Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Maleware: Rundll32.exe not found & Automatic Updates not turned on

Started by wisesilver , May 17 2011 06:09 PM

  • Please log in to reply

#31
wisesilver
Posted 25 May 2011 - 06:57 AM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :) This is just a progress report to let you know I'm still working on your last directions. I hope to be able to post the logs this afternoon (my time :unsure: ).

1) Thus far I ran MBAM and it found something. I have saved the log to post when I have completed your instructions.
2) I doenloaded AVPTool and ran it. The graphic for how far to select options didn't display so I checked down to and including "Computer". I couldn't recall from my other post if I was supposed to include "Computer". That scan ran over night and was 50% finished this morning. AVP popups kept comming up recommending either quarantine or deletion. I selected the recommended action.

Remaing actions; I still will need to complete your directions from here:
1) Select and post the report
2) run he Analysis Scan
  • 0

Advertisements

#32
Salagubang
Posted 25 May 2011 - 07:03 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:unsure:

AVP popups kept comming up recommending either quarantine or deletion. I selected the recommended action.


Interesting to see what it says. :)
  • 0

#33
wisesilver
Posted 25 May 2011 - 03:17 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :unsure: I have the MBAM Log, the AVPTool log and have attached the AVP Zip file. :)

Here is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6661

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/24/2011 6:30:32 PM
mbam-log-2011-05-24 (18-30-32).txt

Scan type: Full scan (C:\|D:\|I:\|)
Objects scanned: 621765
Time elapsed: 3 hour(s), 36 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the AVPTool Log:
Autoscan: stopped 22 hours ago (events: 2, objects: 3, time: 00:00:15)
5/24/2011 6:40:39 PM Task started
5/24/2011 6:40:54 PM Task stopped
Autoscan: completed 9 minutes ago (events: 35, objects: 1658289, time: 22:16:28)
5/24/2011 6:41:02 PM Task started
5/24/2011 7:29:13 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Bank of America][Subject:Bank of America Customer Service - Tell us what you think][Time:2011/03/01 13:24:39]/HTMLBody
5/24/2011 9:11:48 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Bank of America][Subject:Bank of America Customer Service - Tell us what you think][Time:2011/05/07 21:12:33]/HTMLBody
5/24/2011 9:17:54 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Bank of America][Subject:Bank of America Customer Service - Tell us what you think][Time:2011/05/10 13:36:17]/HTMLBody
5/24/2011 10:45:41 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Chase Bill Management Center][Subject:Critical Changes to Chase Bill Management Account Access][Time:2002/11/06 20:19:47]/HTMLBody
5/24/2011 11:21:25 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:AT&T Universal Card][Subject:Transfer Balances Online With A Low 4.9% APR*][Time:2003/07/10 16:46:44]/HTMLBody
5/24/2011 11:21:56 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Chase Card Member Services][Subject:Welcome Chase Visa Card Member][Time:2005/05/12 14:43:31]/HTMLBody
5/24/2011 11:22:07 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Legg Mason][Subject:Legg Mason's Online Newsletter - March 2005][Time:2005/03/29 11:43:24]/HTMLBody
5/24/2011 11:22:09 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Legg Mason][Subject:Legg Mason's Online Newsletter - April 2005][Time:2005/04/27 08:01:07]/HTMLBody
5/24/2011 11:22:12 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Legg Mason][Subject:Legg Mason's Online Newsletter - May 2005][Time:2005/05/25 08:00:52]/HTMLBody
5/24/2011 11:22:14 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Legg Mason][Subject:Legg Mason's Online Newsletter - June 2005][Time:2005/06/30 08:00:24]/HTMLBody
5/24/2011 11:22:32 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Misc\Financial\Banking\[From:Legg Mason][Subject:Legg Mason's Online Newsletter - August 2005][Time:2005/08/18 08:02:25]/HTMLBody
5/24/2011 11:30:15 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Chase Bill Management Center" <[email protected]>][Subject:Critical Changes to Chase Bill Management Account Access][Time:2002/11/06 20:31:29]/text/html
5/24/2011 11:30:15 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"AT&T Universal Card" <[email protected]>][Subject:Transfer Balances Online With A Low 4.9% APR*][Time:2003/07/10 16:51:28]/text/html
5/24/2011 11:30:17 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Chase Card Member Services" <[email protected]>][Subject:Welcome Chase Visa Card Member][Time:2005/05/12 14:44:51]/text/html
5/24/2011 11:30:18 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Legg Mason" <[email protected]>][Subject:Legg Mason's Online Newsletter - March 2005][Time:2005/03/29 10:45:58]/text/html
5/24/2011 11:30:18 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Legg Mason" <[email protected]>][Subject:Legg Mason's Online Newsletter - April 2005][Time:2005/04/27 08:02:04]/text/html
5/24/2011 11:30:18 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Legg Mason" <[email protected]>][Subject:Legg Mason's Online Newsletter - May 2005][Time:2005/05/25 08:02:15]/text/html
5/24/2011 11:30:18 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Legg Mason" <[email protected]>][Subject:Legg Mason's Online Newsletter - June 2005][Time:2005/06/30 08:02:16]/text/html
5/24/2011 11:30:18 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\Misc\Financial\Banking\[From:"Legg Mason" <[email protected]>][Subject:Legg Mason's Online Newsletter - August 2005][Time:2005/08/18 08:03:10]/text/html
5/25/2011 12:04:10 AM Detected: Trojan-Downloader.JS.Iframe.cer C:\Documents and Settings\COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\3ILBYJ3E\cd[1].htm
5/25/2011 12:08:34 AM Detected: Trojan-Downloader.HTML.Agent.ul C:\Documents and Settings\COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\V36PRNTR\in[1].htm
5/25/2011 12:41:39 AM Detected: HackTool.Win32.PassDic.ay C:\Downloads\Video-Related\WinDVD\ultra_dvdcreator.exe/data0000
5/25/2011 5:48:12 AM Deleted: Trojan-Downloader.HTML.Agent.ul C:\Documents and Settings\COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\V36PRNTR\in[1].htm
5/25/2011 5:48:13 AM Deleted: Trojan-Downloader.JS.Iframe.cer C:\Documents and Settings\COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\3ILBYJ3E\cd[1].htm
5/25/2011 5:48:17 AM Deleted: HackTool.Win32.PassDic.ay C:\Downloads\Video-Related\WinDVD\ultra_dvdcreator.exe
5/25/2011 6:36:56 AM Detected: HackTool.Win32.PassDic.ay C:\System Volume Information\_restore{EF965113-2DBF-4315-B69D-35C5EFCE17BE}\RP1876\A0663092.exe/data0000
5/25/2011 6:37:59 AM Deleted: HackTool.Win32.PassDic.ay C:\System Volume Information\_restore{EF965113-2DBF-4315-B69D-35C5EFCE17BE}\RP1876\A0663092.exe
5/25/2011 7:16:19 AM Detected: HackTool.Win32.PassDic.ay I:\Seagate Backup\WEISS3GIG\C\Downloads\Video-Related\WinDVD\ultra_dvdcreator.exe/data0000
5/25/2011 7:16:57 AM Deleted: HackTool.Win32.PassDic.ay I:\Seagate Backup\WEISS3GIG\C\Downloads\Video-Related\WinDVD\ultra_dvdcreator.exe
5/25/2011 8:40:56 AM Detected: not-a-virus:AdWare.Win32.Gamevance.fmr I:\System Volume Information\_restore{EF965113-2DBF-4315-B69D-35C5EFCE17BE}\RP1875\A0661349.exe
5/25/2011 4:57:22 PM Deleted: not-a-virus:AdWare.Win32.Gamevance.fmr I:\System Volume Information\_restore{EF965113-2DBF-4315-B69D-35C5EFCE17BE}\RP1875\A0661349.exe
5/25/2011 4:57:24 PM Detected: HackTool.Win32.PassDic.ay I:\System Volume Information\_restore{EF965113-2DBF-4315-B69D-35C5EFCE17BE}\RP1876\A0663093.exe/data0000
5/25/2011 4:57:30 PM Deleted: HackTool.Win32.PassDic.ay I:\System Volume Information\_restore{EF965113-2DBF-4315-B69D-35C5EFCE17BE}\RP1876\A0663093.exe
5/25/2011 4:57:31 PM Task completed

Attached Files


  • 0

#34
Salagubang
Posted 25 May 2011 - 04:59 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:)

How the computer running?

  • Re-run AVPTool
  • Select the Manual Disinfection tab
  • Where it states Step 3 paste in the following disinfection script and press execute

    begin
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\System\F-Secure Gatekeeper','EventMessageFile');
 BC_DeleteFile('C:\DOCUME~1\COMPUTER\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys');
 DeleteFile('C:\DOCUME~1\COMPUTER\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys');
 DeleteFile('C:\WINDOWS\hws.exe');
 BC_DeleteFile('C:\WINDOWS\hws.exe');
 DeleteFile('I:\autorun.inf');
 BC_DeleteFile('I:\autorun.inf');
end.
  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

Posted Image

Next

Please open OTL and choose Run Scan, post the log on your next reply for review.
  • 0

#35
wisesilver
Posted 25 May 2011 - 07:40 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :unsure:

My system is running ok. Some of the associations are probably not resolved yet. .Doc MS Word files do not show the correct icon (although they open). And all those financial items in the last AVPTool scan concern me. So, I want to be sure I'm clean before I do anything financial on this computer again.

1) I Ran the script in AVPTool and rebooted.
2) The AVPTool zip file from the Analysis scan is attached. :)
3) Here is the OTL Scan:
OTL logfile created on: 5/25/2011 9:17:23 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\All Users\Desktop\Anti Virus & Spyware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 16.06 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
Drive D: | 21.05 Gb Total Space | 16.88 Gb Free Space | 80.18% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 693.33 Gb Free Space | 74.43% Space Free | Partition Type: NTFS

Computer Name: WEISS3GIG | User Name: COMPUTER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 20:49:41 | 000,695,578 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Local Settings\Temp\_iu14D2N.tmp
PRC - [2011/05/17 19:43:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\Anti Virus & Spyware\OTL.exe
PRC - [2011/04/09 13:59:44 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/03/23 09:51:18 | 000,466,712 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010/03/23 09:51:14 | 001,088,800 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/01 13:17:32 | 000,610,304 | ---- | M] () -- C:\Program Files\Spb Backup\SPBBackupSync.exe
PRC - [2009/08/25 13:27:26 | 000,142,200 | ---- | M] (Ilium Software, Inc.) -- C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:54:18 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/05/21 21:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/05/21 21:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/07/30 14:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/07/30 14:23:02 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/06/06 11:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/06 11:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2005/08/26 13:11:14 | 000,169,552 | ---- | M] (PKWARE, Inc.) -- C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
PRC - [2005/01/27 19:16:58 | 000,856,064 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/03/09 15:56:26 | 000,073,728 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\system32\3cmlink.exe
PRC - [2004/03/09 15:54:28 | 000,049,152 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\system32\3cshtdwn.exe
PRC - [2001/09/10 09:08:40 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
PRC - [2000/06/19 09:51:16 | 000,031,744 | ---- | M] () -- C:\Program Files\TextBridge Pro 9.0\Bin\InstantAccess.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 20:56:30 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2011/05/17 19:43:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\Anti Virus & Spyware\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2000/06/19 09:51:00 | 000,139,264 | ---- | M] () -- C:\Program Files\TextBridge Pro 9.0\Bin\Tbmhook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/05/21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 22:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/07/30 14:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/06/06 11:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2005/01/27 19:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/01/27 19:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (utqyody4)
DRV - File not found [File_System | Unknown | Running] -- -- (setup_9.0.0.722_25.05.2011_00-24drv)
DRV - File not found [Kernel | Unknown | Running] -- -- (69464372)
DRV - File not found [Kernel | Disabled | Running] -- -- (69464371)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/05 16:56:52 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2009/07/15 14:48:36 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009/07/15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/05/05 16:25:12 | 000,055,936 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2009/03/12 23:11:13 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/12 23:11:13 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/12 23:11:08 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/03/12 23:11:06 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2007/08/28 09:48:24 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007/02/09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/09 11:59:36 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/11/09 11:59:36 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/27 19:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/01/27 19:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/01/27 13:07:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/12 21:28:04 | 000,116,224 | ---- | M] (InterVideo) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IviUdf.sys -- (iviudf)
DRV - [2005/01/12 07:29:28 | 000,038,784 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ivicd.sys -- (ivicd)
DRV - [2004/10/19 19:06:48 | 000,008,320 | R--- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbfshook.sys -- (SBFSHOOK)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/09 15:58:06 | 000,329,088 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
DRV - [2003/10/28 16:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 14:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [1999/06/30 03:49:10 | 000,023,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ppsio2.sys -- (ppsio2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/02/26 00:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/04/23 09:30:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/03 13:57:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 23:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/23 09:30:58 | 000,000,000 | ---D | M]

[2008/12/16 19:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Extensions
[2008/06/27 11:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Extensions\[email protected]
[2011/04/26 21:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions
[2011/02/12 18:21:45 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/13 13:46:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 14:55:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/27 14:55:37 | 000,000,000 | ---D | M] (eMusic Community Toolbar) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
[2011/03/27 14:55:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\[email protected]
[2010/02/10 13:24:51 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Documents and Settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\[email protected]
[2011/03/27 14:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/07 17:14:02 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/09/07 17:14:02 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/09/07 17:14:02 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/04/30 23:28:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/19 22:29:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [\\WEISSKIDS2\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\Weisskids2\EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [3c1807pd] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus CX3800 Series on HME-VJQDGJMFP3P] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstantAccess] C:\Program Files\TextBridge Pro 9.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Converter 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\nbj.exe (Ahead Software AG)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe (Ilium Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe (PKWARE, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SPB Backup Sync.lnk = C:\Program Files\Spb Backup\SPBBackupSync.exe ()
O4 - Startup: C:\Documents and Settings\COMPUTER\Start Menu\Programs\Startup\ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe (Ilium Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1134874155827 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1193394449812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} http://support.f-sec...3beta/fscax.cab (F-Secure Online Scanner 3.2)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://penncamera.li...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/23 17:39:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/25 20:56:17 | 000,000,067 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 21:16:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/24 18:34:32 | 120,298,304 | ---- | C] ( ) -- C:\Documents and Settings\COMPUTER\Desktop\setup_9.0.0.722_25.05.2011_00-24.exe
[2011/05/20 21:15:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/20 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 21:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/20 21:15:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/20 21:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/19 22:36:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/16 18:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/08 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/08 17:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/08 17:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/08 17:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 21:14:29 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2D7F88AD-663C-43AA-AC8C-6D71D20ED591}.job
[2011/05/25 20:56:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 20:56:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 20:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 20:55:57 | 2146,226,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 16:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 18:34:18 | 120,298,304 | ---- | M] ( ) -- C:\Documents and Settings\COMPUTER\Desktop\setup_9.0.0.722_25.05.2011_00-24.exe
[2011/05/23 21:44:46 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 23:51:59 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2011/05/20 20:14:13 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2011/05/19 22:29:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/14 10:49:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\prvlcl.dat
[2011/05/13 18:33:52 | 000,012,942 | -HS- | M] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\l1mt4nci68jk2ni176
[2011/05/13 18:33:52 | 000,012,942 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\l1mt4nci68jk2ni176
[2011/05/11 08:07:04 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/08 21:44:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/05/08 17:32:05 | 000,001,551 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/08 17:30:12 | 000,154,624 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 10:03:06 | 000,000,077 | ---- | M] () -- C:\WINDOWS\mydebug.ini
[2011/05/07 09:57:46 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\PaperPort.lnk
[2011/05/06 22:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/27 20:31:30 | 000,272,896 | ---- | M] () -- C:\Documents and Settings\COMPUTER\My Documents\Vol Cal June11.cal
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 21:24:16 | 2146,226,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/20 21:15:05 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 18:31:44 | 000,012,942 | -HS- | C] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\l1mt4nci68jk2ni176
[2011/05/13 18:31:44 | 000,012,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l1mt4nci68jk2ni176
[2011/05/08 17:32:05 | 000,001,551 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/26 11:15:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/02/26 11:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/02/20 22:24:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 09:13:20 | 000,751,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1563985344-725345543-1003-0.dat
[2011/02/13 22:45:23 | 000,714,750 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/10/03 13:50:26 | 000,206,789 | ---- | C] () -- C:\WINDOWS\hpoins35.dat
[2010/10/03 13:50:26 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat
[2010/08/01 12:52:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 12:52:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/23 09:51:40 | 000,223,016 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/03/23 09:51:16 | 000,252,696 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2009/12/26 16:12:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\prvlcl.dat
[2009/10/20 21:39:41 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/06 15:30:46 | 000,011,444 | ---- | C] () -- C:\Documents and Settings\COMPUTER\Application Data\Microsoft Excel.TSK
[2009/04/19 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/04/19 20:31:43 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/19 20:31:43 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/03/15 22:36:38 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2009/03/08 12:21:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/08 12:21:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/08 12:21:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/10 01:36:45 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/01/10 01:36:33 | 000,028,324 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/12/26 16:40:23 | 000,019,791 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2008/12/26 16:40:23 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2008/12/26 16:35:52 | 000,019,349 | ---- | C] () -- C:\WINDOWS\HPHins02.dat.temp
[2008/12/26 16:35:52 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat.temp
[2008/12/26 16:35:28 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2008/12/26 16:35:22 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2008/12/07 14:45:43 | 007,764,768 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/07 14:45:43 | 000,225,056 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/04/13 16:53:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2008/04/13 16:53:07 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/03/24 09:47:02 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\COMPUTER\Application Data\userdic.tlx
[2007/12/28 22:32:03 | 000,000,172 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2007/12/01 11:05:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\COMPUTER\Application Data\$_hpcst$.hpc
[2007/06/06 19:58:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80.dll
[2006/09/20 20:05:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/15 20:24:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/07/31 12:00:41 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Visit our web site at www.developerone.com for more great software solutions!
[2006/04/09 12:39:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/01 18:52:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/04/01 18:52:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/04/01 18:52:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/04/01 18:52:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/04/01 18:52:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/04/01 18:52:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/04/01 18:52:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/04/01 18:52:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/04/01 18:52:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/04/01 18:52:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/04/01 18:52:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/04/01 18:52:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/04/01 18:52:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/04/01 18:52:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/04/01 18:46:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2006/02/04 17:24:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/31 22:26:20 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/01/17 23:21:52 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2006/01/17 23:20:35 | 000,000,082 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/01/15 15:56:07 | 000,008,320 | R--- | C] () -- C:\WINDOWS\System32\drivers\sbfshook.sys
[2006/01/15 15:53:44 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2006/01/15 15:53:19 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HMD.exe
[2006/01/15 15:53:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/15 15:53:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/15 15:53:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/15 15:53:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/15 15:53:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/15 15:53:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/15 15:52:05 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2006/01/15 15:51:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2006/01/15 14:27:01 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2006/01/15 13:54:24 | 000,000,242 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/01/15 13:45:36 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/15 13:09:10 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\Pixpcz.dll
[2006/01/15 13:09:10 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\Pixpnr.dll
[2006/01/15 13:09:09 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\Setbrows.exe
[2006/01/15 12:51:48 | 000,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2006/01/15 12:36:14 | 000,023,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\ppsio2.sys
[2006/01/14 22:40:09 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/03/27 13:29:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/27 13:29:39 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/27 13:29:19 | 000,002,872 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/26 23:19:43 | 000,154,624 | ---- | C] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/26 20:32:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\nwt.sys
[2005/03/26 19:47:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2003/02/11 10:58:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/10 17:30:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2002/03/23 18:18:40 | 000,036,911 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.dll
[2002/03/23 17:41:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/03/23 17:37:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/03/19 19:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 18:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2001/12/31 21:03:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/12/31 21:02:49 | 001,141,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/28 14:44:58 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,508,316 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,090,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/02/23 12:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/12/03 06:20:00 | 000,335,360 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[1997/12/01 03:05:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe

< End of report >

Attached Files


  • 0

#36
Salagubang
Posted 25 May 2011 - 10:38 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

And all those financial items in the last AVPTool scan concern me. So, I want to be sure I'm clean before I do anything financial on this computer again.


I am sorry to be the one to give you bad news but one or more of the identified infections is a backdoor trojan.

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
In addition to the backdoor Trojan that has been identified, your computer is afflicted with multiple other infections. Although we can make an attempt to clean this machine, we cannot guarantee that it will be secure afterwards. Your best and safest course of action is a reformat and reinstallation of the Windows operating system.

If you do decide against a reformat, do understand that although we may be able to remove all known visible malware, we cannot guarantee that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damages it may possibly have caused to vital system files.

Please note that even if we should be successful in removing these infections from your system, it is quite possible that the changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
  • 0

#37
wisesilver
Posted 26 May 2011 - 09:20 AM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang :)

Ouch! :yes: :)
  • Can you determine when I was infected? :unsure:
  • A lot of the VPLTool scans seem to be Outlook – was more than email or Outlook infected?
  • Just curious, what types of things in the OTL Log indicate I’m infected? ;)
  • Do you have suggestions for capturing all my data for use for rebuilding:

    • After disconnecting my internet connection, can i safely copy all data in safe mode to my external drive?
    • Or must i place internal drive in a clam shell converting it to an external drive?
  • Making sure data is safe before reintroducing it. I’ll want to be sure I have clean files before I introduce them to a new build or new machine. All the data files such as: .pst, word (.doc & .docx), excel, graphics files, etc.

    • Do you have a recommended scan utility for this data before I introduce it to a new machine?
  • Maybe I need to rethink what I’m using for protection. Maybe AVG, Super antispyware, and MBAM are not enough.

  • 0

#38
Salagubang
Posted 27 May 2011 - 05:14 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi wisesilver,

Sorry about the delay.

1.

Can you determine when I was infected? :)


Can't say when exactly; the time stamp in one the created malware files was dated 05/13.

2.

A lot of the VPLTool scans seem to be Outlook – was more than email or Outlook infected?


One of the infectre is called UltraDVDCreator while most fraud email from you inbox.


Just curious, what types of things in the OTL Log indicate I’m infected? :unsure:

[2011/05/13 18:31:44 | 000,012,942 | -HS- | C] () -- C:\Documents and Settings\COMPUTER\Local Settings\Application Data\l1mt4nci68jk2ni176
[2011/05/13 18:31:44 | 000,012,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l1mt4nci68jk2ni176
[2006/01/15 15:53:19 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HWS.exe
[2006/01/15 15:53:19 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HMD.exe


Do you have suggestions for capturing all my data for use for rebuilding:

After disconnecting my internet connection, can i safely copy all data in safe mode to my external drive?
Or must i place internal drive in a clam shell converting it to an external drive?

Making sure data is safe before reintroducing it. I’ll want to be sure I have clean files before I introduce them to a new build or new machine. All the data files such as: .pst, word (.doc & .docx), excel, graphics files, etc.


The steps for performing a full reinstall can be found here.

Summary of what you need to do when reinstalling:

Backup any data that you want to save onto external media such as DVD's, USB Sticks, External HDD's etc
Reinstall Windows (using the disc)
Install all the drivers (so your Sound, Ethernet port, Graphics etc work as they should)
Download any remaining Windows Updates
Copy your data back over to the Hard Drive and reinstall any programs that you want back on
Another guide on reinstalling XP is found here and that contains good details on the steps and shows you screenshots as well. You would just need to read from the Steps to Clean Install XP section on that webpage. Most of the screenshots there will be very similar to the ones you will see when running through the Dell CD.

Remember though, backup your data before reinstalling as they will all be removed as part of the reinstallation. Most people will backup items such as Pictures, Documents, Music, Favourites, Emails etc. You can't backup programs though, as the files associated with the programs are installed in a number of different places on the PC, including the registry. So programs such as Digital Camera software, printer software, Office programs etc will need to be installed from a disc or downloaded, once XP has been reinstalled.

Let me know how you get on or if you have any questions.


Do you have a recommended scan utility for this data before I introduce it to a new machine?
Maybe I need to rethink what I’m using for protection. Maybe AVG, Super antispyware, and MBAM are not enough.


They're a very combination. What is lacking is a good firewall program. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For most users the default Windows Firewall is acceptable for basic security, but if you would like a more in-depth firewall with more features I would recommend these--

Click Here for Comodo Personal Firewall
Click Here for Sunbelt Personal Firewall

Finally your best protection is knowledge, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#39
wisesilver
Posted 28 May 2011 - 02:41 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :) We ordered a new Windows 7 PC and will scan the data backups before reintroducing them. Thank you for your assistance. :unsure:
  • 0

#40
Salagubang
Posted 28 May 2011 - 05:36 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
You're welcome. :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP