Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus damage problems?

Started by kathgirl , Jun 10 2010 05:07 PM

  • Please log in to reply

#16
kathgirl
Posted 11 June 2010 - 06:10 PM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Combofix log:

ComboFix 10-06-10.06 - HP_Administrator 06/11/2010 19:26:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.596 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\mswintmp.dat
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Mozilla Firefox\extensions\{1EDCFC96-FDAB-4170-A4CE-6DDF01792909}
c:\program files\Mozilla Firefox\extensions\{1EDCFC96-FDAB-4170-A4CE-6DDF01792909}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1EDCFC96-FDAB-4170-A4CE-6DDF01792909}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{1EDCFC96-FDAB-4170-A4CE-6DDF01792909}\install.rdf
c:\windows\dhcp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Install.txt
c:\windows\run.log
c:\windows\SC.INS
c:\windows\system32\Thumbs.db
c:\windows\wiaservim.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-11 21:25 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-11 21:25 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-11 21:23 . 2010-06-11 21:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-11 21:21 . 2010-06-11 21:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-11 21:15 . 2010-06-11 21:15 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG9
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- C:\$AVG
2010-06-11 19:20 . 2010-06-11 20:59 -------- d-----w- C:\32788R22FWJFW(2)
2010-06-11 15:12 . 2010-06-11 15:12 -------- d-----w- C:\_OTL
2010-06-10 22:41 . 2010-06-11 20:59 -------- d-----w- c:\program files\ERUNT(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 22:38 . 2010-04-01 13:20 -------- d-----w- c:\program files\Opera
2010-06-11 22:22 . 2009-11-08 03:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2010-06-11 21:28 . 2006-10-08 08:21 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-11 21:14 . 2010-04-22 18:04 -------- d-----w- c:\program files\Coupons
2010-06-11 21:12 . 2009-02-02 16:04 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-06-11 21:12 . 2009-02-02 16:00 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-04-18 00:56 . 2005-08-31 19:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-18 00:55 . 2010-04-18 00:55 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-04-18 00:55 . 2010-04-18 00:55 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-04-18 00:55 . 2010-04-18 00:55 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-04-18 00:55 . 2010-04-18 00:55 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-04-18 00:55 . 2010-04-18 00:55 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-04-18 00:55 . 2010-04-18 00:55 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-04-18 00:55 . 2010-04-18 00:55 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-04-18 00:55 . 2010-04-18 00:55 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-04-18 00:35 . 2006-10-08 07:50 -------- d-----w- c:\program files\Common Files\Java
2010-03-16 14:31 . 2009-11-29 06:59 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 14:31 . 2010-03-16 14:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 14:31 . 2009-11-29 06:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 14:30 . 2009-11-29 06:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-22 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-8 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 14:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/29/2009 2:59 AM 242696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/29/2009 2:59 AM 216200]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 10:31 AM 308064]
S2 gupdate1ca72be14ecf34a;Google Update Service (gupdate1ca72be14ecf34a);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 1:16 PM 133104]
S3 cpuz128;cpuz128;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 sctdisk;sctdisk;\??\c:\windows\system32\sctdisk.sys --> c:\windows\system32\sctdisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:16]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:16]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 07:17]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 07:17]

2010-06-10 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-22 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-11 19:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\arservice.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehRecvr.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2010-06-11 19:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-11 23:45

Pre-Run: 139,003,785,216 bytes free
Post-Run: 139,113,095,168 bytes free

- - End Of File - - 37B4AB1EB96630BAD1D58C4A0C340384



OTL Log:

OTL logfile created on: 6/11/2010 8:05:03 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 414.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.54 Gb Total Space | 129.57 Gb Free Space | 74.23% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 4.79 Gb Free Space | 40.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOD
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:39:49 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 10:30:27 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/07 17:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/08 04:33:38 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/09/27 03:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/09/27 03:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/09/27 03:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/27 04:14:44 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/08/19 07:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 06:43:46 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:39:49 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 01:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 10:31:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/16 10:31:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 10:31:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 10:30:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/30 22:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/12/06 11:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005/11/03 10:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/30 01:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 08:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/04 10:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 11:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/18 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/10 00:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 21:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/16 01:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/16 01:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/16 01:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/04 16:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/06 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/11 19:02:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 19:02:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/04/22 14:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/11 17:19:50 | 000,000,000 | ---D | M]

[2009/03/27 16:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/02/14 20:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/02/22 11:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\extensions
[2010/02/21 22:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\extensions\nasanightlaunch@example(2).com
[2010/01/13 12:35:35 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\searchplugins\dogpile.xml
[2010/06/11 19:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 17:19:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/06/11 19:36:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/08 04:29:10 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/11 19:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/11 19:24:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/11 19:24:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/11 19:24:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/11 19:24:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/11 19:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/11 18:39:29 | 010,367,552 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\My Documents\Opera_1053_en_Setup.exe
[2010/06/11 17:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 17:15:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/11 17:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG9
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/06/11 15:20:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2010/06/11 14:55:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/11 11:12:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/10 18:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT(2)
[2010/06/10 13:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 18:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/04/22 14:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/17 21:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/17 20:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/01 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Opera
[2010/04/01 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Opera
[2010/04/01 09:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/03/16 20:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/03/16 10:31:05 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/06/11 19:56:28 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 19:56:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/06/11 19:56:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 19:45:37 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/11 19:36:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/11 19:36:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 19:36:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 19:36:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 19:36:29 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 19:35:35 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/06/11 19:35:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/06/11 19:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 19:02:44 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/11 18:40:05 | 010,367,552 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\My Documents\Opera_1053_en_Setup.exe
[2010/06/11 18:38:22 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/11 18:27:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008UA.job
[2010/06/11 17:22:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 16:52:03 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 11:27:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008Core.job
[2010/06/11 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/10 14:38:00 | 000,000,580 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/06/10 13:49:41 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.bak
[2010/06/09 23:10:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/14 22:19:37 | 000,060,734 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\deep red lily.jpg
[2010/05/12 10:38:16 | 000,017,450 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\stargazer.jpg
[2010/05/10 14:22:59 | 000,016,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 rosesh.jpg
[2010/05/10 14:22:15 | 000,014,207 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 roses.jpg
[2010/05/03 11:54:01 | 001,087,607 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\G Kemba.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/19 14:38:48 | 000,043,629 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Icelandic volcano.jpg
[2010/04/18 17:09:10 | 000,006,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\andale border.gif
[2010/04/18 15:54:24 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/18 15:54:24 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/17 20:48:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/31 21:29:09 | 000,000,374 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/03/21 15:27:45 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 10:47:34 | 000,486,747 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sent to Direct Loans.jpg
[2010/03/16 10:31:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 10:31:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 10:31:05 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 10:30:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/14 09:47:22 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/06/11 19:24:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/11 19:24:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/11 19:24:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/11 19:24:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/11 19:24:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/11 18:38:21 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/11 16:53:38 | 000,003,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\commonpriv.log
[2010/06/11 16:53:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\commonpriv.log.lock
[2010/06/10 18:45:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.tmp.LOG
[2010/05/14 22:19:34 | 000,060,734 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\deep red lily.jpg
[2010/05/12 10:38:12 | 000,017,450 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\stargazer.jpg
[2010/05/10 14:22:58 | 000,016,240 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 rosesh.jpg
[2010/05/10 14:22:12 | 000,014,207 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 roses.jpg
[2010/05/03 11:53:56 | 001,087,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\G Kemba.jpg
[2010/04/19 14:38:47 | 000,043,629 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Icelandic volcano.jpg
[2010/04/18 17:09:06 | 000,006,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\andale border.gif
[2010/03/17 10:47:27 | 000,486,747 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sent to Direct Loans.jpg
[2009/08/05 13:29:47 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/02/24 17:03:41 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/02/24 17:03:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/02/24 15:13:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/02/24 15:12:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/02/04 23:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliardsDemo.INI
[2009/02/02 12:02:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009/02/02 12:02:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009/02/02 12:02:27 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009/02/02 12:01:50 | 000,000,374 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/10/08 04:55:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/08 04:36:27 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/08 04:32:49 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/08 04:32:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/08 04:29:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/10/08 04:26:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/08 04:21:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/08 04:21:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/08 04:21:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/08 04:21:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/08 04:21:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/08 04:21:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/08 04:15:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/08 04:14:31 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/08 04:02:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/08 03:47:37 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/07 22:26:30 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(7).dll
[2006/10/07 22:26:30 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(6).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/10/07 22:26:30 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(5).dll
[2006/10/07 15:24:58 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2006/10/07 15:22:31 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2005/11/13 11:48:23 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/13 11:48:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/13 11:47:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 23:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/27 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/07/09 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2010/06/11 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/11 17:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 05:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/25 18:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/06 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\d81869a
[2009/04/26 11:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/01/23 02:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/23 02:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/07/10 05:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/13 01:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/01/23 02:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found >

< IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found >

< O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKLM..\Run: [PCDrProfiler] File not found >

< O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.) >

< >

< :Files >

< C:\WINDOWS\tasks\rkirgerz.job >

< C:\WINDOWS\System32\jiroyipi >

< >

< :Commands >

< [RESETHOSTS] >

< [purity] >

< [emptytemp] >

< [Reboot] >
< End of report >

More OTL:

OTL logfile created on: 6/11/2010 8:05:03 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 414.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.54 Gb Total Space | 129.57 Gb Free Space | 74.23% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 4.79 Gb Free Space | 40.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOD
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:39:49 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 10:30:27 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/07 17:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/08 04:33:38 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/09/27 03:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/09/27 03:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/09/27 03:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/27 04:14:44 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/08/19 07:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 06:43:46 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:39:49 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 01:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 10:31:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/16 10:31:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 10:31:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 10:30:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/30 22:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/12/06 11:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005/11/03 10:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/30 01:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 08:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/04 10:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 11:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/18 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/10 00:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 21:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/16 01:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/16 01:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/16 01:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/04 16:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/06 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/11 19:02:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 19:02:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/04/22 14:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/11 17:19:50 | 000,000,000 | ---D | M]

[2009/03/27 16:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/02/14 20:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/02/22 11:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\extensions
[2010/02/21 22:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\extensions\nasanightlaunch@example(2).com
[2010/01/13 12:35:35 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\searchplugins\dogpile.xml
[2010/06/11 19:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 17:19:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/06/11 19:36:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/08 04:29:10 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/11 19:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/11 19:24:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/11 19:24:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/11 19:24:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/11 19:24:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/11 19:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/11 18:39:29 | 010,367,552 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\My Documents\Opera_1053_en_Setup.exe
[2010/06/11 17:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 17:15:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/11 17:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG9
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/06/11 15:20:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2010/06/11 14:55:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/11 11:12:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/10 18:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT(2)
[2010/06/10 13:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 18:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/04/22 14:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/17 21:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/17 20:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/01 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Opera
[2010/04/01 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Opera
[2010/04/01 09:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/03/16 20:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/03/16 10:31:05 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/06/11 19:56:28 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 19:56:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/06/11 19:56:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 19:45:37 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/11 19:36:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/11 19:36:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 19:36:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 19:36:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 19:36:29 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 19:35:35 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/06/11 19:35:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/06/11 19:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 19:02:44 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/11 18:40:05 | 010,367,552 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\My Documents\Opera_1053_en_Setup.exe
[2010/06/11 18:38:22 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/11 18:27:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008UA.job
[2010/06/11 17:22:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 16:52:03 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 11:27:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008Core.job
[2010/06/11 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/10 14:38:00 | 000,000,580 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/06/10 13:49:41 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.bak
[2010/06/09 23:10:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/14 22:19:37 | 000,060,734 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\deep red lily.jpg
[2010/05/12 10:38:16 | 000,017,450 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\stargazer.jpg
[2010/05/10 14:22:59 | 000,016,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 rosesh.jpg
[2010/05/10 14:22:15 | 000,014,207 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 roses.jpg
[2010/05/03 11:54:01 | 001,087,607 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\G Kemba.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/19 14:38:48 | 000,043,629 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Icelandic volcano.jpg
[2010/04/18 17:09:10 | 000,006,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\andale border.gif
[2010/04/18 15:54:24 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/18 15:54:24 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/17 20:48:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/31 21:29:09 | 000,000,374 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/03/21 15:27:45 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 10:47:34 | 000,486,747 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sent to Direct Loans.jpg
[2010/03/16 10:31:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 10:31:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 10:31:05 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 10:30:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/14 09:47:22 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/06/11 19:24:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/11 19:24:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/11 19:24:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/11 19:24:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/11 19:24:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/11 18:38:21 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/11 16:53:38 | 000,003,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\commonpriv.log
[2010/06/11 16:53:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\commonpriv.log.lock
[2010/06/10 18:45:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.tmp.LOG
[2010/05/14 22:19:34 | 000,060,734 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\deep red lily.jpg
[2010/05/12 10:38:12 | 000,017,450 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\stargazer.jpg
[2010/05/10 14:22:58 | 000,016,240 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 rosesh.jpg
[2010/05/10 14:22:12 | 000,014,207 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\65 roses.jpg
[2010/05/03 11:53:56 | 001,087,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\G Kemba.jpg
[2010/04/19 14:38:47 | 000,043,629 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Icelandic volcano.jpg
[2010/04/18 17:09:06 | 000,006,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\andale border.gif
[2010/03/17 10:47:27 | 000,486,747 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sent to Direct Loans.jpg
[2009/08/05 13:29:47 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/02/24 17:03:41 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/02/24 17:03:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/02/24 15:13:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/02/24 15:12:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/02/04 23:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliardsDemo.INI
[2009/02/02 12:02:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009/02/02 12:02:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009/02/02 12:02:27 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009/02/02 12:01:50 | 000,000,374 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/10/08 04:55:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/08 04:36:27 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/08 04:32:49 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/08 04:32:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/08 04:29:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/10/08 04:26:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/08 04:21:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/08 04:21:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/08 04:21:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/08 04:21:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/08 04:21:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/08 04:21:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/08 04:15:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/08 04:14:31 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/08 04:02:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/08 03:47:37 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/07 22:26:30 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(7).dll
[2006/10/07 22:26:30 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(6).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/10/07 22:26:30 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(5).dll
[2006/10/07 15:24:58 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2006/10/07 15:22:31 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2005/11/13 11:48:23 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/13 11:48:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/13 11:47:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 23:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/27 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/07/09 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2010/06/11 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/11 17:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 05:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/25 18:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/06 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\d81869a
[2009/04/26 11:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/01/23 02:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/23 02:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/07/10 05:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/13 01:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/01/23 02:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found >

< IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found >

< O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKLM..\Run: [PCDrProfiler] File not found >

< O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.) >

< >

< :Files >

< C:\WINDOWS\tasks\rkirgerz.job >

< C:\WINDOWS\System32\jiroyipi >

< >

< :Commands >

< [RESETHOSTS] >

< [purity] >

< [emptytemp] >

< [Reboot] >
< End of report >
PRC - [2010/06/10 15:39:49 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 10:30:27 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/07 17:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/08 04:33:38 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/09/27 03:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/09/27 03:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/09/27 03:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/27 04:14:44 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/08/19 07:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 06:43:46 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:39:49 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 01:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 10:31:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/16 10:31:08 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 10:31:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 10:30:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/30 22:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/12/06 11:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005/11/03 10:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/30 01:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 08:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/04 10:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 11:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/18 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/10 00:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 21:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/16 01:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/16 01:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/16 01:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/04 16:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/06 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/11 19:02:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 19:02:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/04/22 14:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/11 17:19:50 | 000,000,000 | ---D | M]

[2009/03/27 16:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/02/14 20:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/02/22 11:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\extensions
[2010/02/21 22:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\extensions\nasanightlaunch@example(2).com
[2010/01/13 12:35:35 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\searchplugins\dogpile.xml
[2010/06/11 19:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 17:19:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/06/11 19:36:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/08 04:29:10 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/11 19:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/11 19:24:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/11 19:24:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/11 19:24:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/11 19:24:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/11 19:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/11 18:39:29 | 010,367,552 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\My Documents\Opera_1053_en_Setup.exe
[2010/06/11 17:25:18 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/06/11 17:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 17:15:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/11 17:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG9
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/11 17:13:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/06/11 15:20:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2010/06/11 14:55:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/11 11:12:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/10 18:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT(2)
[2010/06/10 13:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 18:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/04/22 14:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/01 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Opera
[2010/04/01 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Opera
[2010/04/01 09:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

========== Files - Modified Within 90 Days ==========

[2010/06/11 19:56:28 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 19:56:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/06/11 19:56:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 19:45:37 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/11 19:36:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/11 19:36:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 19:36:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 19:36:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 19:36:29 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 19:35:35 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/06/11 19:35:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/06/11 19:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 19:02:44 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/11 18:40:05 | 010,367,552 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\My Documents\Opera_1053_en_Setup.exe
[2010/06/11 18:38:22 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/11 18:27:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008UA.job
[2010/06/11 17:22:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 16:52:03 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 11:27:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008Core.job
[2010/06/11 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/10 14:38:00 | 000,000,580 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/06/10 13:49:41 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.bak
[2010/06/09 23:10:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/14 22:19:37 | 000,060,734 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\deep red lily.jpg

========== Files Created - No Company Name ==========

[2010/06/11 19:24:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/11 19:24:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/11 19:24:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/11 19:24:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/11 19:24:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/11 18:38:21 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/11 16:53:38 | 000,003,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\commonpriv.log
[2010/06/11 16:53:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\commonpriv.log.lock
[2010/06/10 18:45:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.tmp.LOG
[2010/05/14 22:19:34 | 000,060,734 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\deep red lily.jpg
[2009/08/05 13:29:47 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/02/24 17:03:41 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/02/24 17:03:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/02/24 15:13:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/02/24 15:12:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/02/04 23:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliardsDemo.INI
[2009/02/02 12:02:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009/02/02 12:02:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009/02/02 12:02:27 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009/02/02 12:01:50 | 000,000,374 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/10/08 04:55:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/08 04:36:27 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/08 04:32:49 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/08 04:32:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/08 04:29:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/10/08 04:26:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/08 04:21:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/08 04:21:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/08 04:21:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/08 04:21:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/08 04:21:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/08 04:21:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/08 04:15:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/08 04:14:31 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/08 04:02:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/08 03:47:37 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/07 22:26:30 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(7).dll
[2006/10/07 22:26:30 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(6).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2006/10/07 22:26:30 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/10/07 22:26:30 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(5).dll
[2006/10/07 15:24:58 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2006/10/07 15:22:31 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2005/11/13 11:48:23 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/13 11:48:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/13 11:47:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 23:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/27 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/07/09 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2010/06/11 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/11 17:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/05 05:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/25 18:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/06 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\d81869a
[2009/04/26 11:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/01/23 02:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/23 02:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/07/10 05:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/13 01:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/01/23 02:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found >

< IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found >

< O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKLM..\Run: [PCDrProfiler] File not found >

< O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.) >

< >

< :Files >

< C:\WINDOWS\tasks\rkirgerz.job >

< C:\WINDOWS\System32\jiroyipi >

< >

< :Commands >

< [RESETHOSTS] >

< [purity] >

< [emptytemp] >

< [Reboot] >

< End of report >
  • 0

Advertisements

#17
kathgirl
Posted 11 June 2010 - 06:13 PM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Malware Bytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3695
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

6/11/2010 8:11:34 PM
mbam-log-2010-06-11 (20-11-34).txt

Scan type: Quick Scan
Objects scanned: 135956
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#18
RKinner
Posted 11 June 2010 - 08:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
IF Virut were there, Combofix would have complained so hopefully it was a false positive or MSE killed it before it spread.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

SecCenter::
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
c:\windows\system32\drivers\avgtdix.sys
c:\windows\system32\drivers\avgldx86.sys
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz_x32.sys
c:\windows\system32\sctdisk.sys
c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgmfx86.sys
c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

Driver::
AvgTdiX
AvgLdx86
avg9wd
cpuz128
sctdisk

Folder::
c:\windows\system32\drivers\Avg
c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\HP_Administrator\Application Data\AVG9
c:\program files\AVG
C:\$AVG
c:\program files\Norton Security Scan
c:\program files\McAfee Security Scan

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron

PS did you also remove MSE? You need to have an anti-virus so perhaps you could download the free Avast 5. It's what I use on my PCs. http://www.avast.com...avast-home.html

Edited by RKinner, 11 June 2010 - 08:02 PM.

  • 0

#19
kathgirl
Posted 12 June 2010 - 10:13 AM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Question, where would I find my notebook if it is no longer in my start menu?
  • 0

#20
kathgirl
Posted 12 June 2010 - 10:16 AM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Question, where would I find my notebook if it is no longer in my start menu?


It is not on my desktop either.
  • 0

#21
RKinner
Posted 12 June 2010 - 10:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
notepad? Start, All Programs, Accessories. If it's not there it lives in C:\windows\notepad.exe but you might not see it because the files are hidden.

* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon or right click on Start and select Explore.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer or Explorer.
* Now your computer is configured to show all hidden files.

Ron
  • 0

#22
kathgirl
Posted 12 June 2010 - 11:14 AM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

notepad? Start, All Programs, Accessories. If it's not there it lives in C:\windows\notepad.exe but you might not see it because the files are hidden.

* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon or right click on Start and select Explore.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer or Explorer.
* Now your computer is configured to show all hidden files.

Ron


I meant Notepad, sorry.
I cannot find george, and I am wondering if it would be OK to run the ComboFix scan again to redo it?
TY for all of your help on this.
Maureen
  • 0

#23
RKinner
Posted 12 June 2010 - 04:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Probably have to download Combofix again but this time change it to george2.exe

Ron
  • 0

#24
kathgirl
Posted 14 June 2010 - 03:07 PM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

IF Virut were there, Combofix would have complained so hopefully it was a false positive or MSE killed it before it spread.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

SecCenter::
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
c:\windows\system32\drivers\avgtdix.sys
c:\windows\system32\drivers\avgldx86.sys
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz_x32.sys
c:\windows\system32\sctdisk.sys
c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgmfx86.sys
c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

Driver::
AvgTdiX
AvgLdx86
avg9wd
cpuz128
sctdisk

Folder::
c:\windows\system32\drivers\Avg
c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\HP_Administrator\Application Data\AVG9
c:\program files\AVG
C:\$AVG
c:\program files\Norton Security Scan
c:\program files\McAfee Security Scan

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron

PS did you also remove MSE? You need to have an anti-virus so perhaps you could download the free Avast 5. It's what I use on my PCs. http://www.avast.com...avast-home.html



OK, this is where my novice comes in.
I ran the ComboFix again, but I don't understand what I am saving to 'george'
Is it the log that ComboFix makes afterward that I am saving to my desktop and naming george? If so, I did that. If not, then I am lost as to what I am saving as 'george.'

And then, I am not understanding what I am dragging 'george' into. :)
  • 0

#25
RKinner
Posted 14 June 2010 - 09:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When you download Combofix you change its name from Combofix.exe to george.exe. Then you run george the first time. The file it makes is what you post to me. Then youi created a file CFScript.txt which you saved to the diesktop. You should see a file CFScript.txt on your desktop which you can grab with your mouse by selecting and holding down the left mouse button then slide it to george and let go.

Ron
  • 0

Advertisements

#26
kathgirl
Posted 14 June 2010 - 10:01 PM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

When you download Combofix you change its name from Combofix.exe to george.exe. Then you run george the first time. The file it makes is what you post to me. Then youi created a file CFScript.txt which you saved to the diesktop. You should see a file CFScript.txt on your desktop which you can grab with your mouse by selecting and holding down the left mouse button then slide it to george and let go.

Ron


OK, so I open the 'george' notepad and then drag the CFSscript notepad into 'george.' When I did that, the text changed in the notepad. Is that correct?
If you are saying that I should change the name of Combofix to 'george' when I run it the first time, I cannot understand how I change the name. What I named 'george' were the scan results that went to notepad.
I am so sorry that I am so computer illerate. TY for all of your help Ron.
  • 0

#27
RKinner
Posted 15 June 2010 - 12:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think I see what happened. You got a reply that was meant for someone else. My Mistake. Sorry.

What I need for you to do is to first pause your anti-virus, then download Combofix using Internet Explorer from http://download.blee...Bs/ComboFix.exe . It will ask you if you want to Save or Run the program.

You tell it Save and it will ask you where to save it and suggest the name combofix or combofix.exe. If it just says combofix then change combofix to george. If it says combofix.exe then change it to george.exe. OK

Then just run george or george.exe by double clicking on it.

If you get a message saying that combofix has been tampered with and needs to be downloaded again that will be a very bad sign.

Ron
  • 0

#28
kathgirl
Posted 15 June 2010 - 10:17 AM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

I think I see what happened. You got a reply that was meant for someone else. My Mistake. Sorry.

What I need for you to do is to first pause your anti-virus, then download Combofix using Internet Explorer from http://download.blee...Bs/ComboFix.exe . It will ask you if you want to Save or Run the program.

You tell it Save and it will ask you where to save it and suggest the name combofix or combofix.exe. If it just says combofix then change combofix to george. If it says combofix.exe then change it to george.exe. OK

Then just run george or george.exe by double clicking on it.

If you get a message saying that combofix has been tampered with and needs to be downloaded again that will be a very bad sign.

Ron


OK. I see.
I now have george on my desktop and the CFS script.txt.
Do I simply slide CFS to the george icon, or do I open george and slide it into the blue box that opens for the scan?
  • 0

#29
RKinner
Posted 15 June 2010 - 02:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You don't need the CFScript at least not yet that was a mistake. Just run George by himself.
  • 0

#30
kathgirl
Posted 15 June 2010 - 03:43 PM

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

You don't need the CFScript at least not yet that was a mistake. Just run George by himself.


ComboFix 10-06-15.02 - HP_Administrator 06/15/2010 17:19:15.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.563 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\george.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 20:05 . 2010-06-15 20:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-06-11 21:25 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-11 21:25 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-11 21:23 . 2010-06-11 21:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-11 21:21 . 2010-06-11 21:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-11 21:15 . 2010-06-15 19:42 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG9
2010-06-11 21:13 . 2010-06-11 21:13 -------- d-----w- C:\$AVG
2010-06-11 19:20 . 2010-06-11 20:59 -------- d-----w- C:\32788R22FWJFW(2)
2010-06-11 15:12 . 2010-06-11 15:12 -------- d-----w- C:\_OTL
2010-06-10 22:41 . 2010-06-11 20:59 -------- d-----w- c:\program files\ERUNT(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 20:10 . 2009-02-02 16:00 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-06-11 22:38 . 2010-04-01 13:20 -------- d-----w- c:\program files\Opera
2010-06-11 22:22 . 2009-11-08 03:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2010-06-11 21:28 . 2006-10-08 08:21 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-11 21:14 . 2010-04-22 18:04 -------- d-----w- c:\program files\Coupons
2010-06-11 21:12 . 2009-02-02 16:04 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-05-04 17:20 . 2006-10-08 02:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-10-07 19:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-10-07 19:22 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2006-10-07 19:29 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2006-10-07 19:22 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 00:56 . 2005-08-31 19:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-18 00:55 . 2010-04-18 00:55 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-04-18 00:55 . 2010-04-18 00:55 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-04-18 00:55 . 2010-04-18 00:55 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-04-18 00:55 . 2010-04-18 00:55 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-04-18 00:55 . 2010-04-18 00:55 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-04-18 00:55 . 2010-04-18 00:55 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-04-18 00:55 . 2010-04-18 00:55 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-04-18 00:55 . 2010-04-18 00:55 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-04-18 00:35 . 2006-10-08 07:50 -------- d-----w- c:\program files\Common Files\Java
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-22 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-13 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-8 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 14:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/29/2009 2:59 AM 242696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/29/2009 2:59 AM 216200]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 10:31 AM 308064]
S2 gupdate1ca72be14ecf34a;Google Update Service (gupdate1ca72be14ecf34a);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 1:16 PM 133104]
S3 cpuz128;cpuz128;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 sctdisk;sctdisk;\??\c:\windows\system32\sctdisk.sys --> c:\windows\system32\sctdisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:16]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:16]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 07:17]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113070515-3805741327-2304453607-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 07:17]

2010-06-12 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-22 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2aos3szi.default\
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 17:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\arservice.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\DISC\DiscStreamHub.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-06-15 17:39:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 21:39
ComboFix2.txt 2010-06-14 20:51
ComboFix3.txt 2010-06-11 23:45

Pre-Run: 139,542,183,936 bytes free
Post-Run: 139,535,880,192 bytes free

- - End Of File - - 78281EF7E2931528F0BE59658F878583
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP