:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\PhraseExpress\\phraseexpress.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/27/2009 10:00 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/27/2009 10:00 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/27/2009 10:00 PM 285392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
QWAVE REG_MULTI_SZ QWAVE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 09:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\HP_ADM~1.STE\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-10 09:20:53
ComboFix-quarantined-files.txt 2009-12-10 15:20
ComboFix2.txt 2009-12-09 18:24

Pre-Run: 154,031,681,536 bytes free
Post-Run: 154,140,954,624 bytes free

- - End Of File - - 141ADB5940A2C1DF7ACDC6B3037B4D6C