Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Logs for malware removal

Started by ghost_sniper_777 , Jun 22 2010 04:20 AM

Please log in to reply

#1
ghost_sniper_777

Posted 22 June 2010 - 04:20 AM

Member

Member
94 posts

Was having re-direct issues with firefox. Wife ran some anti viruses, as well as me. Now cannot go to secure type sites. I can go to yahoo.com but once I click on mail it says "Firefox can't establish a connection to the server at login.yahoo.com." It does this for facebook, aol, any thing that asks for passwords.
Thank you in advance for any help!

OTL logfile created on: 6/22/2010 5:44:33 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\HP_Owner\Desktop\virus fight\program downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 29.38 Gb Free Space | 40.90% Space Free | Partition Type: NTFS
Drive D: | 39.94 Gb Total Space | 4.71 Gb Free Space | 11.79% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 22:33:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\virus fight\program downloads\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
PRC - [2007/03/28 18:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2005/05/06 21:17:37 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2004/10/26 00:17:56 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2004/08/31 05:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2004/08/30 21:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/28 02:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/06/21 22:33:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\virus fight\program downloads\OTL.exe
MOD - [2004/08/04 21:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2007/03/28 18:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/31 05:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2004/08/30 21:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/28 02:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/23 22:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/06/02 14:21:47 | 000,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\tcppid.sys -- (tcppid)
DRV - [2007/03/28 18:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 18:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/28 18:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/03/28 18:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/03/28 18:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/03/28 18:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/11/17 12:00:00 | 000,629,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/11/17 12:00:00 | 000,072,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/20 05:14:44 | 000,021,024 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms -- (PCDRSRVC)
DRV - [2004/08/04 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/23 22:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 22:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 19:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 20:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/09/19 11:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 09:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 01:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/21 10:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/21 10:35:17 | 000,000,000 | ---D | M]

[2010/03/22 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/07/19 12:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/06/21 23:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions
[2010/05/18 17:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\[email protected]
[2010/04/18 23:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\[email protected]
[2010/06/21 23:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 05:58:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/07 05:58:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/02/15 00:25:54 | 000,378,447 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13042 more lines...
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/06 21:50:38 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\Shell - "" = AutoRun
O33 - MountPoints2\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/23 23:53:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/21 23:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/21 23:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 21:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/21 21:00:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/21 20:59:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/21 20:59:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/21 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/06/21 00:08:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 00:08:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 00:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 00:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/20 22:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/19 22:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Cell phone
[2010/06/19 22:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/19 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sure Delete
[2010/06/19 20:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ministars Software
[2010/06/04 06:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/04 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/03 08:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/03 08:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/01 12:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Court files
[2010/05/30 21:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\court
[2010/05/24 14:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\The Mission 71908
[2010/05/21 17:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Base House
[2010/05/18 17:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/13 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\chmppro
[2010/05/11 17:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\2009 forms
[2010/05/11 17:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\EOG
[2010/05/10 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Cable
[2010/04/26 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/23 12:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InfraRecorder
[2010/04/22 20:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\D MAR10

========== Files - Modified Within 90 Days ==========

[2010/06/22 05:47:08 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/06/22 05:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1350.job
[2010/06/22 05:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1302.job
[2010/06/22 05:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1326.job
[2010/06/22 05:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1374.job
[2010/06/22 05:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2742.job
[2010/06/22 05:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1278.job
[2010/06/22 05:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/22 05:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AD62D58A91894946.job
[2010/06/22 04:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1349.job
[2010/06/22 04:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1301.job
[2010/06/22 04:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1325.job
[2010/06/22 04:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1373.job
[2010/06/22 04:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2741.job
[2010/06/22 04:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1277.job
[2010/06/22 04:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/22 03:08:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2740.job
[2010/06/22 03:08:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/22 03:08:04 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1371.job
[2010/06/22 03:08:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1348.job
[2010/06/22 03:08:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1324.job
[2010/06/22 03:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1300.job
[2010/06/22 03:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1276.job
[2010/06/22 02:08:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1347.job
[2010/06/22 02:08:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1369.job
[2010/06/22 02:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2739.job
[2010/06/22 02:08:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/22 02:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1299.job
[2010/06/22 02:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1323.job
[2010/06/22 02:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1275.job
[2010/06/22 01:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2738.job
[2010/06/22 01:08:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/22 01:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1346.job
[2010/06/22 01:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1298.job
[2010/06/22 01:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1322.job
[2010/06/22 01:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1367.job
[2010/06/22 01:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1274.job
[2010/06/22 00:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1345.job
[2010/06/22 00:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1297.job
[2010/06/22 00:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1321.job
[2010/06/22 00:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1365.job
[2010/06/22 00:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2737.job
[2010/06/22 00:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1273.job
[2010/06/22 00:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/21 23:13:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 23:13:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 23:13:12 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 23:12:14 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/06/21 23:12:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/21 23:09:29 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/21 23:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1372.job
[2010/06/21 23:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1320.job
[2010/06/21 23:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1344.job
[2010/06/21 23:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1392.job
[2010/06/21 23:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2760.job
[2010/06/21 23:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1296.job
[2010/06/21 23:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/21 22:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1370.job
[2010/06/21 22:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1319.job
[2010/06/21 22:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1343.job
[2010/06/21 22:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1391.job
[2010/06/21 22:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2759.job
[2010/06/21 22:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1295.job
[2010/06/21 22:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/21 21:09:18 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 20:59:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 20:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1366.job
[2010/06/21 20:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1317.job
[2010/06/21 20:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1341.job
[2010/06/21 20:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1389.job
[2010/06/21 20:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2757.job
[2010/06/21 20:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1293.job
[2010/06/21 20:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/21 19:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1364.job
[2010/06/21 19:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1316.job
[2010/06/21 19:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1340.job
[2010/06/21 19:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1388.job
[2010/06/21 19:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2756.job
[2010/06/21 19:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1292.job
[2010/06/21 19:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/21 17:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1362.job
[2010/06/21 17:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1314.job
[2010/06/21 17:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1338.job
[2010/06/21 17:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1386.job
[2010/06/21 17:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2754.job
[2010/06/21 17:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1290.job
[2010/06/21 17:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/21 16:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1361.job
[2010/06/21 16:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1313.job
[2010/06/21 16:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1337.job
[2010/06/21 16:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1385.job
[2010/06/21 16:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2753.job
[2010/06/21 16:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1289.job
[2010/06/21 16:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/21 15:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1360.job
[2010/06/21 15:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1312.job
[2010/06/21 15:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1336.job
[2010/06/21 15:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1384.job
[2010/06/21 15:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2752.job
[2010/06/21 15:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1288.job
[2010/06/21 15:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/21 14:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1359.job
[2010/06/21 14:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1311.job
[2010/06/21 14:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1335.job
[2010/06/21 14:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1383.job
[2010/06/21 14:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2751.job
[2010/06/21 14:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1287.job
[2010/06/21 14:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/21 13:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1358.job
[2010/06/21 13:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1310.job
[2010/06/21 13:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1334.job
[2010/06/21 13:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1382.job
[2010/06/21 13:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2750.job
[2010/06/21 13:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1286.job
[2010/06/21 13:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/21 12:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1357.job
[2010/06/21 12:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1309.job
[2010/06/21 12:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1333.job
[2010/06/21 12:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1381.job
[2010/06/21 12:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2749.job
[2010/06/21 12:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1285.job
[2010/06/21 12:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/21 11:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1356.job
[2010/06/21 11:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1308.job
[2010/06/21 11:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1332.job
[2010/06/21 11:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1380.job
[2010/06/21 11:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2748.job
[2010/06/21 11:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1284.job
[2010/06/21 11:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/21 10:35:22 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 10:35:22 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 10:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1355.job
[2010/06/21 10:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1307.job
[2010/06/21 10:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1331.job
[2010/06/21 10:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1379.job
[2010/06/21 10:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2747.job
[2010/06/21 10:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1283.job
[2010/06/21 10:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/21 09:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1354.job
[2010/06/21 09:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1306.job
[2010/06/21 09:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1330.job
[2010/06/21 09:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1378.job
[2010/06/21 09:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2746.job
[2010/06/21 09:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1282.job
[2010/06/21 09:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/21 08:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1353.job
[2010/06/21 08:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1305.job
[2010/06/21 08:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1329.job
[2010/06/21 08:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1377.job
[2010/06/21 08:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2745.job
[2010/06/21 08:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1281.job
[2010/06/21 08:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/21 07:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1352.job
[2010/06/21 07:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1304.job
[2010/06/21 07:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1328.job
[2010/06/21 07:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1376.job
[2010/06/21 07:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2744.job
[2010/06/21 07:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1280.job
[2010/06/21 07:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/21 01:04:36 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Verification for Travel JBal.doc
[2010/06/20 21:27:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/20 21:08:22 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2758.job
[2010/06/20 21:08:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/20 21:08:15 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1390.job
[2010/06/20 21:08:13 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1368.job
[2010/06/20 21:08:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1342.job
[2010/06/20 21:08:04 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1318.job
[2010/06/20 21:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1294.job
[2010/06/20 18:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1363.job
[2010/06/20 18:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1315.job
[2010/06/20 18:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1339.job
[2010/06/20 18:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1387.job
[2010/06/20 18:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2755.job
[2010/06/20 18:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1291.job
[2010/06/20 18:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/19 23:06:31 | 000,000,181 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv .DAT
[2010/06/19 22:09:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\o087N3P.dat
[2010/06/19 22:08:32 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2743.job
[2010/06/19 21:13:08 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 19:19:47 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/18 23:37:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 21:17:59 | 000,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/18 06:08:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1351.job
[2010/06/18 06:08:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\At1303.job
[2010/06/18 06:08:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1327.job
[2010/06/18 06:08:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1375.job
[2010/06/18 06:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1279.job
[2010/06/18 06:08:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/15 22:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/15 11:51:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/06/15 11:51:47 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010/06/12 00:58:49 | 000,442,072 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\me&robert.tif
[2010/06/08 00:35:34 | 000,000,243 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/07 14:36:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/04 06:27:45 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/02 14:21:47 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\tcppid.sys
[2010/06/01 20:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2010/06/01 16:01:40 | 000,007,106 | ---- | M] () -- C:\WINDOWS\System32\thqvmk
[2010/06/01 16:01:39 | 000,064,512 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/05/29 00:39:53 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\30 Day Notice to Landlord.doc
[2010/05/21 16:39:13 | 000,527,825 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Upcoming_Community_Events_5-21-10.pdf
[2010/05/20 22:35:28 | 001,071,218 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\2010 Youth Sports SUMMER CAMPS.pdf
[2010/05/19 19:14:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/19 18:15:38 | 000,508,267 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Millstone_Y_H_Wk_1.pdf
[2010/05/05 16:26:17 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\budget worksheet.xls
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 09:07:05 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\LimeWire 5.1.4.lnk
[2010/04/25 12:15:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/25 12:05:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/21 13:34:20 | 000,161,658 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1021_Capistrano_Dr.pdf
[2010/04/18 01:13:13 | 000,809,357 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\FY10 CREDO Trifold MAY_SEPT.pdf
[2010/04/15 12:55:22 | 000,093,582 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\DENTIST.tif
[2010/04/10 09:18:52 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\bank info.doc
[2010/04/09 15:03:49 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Pending balance.doc
[2010/04/08 23:16:50 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\bank 4-7-10.doc
[2010/04/07 21:15:30 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Budget 2011.xls
[2010/04/06 12:13:14 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

========== Files Created - No Company Name ==========

[2010/06/21 23:11:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/06/21 23:09:29 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/21 10:35:22 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 10:35:22 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 01:04:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Verification for Travel JBal.doc
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2760.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2759.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2758.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2757.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2756.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2755.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2754.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2753.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2752.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2751.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2750.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2749.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2748.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2747.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2746.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2745.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2744.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2743.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2742.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2741.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2740.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2739.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2738.job
[2010/06/19 22:08:29 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2737.job
[2010/06/15 11:51:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/06/15 11:51:47 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1372.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1370.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1368.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1366.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1364.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1363.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1362.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1361.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1360.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1359.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1358.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1357.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1356.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1355.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1354.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1353.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1352.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1351.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1350.job
[2010/06/13 15:14:30 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1349.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1392.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1391.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1390.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1389.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1388.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1387.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1386.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1385.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1384.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1383.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1382.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1381.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1380.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1379.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1378.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1377.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1376.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1375.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1374.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1373.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1371.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1369.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1367.job
[2010/06/13 15:14:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1365.job
[2010/06/13 15:14:29 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1348.job
[2010/06/13 15:14:29 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1347.job
[2010/06/13 15:14:29 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1346.job
[2010/06/13 15:14:29 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1345.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1344.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1343.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1342.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1341.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1340.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1339.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1338.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1337.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1336.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1335.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1334.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1333.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1332.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1331.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1330.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1329.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1328.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1327.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1326.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1325.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1324.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1323.job
[2010/06/13 14:26:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1322.job
[2010/06/13 14:26:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1321.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1320.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1319.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1318.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1317.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1316.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1315.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1314.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1313.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1312.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1311.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1310.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1309.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1308.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1307.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1306.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1305.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1304.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1303.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1302.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1301.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1300.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1299.job
[2010/06/13 14:25:23 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1298.job
[2010/06/13 14:25:22 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\At1297.job
[2010/06/13 14:24:07 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1296.job
[2010/06/13 14:24:07 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1295.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1294.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1293.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1292.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1291.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1290.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1289.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1288.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1287.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1286.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1285.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1284.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1283.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1282.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1281.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1280.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1279.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1278.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1277.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1276.job
[2010/06/13 14:24:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1275.job
[2010/06/13 14:24:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1274.job
[2010/06/13 14:24:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1273.job
[2010/06/12 00:58:49 | 000,442,072 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\me&robert.tif
[2010/06/08 08:02:17 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\o087N3P.dat
[2010/06/08 08:01:55 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv .DAT
[2010/06/07 07:44:15 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/06/07 07:44:15 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/06/07 07:44:15 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/06/07 07:44:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/04 06:27:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/04 06:27:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/02 14:21:47 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\tcppid.sys
[2010/06/01 16:01:40 | 000,007,106 | ---- | C] () -- C:\WINDOWS\System32\thqvmk
[2010/06/01 16:01:39 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\klgd.bmp
[2010/06/01 11:38:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2010/05/29 00:39:53 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\30 Day Notice to Landlord.doc
[2010/05/21 16:39:12 | 000,527,825 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Upcoming_Community_Events_5-21-10.pdf
[2010/05/20 22:35:28 | 001,071,218 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\2010 Youth Sports SUMMER CAMPS.pdf
[2010/05/19 19:14:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/19 19:14:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/19 18:15:38 | 000,508,267 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Millstone_Y_H_Wk_1.pdf
[2010/04/21 13:34:20 | 000,161,658 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1021_Capistrano_Dr.pdf
[2010/04/18 01:13:13 | 000,809,357 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\FY10 CREDO Trifold MAY_SEPT.pdf
[2010/04/15 12:55:22 | 000,093,582 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\DENTIST.tif
[2010/04/09 14:57:26 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Pending balance.doc
[2010/04/08 15:54:34 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\bank 4-7-10.doc
[2010/04/07 18:36:33 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Budget 2011.xls
[2010/03/27 11:19:49 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\bank info.doc
[2010/02/10 04:19:07 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/23 22:07:51 | 000,095,285 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
[2008/04/08 02:49:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008/04/08 02:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/02/08 12:06:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/09/30 17:04:05 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/09/09 22:50:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/09/09 22:35:01 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/07/13 10:58:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/14 15:54:42 | 000,000,053 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2007/01/07 02:00:15 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Erin.ini
[2006/11/09 22:48:02 | 001,227,411 | -HS- | C] () -- C:\WINDOWS\csra.ini
[2006/10/12 01:39:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/08 21:35:35 | 000,044,299 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/14 00:25:57 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSC42.ini
[2005/11/15 02:39:14 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/11/14 22:59:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/13 01:23:45 | 000,002,993 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/10/17 16:47:10 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/05/06 21:52:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/06 21:47:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/06 21:47:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/06 21:47:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/06 21:47:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/06 21:47:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/06 21:47:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/06 21:18:03 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/06 21:17:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/06 21:17:38 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/06 21:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 20:52:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/06 20:40:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/06 11:29:35 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/02/04 20:56:42 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 20:56:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 20:56:20 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/16 07:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/07 14:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini

========== LOP Check ==========

[2010/06/20 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/06/15 05:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/04/10 23:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/07 20:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/01/23 20:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/22 05:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\AD62D58A91894946.job
[2010/06/22 00:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/21 09:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/21 10:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/21 11:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/22 00:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1273.job
[2010/06/22 01:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1274.job
[2010/06/22 02:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1275.job
[2010/06/22 03:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1276.job
[2010/06/22 04:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1277.job
[2010/06/22 05:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1278.job
[2010/06/18 06:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1279.job
[2010/06/21 07:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1280.job
[2010/06/21 08:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1281.job
[2010/06/21 09:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1282.job
[2010/06/21 10:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1283.job
[2010/06/21 11:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1284.job
[2010/06/21 12:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1285.job
[2010/06/21 13:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1286.job
[2010/06/21 14:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1287.job
[2010/06/21 15:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1288.job
[2010/06/21 16:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1289.job
[2010/06/21 17:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1290.job
[2010/06/20 18:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1291.job
[2010/06/21 19:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1292.job
[2010/06/21 20:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1293.job
[2010/06/20 21:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1294.job
[2010/06/21 22:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1295.job
[2010/06/21 23:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1296.job
[2010/06/22 00:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1297.job
[2010/06/22 01:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1298.job
[2010/06/22 02:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1299.job
[2010/06/21 12:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/22 03:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1300.job
[2010/06/22 04:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1301.job
[2010/06/22 05:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1302.job
[2010/06/18 06:08:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1303.job
[2010/06/21 07:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1304.job
[2010/06/21 08:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1305.job
[2010/06/21 09:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1306.job
[2010/06/21 10:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1307.job
[2010/06/21 11:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1308.job
[2010/06/21 12:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1309.job
[2010/06/21 13:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1310.job
[2010/06/21 14:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1311.job
[2010/06/21 15:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1312.job
[2010/06/21 16:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1313.job
[2010/06/21 17:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1314.job
[2010/06/20 18:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1315.job
[2010/06/21 19:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1316.job
[2010/06/21 20:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1317.job
[2010/06/20 21:08:04 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1318.job
[2010/06/21 22:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1319.job
[2010/06/21 23:08:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\At1320.job
[2010/06/22 00:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1321.job
[2010/06/22 01:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1322.job
[2010/06/22 02:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1323.job
[2010/06/22 03:08:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1324.job
[2010/06/22 04:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1325.job
[2010/06/22 05:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1326.job
[2010/06/18 06:08:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1327.job
[2010/06/21 07:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1328.job
[2010/06/21 08:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1329.job
[2010/06/21 09:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1330.job
[2010/06/21 10:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1331.job
[2010/06/21 11:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1332.job
[2010/06/21 12:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1333.job
[2010/06/21 13:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1334.job
[2010/06/21 14:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1335.job
[2010/06/21 15:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1336.job
[2010/06/21 16:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1337.job
[2010/06/21 17:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1338.job
[2010/06/20 18:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1339.job
[2010/06/21 19:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1340.job
[2010/06/21 20:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1341.job
[2010/06/20 21:08:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1342.job
[2010/06/21 22:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1343.job
[2010/06/21 23:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1344.job
[2010/06/22 00:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1345.job
[2010/06/22 01:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1346.job
[2010/06/22 02:08:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1347.job
[2010/06/22 03:08:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1348.job
[2010/06/22 04:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1349.job
[2010/06/22 05:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1350.job
[2010/06/18 06:08:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1351.job
[2010/06/21 07:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1352.job
[2010/06/21 08:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1353.job
[2010/06/21 09:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1354.job
[2010/06/21 10:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1355.job
[2010/06/21 11:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1356.job
[2010/06/21 12:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1357.job
[2010/06/21 13:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1358.job
[2010/06/21 14:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1359.job
[2010/06/21 15:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1360.job
[2010/06/21 16:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1361.job
[2010/06/21 17:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1362.job
[2010/06/20 18:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1363.job
[2010/06/21 19:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1364.job
[2010/06/22 00:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1365.job
[2010/06/21 20:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1366.job
[2010/06/22 01:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1367.job
[2010/06/20 21:08:13 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1368.job
[2010/06/22 02:08:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1369.job
[2010/06/21 22:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1370.job
[2010/06/22 03:08:04 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1371.job
[2010/06/21 23:08:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1372.job
[2010/06/22 04:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1373.job
[2010/06/22 05:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1374.job
[2010/06/18 06:08:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1375.job
[2010/06/21 07:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1376.job
[2010/06/21 08:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1377.job
[2010/06/21 09:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1378.job
[2010/06/21 10:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1379.job
[2010/06/21 11:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1380.job
[2010/06/21 12:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1381.job
[2010/06/21 13:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1382.job
[2010/06/21 14:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1383.job
[2010/06/21 15:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1384.job
[2010/06/21 16:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1385.job
[2010/06/21 17:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1386.job
[2010/06/20 18:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1387.job
[2010/06/21 19:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1388.job
[2010/06/21 20:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1389.job
[2010/06/20 21:08:15 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1390.job
[2010/06/21 22:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1391.job
[2010/06/21 23:08:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1392.job
[2010/06/21 13:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/21 14:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/21 15:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/21 16:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/21 17:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/20 18:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/22 01:08:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/21 19:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/21 20:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/20 21:08:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/21 22:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/21 23:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/22 00:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2737.job
[2010/06/22 01:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2738.job
[2010/06/22 02:08:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2739.job
[2010/06/22 03:08:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2740.job
[2010/06/22 04:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2741.job
[2010/06/22 05:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2742.job
[2010/06/19 22:08:32 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2743.job
[2010/06/21 07:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2744.job
[2010/06/21 08:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2745.job
[2010/06/21 09:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2746.job
[2010/06/21 10:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2747.job
[2010/06/21 11:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2748.job
[2010/06/21 12:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2749.job
[2010/06/21 13:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2750.job
[2010/06/21 14:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2751.job
[2010/06/21 15:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2752.job
[2010/06/21 16:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2753.job
[2010/06/21 17:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2754.job
[2010/06/20 18:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2755.job
[2010/06/21 19:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2756.job
[2010/06/21 20:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2757.job
[2010/06/20 21:08:22 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2758.job
[2010/06/21 22:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2759.job
[2010/06/21 23:08:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2760.job
[2010/06/22 02:08:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/22 03:08:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/22 04:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/22 05:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/18 06:08:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/21 07:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/21 08:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/06/01 20:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\System Restore.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/12/05 20:28:56 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/05 20:28:56 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2006/02/12 22:42:50 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2005/05/06 21:50:38 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/23 22:07:17 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/01/23 22:14:09 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/15 13:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/10/31 18:21:35 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2008/04/08 02:36:03 | 000,000,536 | ---- | M] () -- C:\DrvInst (1).log
[2008/04/08 02:36:01 | 000,000,287 | ---- | M] () -- C:\DrvInst (2).log
[2008/04/08 02:38:34 | 000,081,781 | ---- | M] () -- C:\DrvInst.log
[2010/06/21 23:13:12 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
[2005/02/04 20:56:20 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2008/04/08 02:38:37 | 000,001,097 | ---- | M] () -- C:\Install.log
[2004/10/15 13:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/22 15:45:45 | 000,000,450 | -H-- | M] () -- C:\IPH.PH
[2004/10/15 13:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 00:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/21 23:13:10 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/09/17 23:00:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/09/17 23:00:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/09/17 23:01:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2006/09/17 23:07:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2006/09/17 23:07:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2006/09/17 23:07:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2006/09/17 23:07:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2006/09/17 23:08:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2006/12/07 22:14:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2006/12/07 22:14:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2006/12/07 22:14:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2006/12/07 22:14:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2006/12/07 22:14:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2006/12/07 22:14:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2006/12/07 22:14:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2006/12/07 22:14:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2006/12/07 22:14:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2006/12/07 22:15:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2006/12/07 22:15:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2007/09/09 16:10:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2006/09/17 23:01:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/09/17 23:07:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/09/17 23:07:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2006/09/17 23:07:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2006/09/17 23:07:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2006/09/17 23:08:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2006/12/07 22:14:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2006/12/07 22:14:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2006/12/07 22:14:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2006/12/07 22:14:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2006/12/07 22:14:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2006/12/07 22:14:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2006/12/07 22:14:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2006/12/07 22:14:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2006/12/07 22:14:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2006/12/07 22:15:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2006/12/07 22:15:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2007/09/09 16:10:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2006/09/17 23:00:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2006/09/17 23:00:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2007/09/09 18:15:34 | 000,052,420 | ---- | M] () -- C:\VETlog.dmp
[2007/09/09 18:15:34 | 000,023,109 | ---- | M] () -- C:\VETlog.txt
[2007/09/09 01:00:36 | 000,029,378 | -HS- | M] () -- C:\vm404.log
[2008/10/26 10:32:17 | 000,005,335 | ---- | M] () -- C:\xcrashdump.dat

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1c9s1e.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1q931o.dll
[2010/06/01 12:13:35 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3179317s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\31eI3qG9.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3cE9aAA9.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3s79s17s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3y79oC7s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55555.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55aAA.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55o55.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5aAAA.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5k55g.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5qGMY.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5u555.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\793179a.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7eIQ7wS.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7mY17oC.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7sK1793.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7sK179w.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA179s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cE31kU3.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI17q3.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G17aAAA9.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G7iQG7.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I17qGM7g.dll
[2010/06/01 11:37:56 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K5y5c.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\k9yW7u3.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KU7mY17o.dll
[2010/06/01 11:37:56 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M17w3179.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O1o9oCEI.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q7w3u7.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\s793u7.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU93i79.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\u5m5g.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW1u931aA.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW9uOC.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\yWS931u9.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/13 18:35:46 | 000,346,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2007/08/13 18:35:38 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/15 06:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/15 06:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/15 06:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2010/06/15 11:51:44 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DF1F47178D69251435B3F54F624DBDA7 -- C:\WINDOWS\system32\user32.DLL

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >

Attached Files

malwarebytes_log.txt 1.83KB 119 downloads
otl_log.txt 173.53KB 124 downloads
otl_extras_log.txt 37.29KB 115 downloads
gmer_log.txt 3.55KB 142 downloads

Edited by Essexboy, 22 June 2010 - 12:51 PM.

#2
Aaron

Posted 22 June 2010 - 06:32 AM

Expert

Expert
3,155 posts

Hi, welcome to Geeks to Go

!
My name is Maser00 and I will be helping you with your problem(s).

Before we start I need to tell you a few things:

I am still in training here at GeekU, therefore my instructions will be checked by someone of the malware staff first. It could take a little bit more time then usual because of this.
Please post all the requested logs directly in your reply, do not attach them unless asked so.
At least read all my instructions once before you carry them out.
Stay active in this topic! Because your computer is running better does not mean there is no malware left, I will tell you when we are done.
Please don't run any other malware removal tools/programs or instructions that I didn't asked for.

And you can always ask me to explain something better when something isn't clear.

I am making my instructions for you right now and I will post them immediately when they are checked.

- Maser00

#3
Aaron

Posted 22 June 2010 - 01:05 PM

Expert

Expert
3,155 posts

Hi, could you please paste all logs in your post instead of attaching them?

Please follow the steps bellow:

I can see that you use a P2P program (LimeWire). This is very dangerous! This is a great source for downloading malware. I suggest you remove this program to prevent new infections.

Step 1

Your computer has been infected by a backdoor Trojan.

This could allow hackers to remotely control your computer, steal critical system information including passwords credit card numbers, addresses, phone numbers, and other information stored on your computer. Before we can start I recommend to:

Use another, clean computer to change all your internet passwords, especially your financial passwords like your banks, pay pal, eBay. Also change the passwords for any other sites that you use.
Call your financial companies and tell them that your account may have been stolen and ask what you can do.
Closely monitor all bank and credit card statements. If you do think that you are a victim of identity theft you can go to Defend: Recover From Identity Theft to learn more.

Although this type of infection can almost always be removed there is know way to know if your computer will be 100% clean because backdoor Trojans have can have complete access of a system and install malicious code that may not be detectable. The only way to make sure your system is 100% clean is to do a complete reformat and reinstall of your operating system. If you want to do a reinstall of your system please let me know, otherwise I will continue to help you clean your system. If you want to learn more about backdoor Trojans you can go to: What is a backdoor Trojan?

Step 2

Run OTL again

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - [2010/06/02 14:21:47 | 000,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\tcppid.sys -- (tcppid)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O33 - MountPoints2\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\Shell - "" = AutoRun
O33 - MountPoints2\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
[2010/06/19 23:06:31 | 000,000,181 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv .DAT
[2010/06/22 05:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AD62D58A91894946.job
[2010/06/19 22:09:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\o087N3P.dat
[2010/06/15 11:51:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/06/15 11:51:47 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010/06/02 14:21:47 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\tcppid.sys
[2010/06/01 16:01:40 | 000,007,106 | ---- | M] () -- C:\WINDOWS\System32\thqvmk
[2010/06/01 16:01:39 | 000,064,512 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/04/06 12:13:14 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/06/15 11:51:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/06/15 11:51:47 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010/06/08 08:02:17 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\o087N3P.dat
[2010/06/08 08:01:55 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv .DAT
[2010/06/02 14:21:47 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\tcppid.sys
[2010/06/01 16:01:40 | 000,007,106 | ---- | C] () -- C:\WINDOWS\System32\thqvmk
[2010/06/01 16:01:39 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\klgd.bmp
[2010/06/01 11:38:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
[2008/04/09 01:31:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
[2010/06/22 05:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\AD62D58A91894946.job
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1c9s1e.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1q931o.dll
[2010/06/01 12:13:35 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3179317s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\31eI3qG9.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3cE9aAA9.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3s79s17s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3y79oC7s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55555.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55aAA.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55o55.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5aAAA.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5k55g.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5qGMY.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5u555.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\793179a.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7eIQ7wS.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7mY17oC.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7sK1793.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7sK179w.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA179s.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cE31kU3.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI17q3.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G17aAAA9.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G7iQG7.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I17qGM7g.dll
[2010/06/01 11:37:56 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K5y5c.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\k9yW7u3.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KU7mY17o.dll
[2010/06/01 11:37:56 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M17w3179.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O1o9oCEI.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q7w3u7.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\s793u7.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU93i79.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\u5m5g.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW1u931aA.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW9uOC.dll
[2010/06/01 12:16:40 | 000,077,312 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\yWS931u9.dll

:Services

:Reg

:Files
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and save the log it produces.
Open OTL again and click the Quick Scan button. Now post the log it produces together with the log you saved from running the fix. Post both logs in your next reply please.

Step 3

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 4

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in the root directory (usually C:\).
Please post the contents of that log in your next reply.

Revised: post these logs in your next reply
- OTL
- GooredFix
- TDSSKiller

- Maser00

#4
ghost_sniper_777

Posted 22 June 2010 - 04:24 PM

Member

Topic Starter
Member
94 posts

All processes killed
========== OTL ==========
Service tcppid stopped successfully!
Service tcppid deleted successfully!
C:\WINDOWS\system32\tcppid.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de7aaa4-67ad-11df-9337-0011d8bfc684}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946850c5-1e27-11d9-baf0-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946850c5-1e27-11d9-baf0-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946850c5-1e27-11d9-baf0-806d6172696f}\ not found.
File D:\setup.exe not found.
C:\WINDOWS\system\hpsysdrv .DAT moved successfully.
C:\WINDOWS\tasks\AD62D58A91894946.job moved successfully.
C:\Documents and Settings\All Users\Application Data\o087N3P.dat moved successfully.
C:\WINDOWS\system32\hgtd.ruy moved successfully.
C:\WINDOWS\system32\h7t.wt moved successfully.
File C:\WINDOWS\System32\tcppid.sys not found.
C:\WINDOWS\system32\thqvmk moved successfully.
C:\WINDOWS\system32\klgd.bmp moved successfully.
C:\WINDOWS\system32\ernel32.dll moved successfully.
C:\WINDOWS\system32\cpnprt2.cid moved successfully.
File C:\WINDOWS\System32\hgtd.ruy not found.
File C:\WINDOWS\System32\h7t.wt not found.
File C:\Documents and Settings\All Users\Application Data\o087N3P.dat not found.
File C:\WINDOWS\System\hpsysdrv .DAT not found.
File C:\WINDOWS\System32\tcppid.sys not found.
File C:\WINDOWS\System32\thqvmk not found.
File C:\WINDOWS\System32\klgd.bmp not found.
File C:\WINDOWS\System32\ernel32.dll not found.
C:\WINDOWS\info9.ini moved successfully.
C:\WINDOWS\info7.ini moved successfully.
C:\WINDOWS\info4.ini moved successfully.
C:\WINDOWS\info10.ini moved successfully.
File C:\WINDOWS\Tasks\AD62D58A91894946.job not found.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1c9s1e.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1q931o.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3179317s.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\31eI3qG9.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3cE9aAA9.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3s79s17s.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3y79oC7s.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\55555.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\55aAA.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\55o55.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5aAAA.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5k55g.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5qGMY.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5u555.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\793179a.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7eIQ7wS.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7mY17oC.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7sK1793.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7sK179w.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA179s.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\cE31kU3.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI17q3.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\G17aAAA9.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\G7iQG7.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\I17qGM7g.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\K5y5c.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\k9yW7u3.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\KU7mY17o.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\M17w3179.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\O1o9oCEI.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\Q7w3u7.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\s793u7.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU93i79.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\u5m5g.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\YW1u931aA.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\YW9uOC.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\yWS931u9.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At1273.job moved successfully.
C:\WINDOWS\tasks\At1274.job moved successfully.
C:\WINDOWS\tasks\At1275.job moved successfully.
C:\WINDOWS\tasks\At1276.job moved successfully.
C:\WINDOWS\tasks\At1277.job moved successfully.
C:\WINDOWS\tasks\At1278.job moved successfully.
C:\WINDOWS\tasks\At1279.job moved successfully.
C:\WINDOWS\tasks\At1280.job moved successfully.
C:\WINDOWS\tasks\At1281.job moved successfully.
C:\WINDOWS\tasks\At1282.job moved successfully.
C:\WINDOWS\tasks\At1283.job moved successfully.
C:\WINDOWS\tasks\At1284.job moved successfully.
C:\WINDOWS\tasks\At1285.job moved successfully.
C:\WINDOWS\tasks\At1286.job moved successfully.
C:\WINDOWS\tasks\At1287.job moved successfully.
C:\WINDOWS\tasks\At1288.job moved successfully.
C:\WINDOWS\tasks\At1289.job moved successfully.
C:\WINDOWS\tasks\At1290.job moved successfully.
C:\WINDOWS\tasks\At1291.job moved successfully.
C:\WINDOWS\tasks\At1292.job moved successfully.
C:\WINDOWS\tasks\At1293.job moved successfully.
C:\WINDOWS\tasks\At1294.job moved successfully.
C:\WINDOWS\tasks\At1295.job moved successfully.
C:\WINDOWS\tasks\At1296.job moved successfully.
C:\WINDOWS\tasks\At1297.job moved successfully.
C:\WINDOWS\tasks\At1298.job moved successfully.
C:\WINDOWS\tasks\At1299.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At1300.job moved successfully.
C:\WINDOWS\tasks\At1301.job moved successfully.
C:\WINDOWS\tasks\At1302.job moved successfully.
C:\WINDOWS\tasks\At1303.job moved successfully.
C:\WINDOWS\tasks\At1304.job moved successfully.
C:\WINDOWS\tasks\At1305.job moved successfully.
C:\WINDOWS\tasks\At1306.job moved successfully.
C:\WINDOWS\tasks\At1307.job moved successfully.
C:\WINDOWS\tasks\At1308.job moved successfully.
C:\WINDOWS\tasks\At1309.job moved successfully.
C:\WINDOWS\tasks\At1310.job moved successfully.
C:\WINDOWS\tasks\At1311.job moved successfully.
C:\WINDOWS\tasks\At1312.job moved successfully.
C:\WINDOWS\tasks\At1313.job moved successfully.
C:\WINDOWS\tasks\At1314.job moved successfully.
C:\WINDOWS\tasks\At1315.job moved successfully.
C:\WINDOWS\tasks\At1316.job moved successfully.
C:\WINDOWS\tasks\At1317.job moved successfully.
C:\WINDOWS\tasks\At1318.job moved successfully.
C:\WINDOWS\tasks\At1319.job moved successfully.
C:\WINDOWS\tasks\At1320.job moved successfully.
C:\WINDOWS\tasks\At1321.job moved successfully.
C:\WINDOWS\tasks\At1322.job moved successfully.
C:\WINDOWS\tasks\At1323.job moved successfully.
C:\WINDOWS\tasks\At1324.job moved successfully.
C:\WINDOWS\tasks\At1325.job moved successfully.
C:\WINDOWS\tasks\At1326.job moved successfully.
C:\WINDOWS\tasks\At1327.job moved successfully.
C:\WINDOWS\tasks\At1328.job moved successfully.
C:\WINDOWS\tasks\At1329.job moved successfully.
C:\WINDOWS\tasks\At1330.job moved successfully.
C:\WINDOWS\tasks\At1331.job moved successfully.
C:\WINDOWS\tasks\At1332.job moved successfully.
C:\WINDOWS\tasks\At1333.job moved successfully.
C:\WINDOWS\tasks\At1334.job moved successfully.
C:\WINDOWS\tasks\At1335.job moved successfully.
C:\WINDOWS\tasks\At1336.job moved successfully.
C:\WINDOWS\tasks\At1337.job moved successfully.
C:\WINDOWS\tasks\At1338.job moved successfully.
C:\WINDOWS\tasks\At1339.job moved successfully.
C:\WINDOWS\tasks\At1340.job moved successfully.
C:\WINDOWS\tasks\At1341.job moved successfully.
C:\WINDOWS\tasks\At1342.job moved successfully.
C:\WINDOWS\tasks\At1343.job moved successfully.
C:\WINDOWS\tasks\At1344.job moved successfully.
C:\WINDOWS\tasks\At1345.job moved successfully.
C:\WINDOWS\tasks\At1346.job moved successfully.
C:\WINDOWS\tasks\At1347.job moved successfully.
C:\WINDOWS\tasks\At1348.job moved successfully.
C:\WINDOWS\tasks\At1349.job moved successfully.
C:\WINDOWS\tasks\At1350.job moved successfully.
C:\WINDOWS\tasks\At1351.job moved successfully.
C:\WINDOWS\tasks\At1352.job moved successfully.
C:\WINDOWS\tasks\At1353.job moved successfully.
C:\WINDOWS\tasks\At1354.job moved successfully.
C:\WINDOWS\tasks\At1355.job moved successfully.
C:\WINDOWS\tasks\At1356.job moved successfully.
C:\WINDOWS\tasks\At1357.job moved successfully.
C:\WINDOWS\tasks\At1358.job moved successfully.
C:\WINDOWS\tasks\At1359.job moved successfully.
C:\WINDOWS\tasks\At1360.job moved successfully.
C:\WINDOWS\tasks\At1361.job moved successfully.
C:\WINDOWS\tasks\At1362.job moved successfully.
C:\WINDOWS\tasks\At1363.job moved successfully.
C:\WINDOWS\tasks\At1364.job moved successfully.
C:\WINDOWS\tasks\At1365.job moved successfully.
C:\WINDOWS\tasks\At1366.job moved successfully.
C:\WINDOWS\tasks\At1367.job moved successfully.
C:\WINDOWS\tasks\At1368.job moved successfully.
C:\WINDOWS\tasks\At1369.job moved successfully.
C:\WINDOWS\tasks\At1370.job moved successfully.
C:\WINDOWS\tasks\At1371.job moved successfully.
C:\WINDOWS\tasks\At1372.job moved successfully.
C:\WINDOWS\tasks\At1373.job moved successfully.
C:\WINDOWS\tasks\At1374.job moved successfully.
C:\WINDOWS\tasks\At1375.job moved successfully.
C:\WINDOWS\tasks\At1376.job moved successfully.
C:\WINDOWS\tasks\At1377.job moved successfully.
C:\WINDOWS\tasks\At1378.job moved successfully.
C:\WINDOWS\tasks\At1379.job moved successfully.
C:\WINDOWS\tasks\At1380.job moved successfully.
C:\WINDOWS\tasks\At1381.job moved successfully.
C:\WINDOWS\tasks\At1382.job moved successfully.
C:\WINDOWS\tasks\At1383.job moved successfully.
C:\WINDOWS\tasks\At1384.job moved successfully.
C:\WINDOWS\tasks\At1385.job moved successfully.
C:\WINDOWS\tasks\At1386.job moved successfully.
C:\WINDOWS\tasks\At1387.job moved successfully.
C:\WINDOWS\tasks\At1388.job moved successfully.
C:\WINDOWS\tasks\At1389.job moved successfully.
C:\WINDOWS\tasks\At1390.job moved successfully.
C:\WINDOWS\tasks\At1391.job moved successfully.
C:\WINDOWS\tasks\At1392.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At2737.job moved successfully.
C:\WINDOWS\tasks\At2738.job moved successfully.
C:\WINDOWS\tasks\At2739.job moved successfully.
C:\WINDOWS\tasks\At2740.job moved successfully.
C:\WINDOWS\tasks\At2741.job moved successfully.
C:\WINDOWS\tasks\At2742.job moved successfully.
C:\WINDOWS\tasks\At2743.job moved successfully.
C:\WINDOWS\tasks\At2744.job moved successfully.
C:\WINDOWS\tasks\At2745.job moved successfully.
C:\WINDOWS\tasks\At2746.job moved successfully.
C:\WINDOWS\tasks\At2747.job moved successfully.
C:\WINDOWS\tasks\At2748.job moved successfully.
C:\WINDOWS\tasks\At2749.job moved successfully.
C:\WINDOWS\tasks\At2750.job moved successfully.
C:\WINDOWS\tasks\At2751.job moved successfully.
C:\WINDOWS\tasks\At2752.job moved successfully.
C:\WINDOWS\tasks\At2753.job moved successfully.
C:\WINDOWS\tasks\At2754.job moved successfully.
C:\WINDOWS\tasks\At2755.job moved successfully.
C:\WINDOWS\tasks\At2756.job moved successfully.
C:\WINDOWS\tasks\At2757.job moved successfully.
C:\WINDOWS\tasks\At2758.job moved successfully.
C:\WINDOWS\tasks\At2759.job moved successfully.
C:\WINDOWS\tasks\At2760.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 314824 bytes
->Temporary Internet Files folder emptied: 33857 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35359173 bytes
->Flash cache emptied: 1215 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 148611417 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9985 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2154871 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178.00 mb

[EMPTYFLASH]

User: All Users

User: Application Data

User: Default User

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.6.1 log created on 06222010_172730

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W4VYBNRN\B4581811[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UWPAS1NV\dot[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TR1ZDN2A\090056_24Fashion-remains-the-focus-1[1].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TR1ZDN2A\140153_21dating_1[1].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TR1ZDN2A\1744932887_dpmp4lo_0[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TR1ZDN2A\cotv_SpotX_list[1].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4FNT5OIY\GetAdDirector_BannerCreative[1].htm moved successfully.
C:\WINDOWS\temp\flaF0.tmp moved successfully.
C:\WINDOWS\temp\flaF3.tmp moved successfully.

Registry entries deleted on Reboot...

#5
ghost_sniper_777

Posted 22 June 2010 - 04:25 PM

Member

Topic Starter
Member
94 posts

GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:34 on 22/06/2010 (HP_Owner)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:35 21/06/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [09:58 07/05/2010]

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\
[email protected] [21:09 18/05/2010]
[email protected] [03:35 19/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:58 07/05/2010]

-=E.O.F=-

#6
ghost_sniper_777

Posted 22 June 2010 - 04:28 PM

Member

Topic Starter
Member
94 posts

17:35:15:421 3784 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:35:15:421 3784 ================================================================================
17:35:15:421 3784 SystemInfo:

17:35:15:421 3784 OS Version: 5.1.2600 ServicePack: 2.0
17:35:15:421 3784 Product type: Workstation
17:35:15:421 3784 ComputerName: YOUR-4F1261A8E5
17:35:15:421 3784 UserName: HP_Owner
17:35:15:421 3784 Windows directory: C:\WINDOWS
17:35:15:421 3784 Processor architecture: Intel x86
17:35:15:421 3784 Number of processors: 1
17:35:15:421 3784 Page size: 0x1000
17:35:15:421 3784 Boot type: Normal boot
17:35:15:421 3784 ================================================================================
17:35:15:718 3784 Initialize success
17:35:15:718 3784
17:35:15:718 3784 Scanning Services ...
17:35:16:000 3784 Raw services enum returned 318 services
17:35:16:015 3784
17:35:16:015 3784 Scanning Drivers ...
17:35:17:046 3784 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:35:17:203 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:35:17:500 3784 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
17:35:17:671 3784 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:35:17:843 3784 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:35:18:593 3784 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:35:19:125 3784 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:35:19:703 3784 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:35:19:875 3784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:35:20:171 3784 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:35:20:359 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:35:20:546 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:35:20:859 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:35:21:156 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:35:21:343 3784 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:35:21:515 3784 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:35:22:359 3784 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:35:22:546 3784 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:35:22:765 3784 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:35:22:937 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:35:23:078 3784 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:35:23:375 3784 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:35:23:562 3784 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:35:23:750 3784 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:35:23:906 3784 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:35:24:078 3784 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:35:24:250 3784 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:35:24:437 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:35:24:609 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:35:24:750 3784 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:35:24:906 3784 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:35:25:062 3784 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:35:25:234 3784 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:35:25:531 3784 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:35:25:687 3784 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:35:25:843 3784 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:35:26:015 3784 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:35:26:468 3784 i8042prt (65b9661066b09bf494e91218523ec72f) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:35:26:468 3784 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 65b9661066b09bf494e91218523ec72f, Fake md5: 5502b58eef7486ee6f93f3f164dcb808
17:35:26:468 3784 File "C:\WINDOWS\system32\DRIVERS\i8042prt.sys" infected by TDSS rootkit ... 17:35:29:500 3784 Backup copy found, using it..
17:35:29:515 3784 will be cured on next reboot
17:35:29:671 3784 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:35:29:984 3784 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:35:30:281 3784 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:35:30:437 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:35:30:609 3784 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:35:30:765 3784 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:35:30:937 3784 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:35:31:109 3784 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:35:31:281 3784 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:35:31:453 3784 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
17:35:31:625 3784 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:35:31:796 3784 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
17:35:31:953 3784 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
17:35:32:125 3784 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:35:32:421 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:35:32:593 3784 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:35:32:750 3784 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:35:32:906 3784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:35:33:078 3784 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:35:33:421 3784 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:35:33:593 3784 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:35:33:781 3784 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:35:33:953 3784 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:35:34:109 3784 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:35:34:265 3784 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:35:34:453 3784 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:35:34:703 3784 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:35:35:156 3784 NAVENG (45035b0783f4eebf13b31f95c644c4a0) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041117.006\NAVENG.Sys
17:35:35:218 3784 NAVEX15 (d9835ec914de095863877fba4ba3b60f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041117.006\NavEx15.Sys
17:35:35:390 3784 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:35:35:562 3784 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:35:35:734 3784 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:35:35:906 3784 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:35:36:078 3784 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:35:36:250 3784 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:35:36:453 3784 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:35:36:640 3784 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:35:36:812 3784 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:35:37:000 3784 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
17:35:37:203 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:35:37:375 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:35:37:546 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:35:37:734 3784 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:35:37:890 3784 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:35:38:078 3784 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:35:38:234 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:35:38:390 3784 PCDRSRVC (f9cb3ee1c3c85d760d2219c9c236dccd) C:\WINDOWS\system32\drivers\PCDRSRVC.pkms
17:35:38:562 3784 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:35:38:859 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:35:39:031 3784 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:35:40:000 3784 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
17:35:40:171 3784 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:35:40:359 3784 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
17:35:40:515 3784 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:35:40:718 3784 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:35:40:875 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:35:41:015 3784 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:35:41:625 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:35:41:781 3784 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:35:41:937 3784 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:35:42:093 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:35:42:250 3784 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:35:42:687 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:35:42:781 3784 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
17:35:42:875 3784 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:35:43:031 3784 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:35:43:156 3784 SAVRT (c5fc1f1f28e01864a903137038acd5c2) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
17:35:43:187 3784 SAVRTPEL (956d3173171f4ccde5820f41de5e14bd) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
17:35:43:343 3784 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:35:43:500 3784 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:35:43:656 3784 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:35:43:828 3784 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:35:44:125 3784 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
17:35:44:296 3784 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:35:44:453 3784 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
17:35:44:640 3784 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
17:35:44:828 3784 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:35:45:093 3784 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:35:45:250 3784 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
17:35:45:421 3784 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:35:45:625 3784 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:35:45:812 3784 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:35:45:984 3784 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:35:46:421 3784 SYMDNS (ee912e097aeece377574a6237aee8bf0) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
17:35:46:546 3784 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
17:35:46:734 3784 SYMFW (c8054d5c05251b0878817e72e0a410f9) C:\WINDOWS\System32\Drivers\SYMFW.SYS
17:35:46:906 3784 SYMIDS (e6104e41ea83bae13f305441b171162d) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
17:35:47:078 3784 SYMNDIS (9e46285fdfa4cf9c2db45da570796b55) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
17:35:47:234 3784 SYMREDRV (ed5f0c723c496d7fe3a5008377be41a9) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:35:47:437 3784 SYMTDI (6557f9879548f1d7a9a059e037820408) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:35:47:890 3784 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:35:48:078 3784 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:35:48:250 3784 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:35:48:406 3784 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:35:48:593 3784 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:35:48:890 3784 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:35:49:203 3784 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:35:49:375 3784 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:35:49:531 3784 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:35:49:703 3784 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:35:49:875 3784 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:35:50:031 3784 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:35:50:187 3784 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:35:50:359 3784 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:35:50:515 3784 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:35:50:671 3784 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:35:50:828 3784 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:35:50:984 3784 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:35:51:156 3784 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:35:51:468 3784 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
17:35:51:484 3784 Reboot required for cure complete..
17:35:51:843 3784 Cure on reboot scheduled successfully
17:35:51:843 3784
17:35:51:843 3784 Completed
17:35:51:843 3784
17:35:51:843 3784 Results:
17:35:51:843 3784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:35:51:843 3784 File objects infected / cured / cured on reboot: 1 / 0 / 1
17:35:51:843 3784
17:35:51:843 3784 KLMD(ARK) unloaded successfully

#7
ghost_sniper_777

Posted 22 June 2010 - 04:37 PM

Member

Topic Starter
Member
94 posts

I posted my results. I'm starting to think that it has something to do with avast. We downloaded it and ran it before windows booted. It quarantined a bunch of stuff. After that, firefox or internet explorer didn't work at ALL. So my wife did Uninstall on avast. Now can access common pages, but once we go to something that you have to enter name/password it gives cannot connect to server error.
Thanks for all your help!

Unable to connect

Firefox can't establish a connection to the server at login.yahoo.com.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

#8
Aaron

Posted 23 June 2010 - 01:05 PM

Expert

Expert
3,155 posts

When did you use Avast? Please do not run any other malware removal tools while we are working on your computer.

Please don't run any other malware removal tools/programs or instructions that I didn't asked for.

Can your please post the logs you have from Avast?

Step 1

Run OTL again:

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
C:\WINDOWS\system32\DRIVERS\i8042prt.sys /md5
```
Then click the Quick Scan button at the top
Let the program run unhindered and post the log it produces in your next reply.

Step 2

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

In your next reply please post the logs of Avast, OTL and GMER
- Maser00

#9
Aaron

Posted 23 June 2010 - 03:52 PM

Expert

Expert
3,155 posts

Please ignore previous post and follow these instructions. (step one is a bit different)

When did you use Avast? Please do not run any other malware removal tools while we are working on your computer.

Please don't run any other malware removal tools/programs or instructions that I didn't asked for.

Can your please post the logs you have from Avast?

Step 1

Run OTL again:

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
i8042prt.sys /md5
```
Then click the Quick Scan button at the top
Let the program run unhindered and post the log it produces in your next reply.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

#10
ghost_sniper_777

Posted 24 June 2010 - 08:45 PM

Member

Topic Starter
Member
94 posts

I did what you told me, and I ran gmer but when saving the log the computer froze(mouse and keyboard not responding) and I had to push button turn it off. Like I said in last post we had avast prior to me joining this forum and then we uninstalled it so no record of log that I know of-didn't think about saving any logs before it got deleted. I can run gmer again, but it takes like 3 hrs each time and I usually work 5am-6pm. I know stuff takes time to figure out, my wife is impatient and says to just do system recovery. I told her this is the most thorough way of getting rid of virus. I'll post new gmer log in next reply.

OTL logfile created on: 6/23/2010 9:45:24 PM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\HP_Owner\Desktop\virus fight\program downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 29.25 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive D: | 39.94 Gb Total Space | 4.71 Gb Free Space | 11.79% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 22:33:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\virus fight\program downloads\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/03/28 18:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2005/05/06 21:17:37 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2004/10/26 00:17:56 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2004/08/31 05:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2004/08/30 21:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/28 02:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/06/21 22:33:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\virus fight\program downloads\OTL.exe
MOD - [2004/08/04 21:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2007/03/28 18:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/31 05:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2004/08/30 21:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/28 02:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/23 22:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

========== Driver Services (SafeList) ==========

DRV - [2007/03/28 18:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 18:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/28 18:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/03/28 18:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/03/28 18:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/03/28 18:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/11/17 12:00:00 | 000,629,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/11/17 12:00:00 | 000,072,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/20 05:14:44 | 000,021,024 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms -- (PCDRSRVC)
DRV - [2004/08/04 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/23 22:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 22:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 19:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 20:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/09/19 11:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 09:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 01:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/21 10:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/21 10:35:17 | 000,000,000 | ---D | M]

[2010/03/22 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/07/19 12:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/06/22 18:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions
[2010/05/18 17:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\[email protected]
[2010/04/18 23:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\[email protected]
[2010/06/21 23:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 05:58:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/07 05:58:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/02/15 00:25:54 | 000,378,447 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13042 more lines...
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/06 21:50:38 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c93902a2-089c-11df-931b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c93902a2-089c-11df-931b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 03:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/22 17:27:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/21 23:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/21 23:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 21:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/21 21:00:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/21 20:59:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/21 20:59:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/21 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/06/21 00:08:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 00:08:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 00:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 00:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/20 22:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/19 22:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Cell phone
[2010/06/19 22:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/19 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sure Delete
[2010/06/19 20:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ministars Software
[2010/06/04 06:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/04 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/03 08:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/03 08:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/01 12:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Court files
[2010/05/30 21:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\court
[2010/05/24 14:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\The Mission 71908
[2010/05/21 17:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Base House
[2010/05/18 17:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/13 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\chmppro
[2010/05/11 17:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\2009 forms
[2010/05/11 17:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\EOG
[2010/05/10 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Cable
[2010/04/26 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/23 12:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InfraRecorder
[2010/04/22 20:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\D MAR10

========== Files - Modified Within 90 Days ==========

[2010/06/23 15:02:01 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/06/22 22:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/22 22:08:35 | 000,078,644 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\boystwoyears.gif
[2010/06/22 18:46:38 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Letter Concerning Alex Jr..doc
[2010/06/22 18:43:37 | 000,073,393 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\20100622182206376.pdf
[2010/06/22 18:19:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/22 18:19:49 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/22 18:19:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/22 18:18:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/21 23:12:14 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/06/21 23:09:29 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/21 21:09:18 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 20:59:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 10:35:22 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 10:35:22 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 01:04:36 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Verification for Travel JBal.doc
[2010/06/20 21:27:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/19 21:13:08 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 19:19:47 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/18 23:37:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 21:17:59 | 000,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/12 00:58:49 | 000,442,072 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\me&robert.tif
[2010/06/08 00:35:34 | 000,000,243 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/04 06:27:45 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/01 20:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2010/05/29 00:39:53 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\30 Day Notice to Landlord.doc
[2010/05/21 16:39:13 | 000,527,825 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Upcoming_Community_Events_5-21-10.pdf
[2010/05/20 22:35:28 | 001,071,218 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\2010 Youth Sports SUMMER CAMPS.pdf
[2010/05/19 18:15:38 | 000,508,267 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Millstone_Y_H_Wk_1.pdf
[2010/05/05 16:26:17 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\budget worksheet.xls
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 09:07:05 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\LimeWire 5.1.4.lnk
[2010/04/25 12:15:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/25 12:05:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/21 13:34:20 | 000,161,658 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1021_Capistrano_Dr.pdf
[2010/04/18 01:13:13 | 000,809,357 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\FY10 CREDO Trifold MAY_SEPT.pdf
[2010/04/15 12:55:22 | 000,093,582 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\DENTIST.tif
[2010/04/10 09:18:52 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\bank info.doc
[2010/04/09 15:03:49 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Pending balance.doc
[2010/04/08 23:16:50 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\bank 4-7-10.doc
[2010/04/07 21:15:30 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Budget 2011.xls

========== Files Created - No Company Name ==========

[2010/06/22 22:08:34 | 000,078,644 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\boystwoyears.gif
[2010/06/22 18:46:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Letter Concerning Alex Jr..doc
[2010/06/22 18:43:37 | 000,073,393 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\20100622182206376.pdf
[2010/06/21 23:11:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/06/21 23:09:29 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/21 10:35:22 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/21 10:35:22 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 01:04:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Verification for Travel JBal.doc
[2010/06/12 00:58:49 | 000,442,072 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\me&robert.tif
[2010/06/04 06:27:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/04 06:27:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/29 00:39:53 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\30 Day Notice to Landlord.doc
[2010/05/21 16:39:12 | 000,527,825 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Upcoming_Community_Events_5-21-10.pdf
[2010/05/20 22:35:28 | 001,071,218 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\2010 Youth Sports SUMMER CAMPS.pdf
[2010/05/19 18:15:38 | 000,508,267 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Millstone_Y_H_Wk_1.pdf
[2010/04/21 13:34:20 | 000,161,658 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1021_Capistrano_Dr.pdf
[2010/04/18 01:13:13 | 000,809,357 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\FY10 CREDO Trifold MAY_SEPT.pdf
[2010/04/15 12:55:22 | 000,093,582 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\DENTIST.tif
[2010/04/09 14:57:26 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Pending balance.doc
[2010/04/08 15:54:34 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\bank 4-7-10.doc
[2010/04/07 18:36:33 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Budget 2011.xls
[2010/03/27 11:19:49 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\bank info.doc
[2010/02/10 04:19:07 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/23 22:07:51 | 000,095,285 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/04/08 02:49:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008/04/08 02:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/02/08 12:06:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/09/30 17:04:05 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/09/09 22:50:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/09/09 22:35:01 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/07/13 10:58:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/14 15:54:42 | 000,000,053 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2007/01/07 02:00:15 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Erin.ini
[2006/11/09 22:48:02 | 001,227,411 | -HS- | C] () -- C:\WINDOWS\csra.ini
[2006/10/12 01:39:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/08 21:35:35 | 000,044,299 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/14 00:25:57 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSC42.ini
[2005/11/15 02:39:14 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/11/14 22:59:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/13 01:23:45 | 000,002,993 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/10/17 16:47:10 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/05/06 21:52:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/06 21:47:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/06 21:47:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/06 21:47:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/06 21:47:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/06 21:47:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/06 21:47:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/06 21:18:03 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/06 21:17:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/06 21:17:38 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/06 21:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 20:52:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/06 20:40:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/06 11:29:35 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/02/04 20:56:42 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 20:56:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 20:56:20 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/16 07:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/07 14:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini

========== LOP Check ==========

[2010/06/20 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/06/15 05:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/04/10 23:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/07 20:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/01/23 20:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/01 20:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\System Restore.job

========== Purity Check ==========

========== Custom Scans ==========

< i8042prt.sys /md5 >
< End of report >

#11
Aaron

Posted 25 June 2010 - 01:31 PM

Expert

Expert
3,155 posts

Hi, formatting your computer isn't bad and will surely clean the malware on your computer but we will be able to clean your computer this way and this is much faster than reinstalling windows. But it's your choice

I think we are almost done cleaning your computer.

Do you also have this problem in Internet explorer?

Step 1

Run OTL again

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2007/09/30 17:04:05 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2006/11/09 22:48:02 | 001,227,411 | -HS- | C] () -- C:\WINDOWS\csra.ini

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the log it produces in your next reply.

Step 2

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#12
ghost_sniper_777

Posted 25 June 2010 - 03:54 PM

Member

Topic Starter
Member
94 posts

while gmer was running today the computer froze and got an error message:

windows-delayed write failed
Windows was unable to save all the data for the file \$Directory. The data has been lost. This error ma be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

I'll follow the steps in your post and hopefully we get somewhere!. Thanks again for all your help!

#13
ghost_sniper_777

Posted 25 June 2010 - 04:27 PM

Member

Topic Starter
Member
94 posts

All processes killed
========== OTL ==========
C:\WINDOWS\uccspecc.sys moved successfully.
C:\WINDOWS\csra.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 904084 bytes
->Temporary Internet Files folder emptied: 266021 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7859431 bytes
->Flash cache emptied: 47819 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 30244 bytes

Total Files Cleaned = 9.00 mb

[EMPTYFLASH]

User: All Users

User: Application Data

User: Default User

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.6.1 log created on 06252010_175853

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ComboFix 10-06-25.01 - HP_Owner 06/25/2010 18:08:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.857 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\virus fight\program downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\program files\outlook
c:\program files\skynet.dat
c:\windows\addins\tnesis.bak1
c:\windows\addins\tnesis.ini
c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\evwaswm.bak1
c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\evwaswm.ini
c:\windows\csra.bak1
c:\windows\Fonts\cacdb.bak1
c:\windows\Fonts\cacdb.bak2
c:\windows\Fonts\cacdb.ini
c:\windows\msagent\c3mp.bak1
c:\windows\msagent\c3mp.ini
c:\windows\msagent\dcm3mp.bak1
c:\windows\msagent\dcm3mp.bak2
c:\windows\msagent\dcm3mp.ini
c:\windows\msagent\itantca.bak1
c:\windows\msagent\itantca.ini
c:\windows\system\avjapc.bak1
c:\windows\system\avjapc.ini
c:\windows\system\hpsysdrv .exe
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\xef.txt
c:\windows\xpsp1hfm.log
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4

((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-22 21:27 . 2010-06-22 21:27 -------- d-----w- C:\_OTL
2010-06-22 03:09 . 2010-06-22 03:09 -------- d-----w- c:\program files\ERUNT
2010-06-21 04:09 . 2010-06-21 04:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-06-21 04:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 04:08 . 2010-06-21 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-21 04:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-21 04:08 . 2010-06-21 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 02:18 . 2010-06-21 02:18 -------- d-----w- c:\program files\Trend Micro
2010-06-20 02:26 . 2010-06-21 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-20 01:06 . 2010-06-20 01:06 -------- d-----w- c:\program files\Sure Delete
2010-06-20 00:27 . 2010-06-20 00:27 -------- d-----w- c:\program files\Ministars Software
2010-06-13 23:10 . 2010-06-13 23:10 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-04 10:27 . 2010-06-19 03:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-04 10:27 . 2010-06-04 10:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-04 10:27 . 2010-06-15 05:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 22:14 . 2004-08-04 18:00 577024 ----a-w- c:\windows\system32\user32.dll
2010-06-22 22:19 . 2004-08-04 18:00 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-06-22 02:44 . 2005-05-07 01:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-22 01:40 . 2009-08-17 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-22 01:38 . 2005-05-07 01:37 -------- d-----w- c:\program files\Symantec
2010-06-20 03:10 . 2005-10-31 01:43 -------- d-----w- c:\program files\Winamp
2010-06-20 03:10 . 2005-05-07 01:14 -------- d-----w- c:\program files\iTunes
2010-06-20 02:26 . 2010-01-12 20:25 -------- d-----w- c:\program files\Alwil Software
2010-06-19 22:56 . 2005-05-07 01:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 02:42 . 2010-05-25 02:42 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4442d99e-n\msvcp71.dll
2010-05-25 02:42 . 2010-05-25 02:42 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6dcfa66b-n\decora-sse.dll
2010-05-25 02:42 . 2010-05-25 02:42 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4442d99e-n\jmc.dll
2010-05-25 02:42 . 2010-05-25 02:42 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4442d99e-n\msvcr71.dll
2010-05-25 02:42 . 2010-05-25 02:42 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6dcfa66b-n\decora-d3d.dll
2010-05-18 21:07 . 2010-05-18 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 09:59 . 2005-05-07 00:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 09:58 . 2010-05-07 09:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-27 19:51 . 2010-05-18 21:07 1180952 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\[email protected]\DivXWebPlayerInstaller.exe
2010-04-27 03:48 . 2010-04-27 03:48 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ecf52c-n\msvcp71.dll
2010-04-27 03:48 . 2010-04-27 03:48 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ecf52c-n\msvcr71.dll
2010-04-27 03:48 . 2010-04-27 03:48 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ecf52c-n\jmc.dll
2010-04-27 03:48 . 2010-04-27 03:48 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-683e859c-n\decora-sse.dll
2010-04-27 03:48 . 2010-04-27 03:48 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-683e859c-n\decora-d3d.dll
.
Infected c:\windows\system32\user32.dll hex repaired

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Winamp\winampa .exe
c:\windows\CREATOR\Remind_XP .exe
c:\windows\SMINST\RECGUARD .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-26 90112]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-5 53248]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-5-6 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31D9B4A9-6FCC-4698-A092-C4C28D017B36}]
jbwonjm.dll [N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2005-05-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-07 07:26]

2010-06-02 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2004-08-04 18:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
SafeBoot-klmdb.sys
AddRemove-KBD - c:\hp\KBD\KBD.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 18:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\ALCXMNTR.EXE
c:\windows\AGRSMMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
c:\program files\InterMute\SpySubtract\SpySub.exe
.
**************************************************************************
.
Completion time: 2010-06-25 18:24:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-25 22:24

Pre-Run: 32,725,295,104 bytes free
Post-Run: 38,364,651,520 bytes free

- - End Of File - - 71D85FD657C0C669DFD2C7C25FFD439F

#14
Aaron

Posted 26 June 2010 - 08:56 AM

Expert

Expert
3,155 posts

Hi again

Please follow these steps:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Winamp\winampa .exe
c:\windows\CREATOR\Remind_XP .exe
c:\windows\SMINST\RECGUARD .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31D9B4A9-6FCC-4698-A092-C4C28D017B36}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 3

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please post the logs of Combofix, Malwarebytes' Anti-Malware and Kaspersky in your next reply.
Are you still experiencing problems now?

- Maser00

#15
ghost_sniper_777

Posted 26 June 2010 - 11:40 AM

Member

Topic Starter
Member
94 posts

Think I found the problem! While trying to run kaspersky I found out that java was jacked and had to be reinstalled. Now I can go to yahoo mail, etc.!

I'm posting combofix log and going to run kaspersky now.

Since I have been on this forum it has NOT redirected me on websites, just not allowed me to log in to sites.

I'll post my log from kaspersky when done.

ComboFix 10-06-25.01 - HP_Owner 06/26/2010 12:30:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.740 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\virus fight\program downloads\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-22 21:27 . 2010-06-22 21:27 -------- d-----w- C:\_OTL
2010-06-22 03:09 . 2010-06-22 03:09 -------- d-----w- c:\program files\ERUNT
2010-06-21 04:09 . 2010-06-21 04:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-06-21 04:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 04:08 . 2010-06-21 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-21 04:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-21 04:08 . 2010-06-21 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 02:18 . 2010-06-21 02:18 -------- d-----w- c:\program files\Trend Micro
2010-06-20 02:26 . 2010-06-21 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-20 01:06 . 2010-06-20 01:06 -------- d-----w- c:\program files\Sure Delete
2010-06-20 00:27 . 2010-06-20 00:27 -------- d-----w- c:\program files\Ministars Software
2010-06-13 23:10 . 2010-06-13 23:10 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-04 10:27 . 2010-06-19 03:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-04 10:27 . 2010-06-04 10:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-04 10:27 . 2010-06-15 05:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 16:30 . 2005-10-31 01:43 -------- d-----w- c:\program files\Winamp
2010-06-26 16:30 . 2005-05-07 01:14 -------- d-----w- c:\program files\iTunes
2010-06-26 16:30 . 2005-05-07 01:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 22:14 . 2004-08-04 18:00 577024 ----a-w- c:\windows\system32\user32.dll
2010-06-22 22:19 . 2004-08-04 18:00 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-06-22 01:40 . 2009-08-17 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-22 01:38 . 2005-05-07 01:37 -------- d-----w- c:\program files\Symantec
2010-06-20 02:26 . 2010-01-12 20:25 -------- d-----w- c:\program files\Alwil Software
2010-06-19 22:56 . 2005-05-07 01:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 02:42 . 2010-05-25 02:42 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4442d99e-n\msvcp71.dll
2010-05-25 02:42 . 2010-05-25 02:42 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6dcfa66b-n\decora-sse.dll
2010-05-25 02:42 . 2010-05-25 02:42 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4442d99e-n\jmc.dll
2010-05-25 02:42 . 2010-05-25 02:42 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4442d99e-n\msvcr71.dll
2010-05-25 02:42 . 2010-05-25 02:42 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6dcfa66b-n\decora-d3d.dll
2010-05-18 21:07 . 2010-05-18 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 09:59 . 2005-05-07 00:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 09:58 . 2010-05-07 09:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-27 19:51 . 2010-05-18 21:07 1180952 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\extensions\[email protected]\DivXWebPlayerInstaller.exe
2010-04-27 03:48 . 2010-04-27 03:48 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ecf52c-n\msvcp71.dll
2010-04-27 03:48 . 2010-04-27 03:48 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ecf52c-n\msvcr71.dll
2010-04-27 03:48 . 2010-04-27 03:48 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45ecf52c-n\jmc.dll
2010-04-27 03:48 . 2010-04-27 03:48 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-683e859c-n\decora-sse.dll
2010-04-27 03:48 . 2010-04-27 03:48 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-683e859c-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-26 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-5 53248]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-5-6 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2005-05-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-07 07:26]

2010-06-02 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2004-08-04 18:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bf0n03bl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 12:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-06-26 12:37:23
ComboFix-quarantined-files.txt 2010-06-26 16:37
ComboFix2.txt 2010-06-25 22:24

Pre-Run: 38,292,803,584 bytes free
Post-Run: 38,280,007,680 bytes free

- - End Of File - - DC1A11841E5DAE529E9EE789576D7C0C