View Full Version : HI-JACKED BY Anti Virus Pro 2010 Scareware
NolaBudMan13
11 Sep 2009, 12:21am
Anyone have a clue how to remove this ???? It's disabled all my anti-virus,spyware, "hi-jack this" as well as my "admin rights" on my desktop. Can't even open my task manager ... HELP !?!?!?!?!
NolaBudMan13
11 Sep 2009, 1:32am
Downloaded OTS ... only scan I could run. Trying to post log but it says it's too long by 20,000 characters. Try and post it in 2 comments ...
[code]
OTS logfile created on: 9/10/2009 7:12:47 PM - Run 1
OTS by OldTimer - Version 3.0.12.0 Folder = K:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.48 Mb Total Physical Memory | 583.86 Mb Available Physical Memory | 60.91% Memory free
2.26 Gb Paging File | 1.96 Gb Available in Paging File | 86.78% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.50 Gb Total Space | 151.23 Gb Free Space | 85.20% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 979.05 Mb Total Space | 865.66 Mb Free Space | 88.42% Space Free | Partition Type: FAT32
Computer Name: KABANG13
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/07/03 09:49:06 | 00,520,024 | ---- | M] (Lavasoft)
arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft)
ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpsysdrv.exe -> c:\windows\system\hpsysdrv.exe -> [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe -> [2005/08/27 03:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\HP\KBD\KBD.EXE -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
ots.exe -> K:\OTS.exe -> [2009/09/10 19:06:58 | 00,516,096 | ---- | M] (OldTimer Tools)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2004/08/09 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
[Win32 Services - Safe List]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -> [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -> [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(lavasoft ad-aware service) lavasoft ad-aware service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
(sdauxservice) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(sdcoreservice) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/07/13 16:29:29 | 01,174,152 | ---- | M] (Symantec Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
{bf56a325-23f2-42ad-f4e4-00aac39caa53} [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [C:\WINDOWS\system32\tajf83ikdmf.dll] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [MSN Toolbar] -> [2009/02/09 21:33:14 | 00,082,768 | ---- | M] (Microsoft Corp.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 20:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft)
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
"HP Software Update" -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/16 00:34:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 01:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"KBD" -> C:\HP\KBD\KBD.EXE [C:\HP\KBD\KBD.EXE] -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"Microsoft Default Manager" -> C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ["C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume] -> [2009/02/03 13:05:02 | 00,233,304 | ---- | M] (Microsoft Corp.)
"MSConfig" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto] -> [2008/04/13 19:12:27 | 00,169,984 | ---- | M] (Microsoft Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/10/07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"PCDrProfiler" -> C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe ["C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r] -> File not found
"Recguard" -> C:\WINDOWS\SMINST\RECGUARD.EXE [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/23 00:14:00 | 00,237,568 | ---- | M] ()
"Reminder" -> C:\Windows\Creator\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> [2004/12/14 04:23:44 | 00,663,552 | ---- | M] (SoftThinks)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/03/08 06:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"tadekihih" -> C:\WINDOWS\System32\fiseziju.DLL [Rundll32.exe "c:\windows\system32\fiseziju.dll",a] -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
"TkBellExe" -> ["realsched.exe" -osboot] -> File not found
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
"winupdate.exe" -> C:\WINDOWS\System32\winupdate.exe [C:\WINDOWS\system32\winupdate.exe] -> [2009/09/09 21:46:52 | 00,044,970 | -HS- | M] ()
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
"Windows System Recover!" -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\spoolsv.exe] -> [2009/09/10 17:52:58 | 00,022,532 | -H-- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoFolderOptions" -> [1] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [1] -> File not found
\\"DisableTaskMgr" -> [1] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Translate English Word -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Backward Links -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cached Snapshot of Page -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmcache.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
Similar Pages -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate Page into English -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &Maps -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &SMS -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Button: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Menu: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E908B145-C847-4e85-B315-07E2E70DECF8}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab [VerifyGMN Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156614833598 [MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5F2081DF-EABA-47AD-916E-16C7DAA761B9}\\DhcpNameServer -> 192.168.2.1 (Belkin Wireless G Plus MIMO USB Network Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{BE5485AA-FD3B-429B-B68F-1AF97420330E}\\DhcpNameServer -> 192.168.2.1 () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
c:\windows\system32\fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
guzuyavu.dll -> C:\WINDOWS\System32\guzuyavu.dll -> [2009/06/10 09:47:52 | 00,050,176 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [gudelogob] -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"" [HKLM] -> Reg Error: Key error. [C:\WINDOWS\system32\tajf83ikdmf.dll] -> File not found
"{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}" [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [ghya673gidh87we9inkff] -> File not found
"{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [kupuhivus] -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
"ThreadingModel" [HKLM] -> Reg Error: Key error. [Apartment] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM] -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 04:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 04:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 04:11:50 | 00,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\HP Rhapsody\rhapsody.exe" -> C:\Program Files\HP Rhapsody\rhapsody.exe [C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody] -> [2005/11/17 05:01:08 | 05,627,904 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 06:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 04:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 03:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 03:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 03:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 04:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2005/09/21 06:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2005/12/15 21:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2005/09/21 06:40:04 | 00,196,608 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2005/12/15 21:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2005/12/15 20:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 03:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/10 01:41:28 | 00,573,440 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/10 01:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort] -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Piolet\Piolet.exe" -> C:\Program Files\Piolet\Piolet.exe [C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet] -> [2008/07/04 08:45:02 | 01,733,120 | ---- | M] (MP2P Technologies.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:explorer] -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\dllhost.exe" -> C:\WINDOWS\System32\dllhost.exe [C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost] -> [2008/04/13 19:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\spoolsv.exe" -> C:\WINDOWS\System32\spoolsv.exe [C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv] -> [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" -> C:\WINDOWS\System32\wbem\wmiprvse.exe [C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse] -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\System32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation)
NolaBudMan13
11 Sep 2009, 1:33am
Part 2 of OTS scan ...
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/05/25 05:34:11 | 00,000,100 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 14 Days]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
LastGood -> C:\WINDOWS\LastGood -> [2009/09/10 19:10:37 | 00,000,000 | ---D | C]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/10 19:08:42 | 00,002,148 | ---- | C] ()
{EF63305C-BAD7-4144-9208-D65528260864} -> C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} -> [2009/09/10 19:05:52 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/09/10 19:05:51 | 00,000,922 | ---- | C] ()
Lavasoft -> C:\Program Files\Lavasoft -> [2009/09/10 19:05:44 | 00,000,000 | ---D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/10 19:00:16 | 10,051,13344 | -HS- | C] ()
Malwarebytes -> C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes -> [2009/09/10 18:28:16 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/09/10 18:28:09 | 00,000,000 | ---D | C]
~0 -> C:\Documents and Settings\All Users\Application Data\~0 -> [2009/09/10 01:49:43 | 00,000,000 | -H-D | C]
Oberon Media -> C:\Documents and Settings\HP_Administrator\My Documents\Oberon Media -> [2009/09/10 01:42:11 | 00,000,000 | ---D | C]
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/09/09 23:14:34 | 00,159,600 | ---- | C] (PC Tools)
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/09/09 23:14:24 | 00,206,256 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/09/09 23:14:24 | 00,086,888 | ---- | C] (PC Tools)
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/09/09 23:14:24 | 00,007,396 | ---- | C] ()
pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2009/09/09 23:14:12 | 00,064,392 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/09/09 23:14:12 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\HP_Administrator\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
60e682b77c77cf96df -> C:\60e682b77c77cf96df -> [2009/09/09 22:59:11 | 00,000,000 | -H-D | C]
ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf -> [2009/09/09 22:58:13 | 00,018,530 | ---- | C] ()
husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys -> [2009/09/09 22:58:13 | 00,018,417 | ---- | C] ()
nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif -> [2009/09/09 22:58:13 | 00,018,380 | ---- | C] ()
likamosu.exe -> C:\Program Files\Common Files\likamosu.exe -> [2009/09/09 22:58:13 | 00,013,940 | ---- | C] ()
ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf -> [2009/09/09 22:58:13 | 00,013,835 | ---- | C] ()
boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat -> [2009/09/09 22:58:13 | 00,013,809 | ---- | C] ()
ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys -> [2009/09/09 22:58:13 | 00,013,037 | ---- | C] ()
oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat -> [2009/09/09 22:58:13 | 00,012,653 | ---- | C] ()
umykyh.dll -> C:\WINDOWS\umykyh.dll -> [2009/09/09 22:58:13 | 00,012,124 | ---- | C] ()
emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban -> [2009/09/09 22:58:13 | 00,011,487 | ---- | C] ()
delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib -> [2009/09/09 22:58:13 | 00,011,024 | ---- | C] ()
naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg -> [2009/09/09 22:58:13 | 00,010,996 | ---- | C] ()
fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif -> [2009/09/09 22:58:13 | 00,010,569 | ---- | C] ()
usegic.scr -> C:\Documents and Settings\All Users\Documents\usegic.scr -> [2009/09/09 22:58:13 | 00,010,097 | ---- | C] ()
kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy -> [2009/09/09 22:58:12 | 00,015,406 | ---- | C] ()
vozu.lib -> C:\WINDOWS\vozu.lib -> [2009/09/09 22:58:12 | 00,012,603 | ---- | C] ()
ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com -> [2009/09/09 21:48:09 | 00,019,751 | ---- | C] ()
silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl -> [2009/09/09 21:48:09 | 00,018,449 | ---- | C] ()
teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl -> [2009/09/09 21:48:09 | 00,018,269 | ---- | C] ()
uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat -> [2009/09/09 21:48:09 | 00,017,643 | ---- | C] ()
aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr -> [2009/09/09 21:48:09 | 00,017,305 | ---- | C] ()
kacynus.ban -> C:\WINDOWS\kacynus.ban -> [2009/09/09 21:48:09 | 00,017,174 | ---- | C] ()
ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin -> [2009/09/09 21:48:09 | 00,016,740 | ---- | C] ()
upuk.db -> C:\Program Files\Common Files\upuk.db -> [2009/09/09 21:48:09 | 00,016,129 | ---- | C] ()
tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl -> [2009/09/09 21:48:09 | 00,015,947 | ---- | C] ()
aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db -> [2009/09/09 21:48:09 | 00,015,633 | ---- | C] ()
ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat -> [2009/09/09 21:48:09 | 00,015,450 | ---- | C] ()
zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat -> [2009/09/09 21:48:09 | 00,014,519 | ---- | C] ()
yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg -> [2009/09/09 21:48:09 | 00,013,976 | ---- | C] ()
fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif -> [2009/09/09 21:48:09 | 00,012,111 | ---- | C] ()
hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl -> [2009/09/09 21:48:09 | 00,010,577 | ---- | C] ()
riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat -> [2009/09/09 21:48:09 | 00,010,203 | ---- | C] ()
13958284 -> C:\Documents and Settings\All Users\Application Data\13958284 -> [2009/09/09 21:46:56 | 00,000,000 | ---D | C]
winupdate.exe -> C:\WINDOWS\System32\winupdate.exe -> [2009/09/09 21:46:54 | 00,044,970 | -HS- | C] ()
Minidump -> C:\WINDOWS\Minidump -> [2009/09/09 21:40:54 | 00,000,000 | ---D | C]
UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys -> [2009/09/09 21:39:53 | 00,050,688 | ---- | C] ()
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:07 | 00,198,948 | ---- | C] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:13 | 00,123,376 | ---- | C] ()
hpwmdl12.dat -> C:\WINDOWS\hpwmdl12.dat -> [2009/09/08 19:35:13 | 00,001,325 | ---- | C] ()
AVG8 -> C:\Documents and Settings\HP_Administrator\Application Data\AVG8 -> [2009/09/05 14:24:58 | 00,000,000 | ---D | C]
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | C] ()
[Files/Folders - Modified Within 14 Days]
793 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
8 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
rekesetu -> C:\WINDOWS\System32\rekesetu -> [2009/09/10 19:14:16 | 00,011,168 | -H-- | M] ()
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2009/09/10 19:14:12 | 00,076,416 | ---- | M] ()
hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2009/09/10 19:10:47 | 00,000,188 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/10 19:09:50 | 00,002,148 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/09/10 19:09:42 | 00,000,472 | ---- | M] ()
Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2009/09/10 19:08:57 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/10 19:08:47 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/09/10 19:08:39 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/10 19:08:33 | 10,051,13344 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\HP_Administrator\ntuser.dat -> [2009/09/10 19:06:31 | 05,242,880 | ---- | M] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/09/10 19:05:51 | 00,000,922 | ---- | M] ()
Perflib_Perfdata_538.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_538.dat -> [2009/09/10 19:00:34 | 00,016,384 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/09/10 18:58:17 | 00,000,792 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/09/10 18:58:17 | 00,000,279 | RHS- | M] ()
System.ini -> C:\WINDOWS\System.ini -> [2009/09/10 18:58:17 | 00,000,264 | ---- | M] ()
IrfanView.lnk -> C:\Documents and Settings\All Users\Desktop\IrfanView.lnk -> [2009/09/10 18:54:13 | 00,000,959 | ---- | M] ()
notepad.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\notepad.exe -> [2009/09/10 17:53:00 | 00,022,532 | -H-- | M] ()
winlogon.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winlogon.exe -> [2009/09/10 17:52:59 | 00,022,532 | -H-- | M] ()
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\setup.exe -> [2009/09/10 17:52:59 | 00,022,532 | -H-- | M] ()
spoolsv.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe -> [2009/09/10 17:52:58 | 00,022,532 | -H-- | M] ()
login.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\login.exe -> [2009/09/10 17:52:58 | 00,022,532 | -H-- | M] ()
1833564672.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1833564672.exe -> [2009/09/10 17:52:53 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_248.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_248.dat -> [2009/09/10 17:52:17 | 00,016,384 | ---- | M] ()
svchost.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe -> [2009/09/10 16:09:10 | 00,022,532 | -H-- | M] ()
smss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\smss.exe -> [2009/09/10 16:09:08 | 00,022,532 | -H-- | M] ()
3979011612.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3979011612.exe -> [2009/09/10 16:09:04 | 00,022,528 | ---- | M] ()
mdm.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mdm.exe -> [2009/09/10 12:58:41 | 00,022,532 | -H-- | M] ()
lsass.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lsass.exe -> [2009/09/10 12:58:40 | 00,022,532 | -H-- | M] ()
1373161308.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1373161308.exe -> [2009/09/10 12:58:37 | 00,022,528 | ---- | M] ()
taskmgr.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\taskmgr.exe -> [2009/09/10 09:48:15 | 00,022,532 | -H-- | M] ()
install.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.exe -> [2009/09/10 09:48:15 | 00,022,532 | -H-- | M] ()
3063997050.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3063997050.exe -> [2009/09/10 09:48:10 | 00,022,528 | ---- | M] ()
webofefa.dll -> C:\WINDOWS\System32\webofefa.dll -> [2009/09/10 09:47:50 | 00,050,176 | -HS- | M] ()
fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
hidujuku.dll -> C:\WINDOWS\System32\hidujuku.dll -> [2009/09/10 09:47:20 | 00,037,376 | -HS- | M] ()
services.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\services.exe -> [2009/09/10 06:37:46 | 00,022,532 | -H-- | M] ()
system.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\system.exe -> [2009/09/10 06:37:45 | 00,022,532 | -H-- | M] ()
97521746.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\97521746.exe -> [2009/09/10 06:37:39 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_2a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2a4.dat -> [2009/09/10 06:36:36 | 00,016,384 | ---- | M] ()
debug.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\debug.exe -> [2009/09/10 05:03:59 | 00,022,532 | -H-- | M] ()
16315344.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\16315344.exe -> [2009/09/10 05:03:55 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_674.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_674.dat -> [2009/09/10 01:52:23 | 00,016,384 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/10 01:43:21 | 00,081,408 | ---- | M] ()
mpengine.dll16921f29 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dll16921f29 -> [2009/09/10 01:11:03 | 05,395,280 | ---- | M] (Microsoft Corporation)
mpengine.dllce7daabe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dllce7daabe -> [2009/09/10 01:10:52 | 05,395,280 | ---- | M] (Microsoft Corporation)
csrss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrss.exe -> [2009/09/10 01:04:10 | 00,022,532 | -H-- | M] ()
2016453408.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2016453408.exe -> [2009/09/10 01:04:03 | 00,022,528 | ---- | M] ()
3660483204.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3660483204.exe -> [2009/09/10 00:59:40 | 00,022,528 | ---- | M] ()
win.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win.exe -> [2009/09/10 00:11:39 | 00,022,532 | -H-- | M] ()
winamp.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winamp.exe -> [2009/09/10 00:11:38 | 00,022,532 | -H-- | M] ()
569818230.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\569818230.exe -> [2009/09/10 00:11:33 | 00,022,528 | ---- | M] ()
mPlayer.3.0.9.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mProjector1838663841\mPlayer.3.0.9.dll -> [2009/09/10 00:00:37 | 00,122,880 | ---- | M] ()
FriendFinder Messenger v4.1.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\FriendFinder Messenger v4.1.lnk -> [2009/09/10 00:00:37 | 00,002,557 | ---- | M] ()
1983157618.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1983157618.exe -> [2009/09/09 23:52:29 | 00,022,528 | ---- | M] ()
mpengine.dll5a6d0e74 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dll5a6d0e74 -> [2009/09/09 23:29:59 | 05,395,280 | ---- | M] (Microsoft Corporation)
mpengine.dlla7674c67 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dlla7674c67 -> [2009/09/09 22:59:02 | 05,395,280 | ---- | M] (Microsoft Corporation)
mpengine.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dll -> [2009/09/09 22:58:43 | 05,395,280 | ---- | M] (Microsoft Corporation)
ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf -> [2009/09/09 22:58:13 | 00,018,530 | ---- | M] ()
husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys -> [2009/09/09 22:58:13 | 00,018,417 | ---- | M] ()
nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif -> [2009/09/09 22:58:13 | 00,018,380 | ---- | M] ()
likamosu.exe -> C:\Program Files\Common Files\likamosu.exe -> [2009/09/09 22:58:13 | 00,013,940 | ---- | M] ()
ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf -> [2009/09/09 22:58:13 | 00,013,835 | ---- | M] ()
boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat -> [2009/09/09 22:58:13 | 00,013,809 | ---- | M] ()
ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys -> [2009/09/09 22:58:13 | 00,013,037 | ---- | M] ()
oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat -> [2009/09/09 22:58:13 | 00,012,653 | ---- | M] ()
umykyh.dll -> C:\WINDOWS\umykyh.dll -> [2009/09/09 22:58:13 | 00,012,124 | ---- | M] ()
emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban -> [2009/09/09 22:58:13 | 00,011,487 | ---- | M] ()
delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib -> [2009/09/09 22:58:13 | 00,011,024 | ---- | M] ()
naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg -> [2009/09/09 22:58:13 | 00,010,996 | ---- | M] ()
fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif -> [2009/09/09 22:58:13 | 00,010,569 | ---- | M] ()
usegic.scr -> C:\Documents and Settings\All Users\Documents\usegic.scr -> [2009/09/09 22:58:13 | 00,010,097 | ---- | M] ()
kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy -> [2009/09/09 22:58:12 | 00,015,406 | ---- | M] ()
vozu.lib -> C:\WINDOWS\vozu.lib -> [2009/09/09 22:58:12 | 00,012,603 | ---- | M] ()
Perflib_Perfdata_d1c.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_d1c.dat -> [2009/09/09 22:58:07 | 00,016,384 | ---- | M] ()
360395986.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\360395986.exe -> [2009/09/09 22:53:48 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_544.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_544.dat -> [2009/09/09 22:52:27 | 00,016,384 | ---- | M] ()
ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com -> [2009/09/09 21:48:09 | 00,019,751 | ---- | M] ()
silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl -> [2009/09/09 21:48:09 | 00,018,449 | ---- | M] ()
teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl -> [2009/09/09 21:48:09 | 00,018,269 | ---- | M] ()
uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat -> [2009/09/09 21:48:09 | 00,017,643 | ---- | M] ()
aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr -> [2009/09/09 21:48:09 | 00,017,305 | ---- | M] ()
kacynus.ban -> C:\WINDOWS\kacynus.ban -> [2009/09/09 21:48:09 | 00,017,174 | ---- | M] ()
ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin -> [2009/09/09 21:48:09 | 00,016,740 | ---- | M] ()
upuk.db -> C:\Program Files\Common Files\upuk.db -> [2009/09/09 21:48:09 | 00,016,129 | ---- | M] ()
tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl -> [2009/09/09 21:48:09 | 00,015,947 | ---- | M] ()
aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db -> [2009/09/09 21:48:09 | 00,015,633 | ---- | M] ()
ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat -> [2009/09/09 21:48:09 | 00,015,450 | ---- | M] ()
zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat -> [2009/09/09 21:48:09 | 00,014,519 | ---- | M] ()
yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg -> [2009/09/09 21:48:09 | 00,013,976 | ---- | M] ()
fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif -> [2009/09/09 21:48:09 | 00,012,111 | ---- | M] ()
hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl -> [2009/09/09 21:48:09 | 00,010,577 | ---- | M] ()
riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat -> [2009/09/09 21:48:09 | 00,010,203 | ---- | M] ()
pufuyada.exe -> C:\WINDOWS\System32\pufuyada.exe -> [2009/09/09 21:46:55 | 01,064,996 | -HS- | M] ()
wutivoba.dll -> C:\WINDOWS\System32\wutivoba.dll -> [2009/09/09 21:46:52 | 00,088,576 | -HS- | M] ()
winupdate.exe -> C:\WINDOWS\System32\winupdate.exe -> [2009/09/09 21:46:52 | 00,044,970 | -HS- | M] ()
huzivewe.exe -> C:\WINDOWS\System32\huzivewe.exe -> [2009/09/09 21:46:52 | 00,044,970 | -HS- | M] ()
fugafizu.dll -> C:\WINDOWS\System32\fugafizu.dll -> [2009/09/09 21:46:51 | 00,037,888 | -HS- | M] ()
UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys -> [2009/09/09 21:39:53 | 00,050,688 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/09 16:42:14 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/09 16:42:14 | 00,004,232 | ---- | M] ()
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:09 | 00,198,948 | ---- | M] ()
Global.sw2 -> C:\Documents and Settings\All Users\Documents\Global.sw2 -> [2009/09/08 20:50:29 | 00,007,081 | ---- | M] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:23 | 00,123,376 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db -> [2009/09/05 12:54:02 | 01,579,462 | -H-- | M] ()
album.ini -> C:\WINDOWS\album.ini -> [2009/08/31 00:29:27 | 00,000,032 | ---- | M] ()
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | M] ()
gtapi.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\is-61TFG.tmp\gtapi.dll -> [2009/07/07 10:13:34 | 00,079,488 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/06/02 09:56:24 | 00,008,284 | ---- | M] ()
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/09/18 16:24:06 | 00,166,221 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/18 16:22:18 | 00,016,384 | ---- | M] ()
[Files/Folders - Unicode - All]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:33 | 00,000,000 | ---D | C]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:51 | 00,000,000 | ---D | M]
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/09/10 19:05:52 | 00,000,000 | RH-D | M]
{EF63305C-BAD7-4144-9208-D65528260864} -> C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} -> [2009/09/10 19:05:52 | 00,000,000 | -H-D | M]
~0 -> C:\Documents and Settings\All Users\Application Data\~0 -> [2009/09/10 19:03:23 | 00,000,000 | -H-D | M]
13958284 -> C:\Documents and Settings\All Users\Application Data\13958284 -> [2009/09/09 21:47:03 | 00,000,000 | ---D | M]
Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2007/06/16 12:59:16 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/05/25 05:27:27 | 00,000,000 | ---D | M]
Digital Interactive Systems Corporation -> C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation -> [2007/04/06 07:13:12 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2006/05/25 05:34:30 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2006/11/17 18:51:55 | 00,000,000 | ---D | M]
PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/10/26 14:43:04 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2006/05/25 05:02:26 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/09/09 23:28:12 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/09/10 19:09:42 | 00,000,000 | --SD | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2009/09/10 19:09:42 | 00,000,472 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/10 06:00:00 | 00,000,065 | RH-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/09/10 19:08:47 | 00,000,006 | -H-- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
rpggamergirl
12 Sep 2009, 12:31pm
Hi,
The system is heavily infected, rootkits and all. With these rogues you need to rename the tools(like MalwareBytes and Combofix) prior to saving the file to your desktop because nasties blocked them from running.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {bf56a325-23f2-42ad-f4e4-00aac39caa53} [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [C:\WINDOWS\system32\tajf83ikdmf.dll]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> "tadekihih" -> C:\WINDOWS\System32\fiseziju.DLL [Rundll32.exe "c:\windows\system32\fiseziju.dll",a]
YY -> "winupdate.exe" -> C:\WINDOWS\System32\winupdate.exe [C:\WINDOWS\system32\winupdate.exe]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> trymedia.com .[http] -> Trusted sites
YN -> trymedia.com .[https] -> Trusted sites
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> c:\windows\system32\fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll
YY -> guzuyavu.dll -> C:\WINDOWS\System32\guzuyavu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [gudelogob]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "" [HKLM] -> Reg Error: Key error. [C:\WINDOWS\system32\tajf83ikdmf.dll]
YN -> "{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}" [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [ghya673gidh87we9inkff]
YN -> "{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [kupuhivus]
[Files/Folders - Created Within 14 Days]
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf
NY -> husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys
NY -> nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif
NY -> likamosu.exe -> C:\Program Files\Common Files\likamosu.exe
NY -> ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf
NY -> boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat
NY -> ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys
NY -> oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat
NY -> umykyh.dll -> C:\WINDOWS\umykyh.dll
NY -> emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban
NY -> delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib
NY -> naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg
NY -> fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif
NY -> usegic.scr -> C:\Documents and Settings\All Users\Documents\usegic.scr
NY -> kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy
NY -> vozu.lib -> C:\WINDOWS\vozu.lib
NY -> ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com
NY -> silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl
NY -> teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl
NY -> uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat
NY -> aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr
NY -> kacynus.ban -> C:\WINDOWS\kacynus.ban
NY -> ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin
NY -> upuk.db -> C:\Program Files\Common Files\upuk.db
NY -> tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl
NY -> aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db
NY -> ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat
NY -> zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat
NY -> yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg
NY -> fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif
NY -> hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl
NY -> riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat
NY -> 13958284 -> C:\Documents and Settings\All Users\Application Data\13958284
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys
[Files/Folders - Modified Within 14 Days]
NY -> rekesetu -> C:\WINDOWS\System32\rekesetu
NY -> notepad.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\notepad.exe
NY -> winlogon.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winlogon.exe
NY -> setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\setup.exe
NY -> spoolsv.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe
NY -> login.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\login.exe
NY -> 1833564672.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1833564672.exe
NY -> svchost.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe
NY -> smss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\smss.exe
NY -> 3979011612.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3979011612.exe
NY -> lsass.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lsass.exe
NY -> 1373161308.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1373161308.exe
NY -> taskmgr.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\taskmgr.exe
NY -> install.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.exe
NY -> 3063997050.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3063997050.exe
NY -> webofefa.dll -> C:\WINDOWS\System32\webofefa.dll
NY -> fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll
NY -> hidujuku.dll -> C:\WINDOWS\System32\hidujuku.dll
NY -> services.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\services.exe
NY -> system.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\system.exe
NY -> 97521746.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\97521746.exe
NY -> 16315344.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\16315344.exe
NY -> csrss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrss.exe
NY -> 2016453408.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2016453408.exe
NY -> 3660483204.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3660483204.exe
NY -> win.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win.exe
NY -> winamp.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winamp.exe
NY -> 569818230.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\569818230.exe
NY -> 1983157618.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1983157618.exe
NY -> ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf
NY -> husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys
NY -> nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif
NY -> likamosu.exe -> C:\Program Files\Common Files\likamosu.exe
NY -> ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf
NY -> boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat
NY -> ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys
NY -> oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat
NY -> umykyh.dll -> C:\WINDOWS\umykyh.dll
NY -> emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban
NY -> delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib
NY -> naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg
NY -> fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif
NY -> kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy
NY -> vozu.lib -> C:\WINDOWS\vozu.lib
NY -> 360395986.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\360395986.exe
NY -> ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com
NY -> silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl
NY -> teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl
NY -> uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat
NY -> aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr
NY -> kacynus.ban -> C:\WINDOWS\kacynus.ban
NY -> ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin
NY -> upuk.db -> C:\Program Files\Common Files\upuk.db
NY -> tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl
NY -> aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db
NY -> ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat
NY -> zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat
NY -> yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg
NY -> fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif
NY -> hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl
NY -> riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat
NY -> pufuyada.exe -> C:\WINDOWS\System32\pufuyada.exe
NY -> wutivoba.dll -> C:\WINDOWS\System32\wutivoba.dll
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> huzivewe.exe -> C:\WINDOWS\System32\huzivewe.exe
NY -> fugafizu.dll -> C:\WINDOWS\System32\fugafizu.dll
NY -> UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]
2. Also download and run ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run, re-download and rename prior to saving the file to your desktop)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
NolaBudMan13
12 Sep 2009, 8:40pm
Here's the OTS log post running fix ... tried to D/L and run ComboFix but get error on run. Reads as follows ...
"Some files could not be created. Please close all applications, reboot Windows and restart this installation"
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tadekihih deleted successfully.
C:\WINDOWS\System32\fiseziju.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winupdate.exe deleted successfully.
C:\WINDOWS\System32\winupdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\https deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fiseziju.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\fiseziju.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:guzuyavu.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\guzuyavu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gudelogob not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d16c7692-0821-4fe6-8a9c-3e8df69472e8}\ not found.
File C:\WINDOWS\System32\fiseziju.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{d16c7692-0821-4fe6-8a9c-3e8df69472e8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d16c7692-0821-4fe6-8a9c-3e8df69472e8}\ not found.
[Files/Folders - Created Within 14 Days]
C:\WINDOWS\msdownld.tmp\msdownld.tmp folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Documents\ekanum.inf moved successfully.
C:\Program Files\Common Files\husehyjix.sys moved successfully.
C:\Documents and Settings\All Users\Documents\nyhowi.pif moved successfully.
C:\Program Files\Common Files\likamosu.exe moved successfully.
C:\Program Files\Common Files\ogyzic.inf moved successfully.
C:\Documents and Settings\All Users\Application Data\boturotyja.bat moved successfully.
C:\Program Files\Common Files\ojubopub.sys moved successfully.
C:\Documents and Settings\All Users\Documents\oduh.dat moved successfully.
C:\WINDOWS\umykyh.dll moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif moved successfully.
C:\Documents and Settings\All Users\Documents\usegic.scr moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy moved successfully.
C:\WINDOWS\vozu.lib moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr moved successfully.
C:\WINDOWS\kacynus.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\ebybes.bin moved successfully.
C:\Program Files\Common Files\upuk.db moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db moved successfully.
C:\WINDOWS\ikolazywe.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\zexewy.bat moved successfully.
C:\Documents and Settings\All Users\Documents\yfawywy.reg moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif moved successfully.
C:\Program Files\Common Files\hopawomi.dl moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\riny.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\13958284 folder moved successfully.
File C:\WINDOWS\System32\winupdate.exe not found!
C:\WINDOWS\System32\drivers\UACd.sys moved successfully.
[Files/Folders - Modified Within 14 Days]
C:\WINDOWS\System32\rekesetu moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\notepad.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winlogon.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\setup.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\login.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1833564672.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\smss.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3979011612.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lsass.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1373161308.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\taskmgr.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3063997050.exe moved successfully.
C:\WINDOWS\System32\webofefa.dll moved successfully.
File C:\WINDOWS\System32\fiseziju.dll not found!
C:\WINDOWS\System32\hidujuku.dll moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\services.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\system.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\97521746.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\16315344.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrss.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2016453408.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3660483204.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winamp.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\569818230.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1983157618.exe moved successfully.
File C:\Documents and Settings\All Users\Documents\ekanum.inf not found!
File C:\Program Files\Common Files\husehyjix.sys not found!
File C:\Documents and Settings\All Users\Documents\nyhowi.pif not found!
File C:\Program Files\Common Files\likamosu.exe not found!
File C:\Program Files\Common Files\ogyzic.inf not found!
File C:\Documents and Settings\All Users\Application Data\boturotyja.bat not found!
File C:\Program Files\Common Files\ojubopub.sys not found!
File C:\Documents and Settings\All Users\Documents\oduh.dat not found!
File C:\WINDOWS\umykyh.dll not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif not found!
File C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy not found!
File C:\WINDOWS\vozu.lib not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\360395986.exe moved successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr not found!
File C:\WINDOWS\kacynus.ban not found!
File C:\Documents and Settings\All Users\Application Data\ebybes.bin not found!
File C:\Program Files\Common Files\upuk.db not found!
File C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db not found!
File C:\WINDOWS\ikolazywe.bat not found!
File C:\Documents and Settings\All Users\Application Data\zexewy.bat not found!
File C:\Documents and Settings\All Users\Documents\yfawywy.reg not found!
File C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif not found!
File C:\Program Files\Common Files\hopawomi.dl not found!
File C:\Documents and Settings\HP_Administrator\Application Data\riny.bat not found!
C:\WINDOWS\System32\pufuyada.exe moved successfully.
C:\WINDOWS\System32\wutivoba.dll moved successfully.
File C:\WINDOWS\System32\winupdate.exe not found!
C:\WINDOWS\System32\huzivewe.exe moved successfully.
C:\WINDOWS\System32\fugafizu.dll moved successfully.
File C:\WINDOWS\System32\drivers\UACd.sys not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]
rpggamergirl
13 Sep 2009, 4:54am
Delete the Combofix you already have.
Re-download Combofix but rename it prior to saving the file to your desktop. Some nasties can blocked it from running.
Also try MalwareBytes.. this also need to be renamed prior to saving the file.
http://www.malwarebytes.org/forums/index.php?showtopic=23983
If MalwareBytes is not installed, save the installer file to your desktop and rename it to installer.com then run the file.
Once MBAM is installed, you then locate and rename mbam.exe to mbam.com
Click on the renamed file to run it and then perform a quickscan. Allow it to delete what it finds and then allow the computer to reboot.
NolaBudMan13
15 Sep 2009, 1:12am
I've tried numerous times to download both ComboFix and Malwarebytes, renaming both and it won't let me run either. MBAM starts scan and then just disappears within a few seconds. ComboFix ... I get an error message that some files couldn't be written and I need to reboot and try again. Any other suggestions ?!?!?! I appreciate your patience
rpggamergirl
15 Sep 2009, 7:03am
Sorry about the Combofix instructions in attaching the log, the canned I used is for another forum.
Combofix still won't run even if renamed before saving the file?
Okay, try renaming it to CF.bat and also make sure that the "Save as Type:" is set to "All Files"
If it still won't run...then run this diagnostic tool:
Please download this tool and run it.
http://ad13.geekstogo.com/Win32kDiag.exe
Double-click on Win32Diag.exe to run it.
A black command prompt window shall appear.
It will now begin to scan. This may take a while, please be paitent until the scan is complete.
Once it's done, in the black screen it will say "Finished! Press any key to exit....
A log file called Win32KDiag.txt will be created on your desktop.
Please copy and paste the contents of that log file here in your next reply please.
Win32kdiag.exe will not delete or remove anything but it can tell us if a particular infection is present in the system and we can then deal with its removal.
NolaBudMan13
16 Sep 2009, 2:09am
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4URY13IY\Win32kDiag[1].exe
Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E2.tmp\ZAP3E2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40B.tmp\ZAP40B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Corel\Corel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\setup.pss\setup.pss
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3070616681-1575120707-133626937-1008\S-1-5-21-3070616681-1575120707-133626937-1008
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\AddIns\AddIns
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Proof\Proof
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\STARTUP\STARTUP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\MSHist012008082720080828
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\dumprep.exe
[1] 2004-08-09 23:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-09 23:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 19:11:53 62464 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\i386
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790
Mount point destination : \Device\__max++>\^
Finished!
rpggamergirl
16 Sep 2009, 2:09pm
We could run OTS again but these steps below should fix and clean the infection..
Found the patched system file... once the patched file is replaced, MBAM or Combofix should be able to run and clean the infection.
Step 1:
Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger2/download.php
* Right click on the Avenger.zip folder and select "Extract All..."
* Follow the prompts and extract the avenger folder to your desktop
* Start up Avenger.
In the "Input script here:" box that opens, copy,then paste the following bolded text below: (including the text "Files to move:")
-----------------------------------------------------
Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll
-----------------------------------------------------
Click on 'Execute'.
Then press OK at the prompt to reboot your PC.
Please copy/paste the content of c:\avenger.txt into your reply.
Step 2:
Click on Start->Run, and copy-paste the following command into the "Open:" box, and click OK.
"%userprofile%\desktop\win32kdiag.exe" -f -r
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Step4:
Run a renamed MBAM or a renamed Combofix and attach the logs.(Rename them before saving the file to your desktop).
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
NolaBudMan13
17 Sep 2009, 3:30am
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\logevent.dll" not found!
File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
WIN32DIA LOG:
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4URY13IY\Win32kDiag[1].exe
Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E2.tmp\ZAP3E2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40B.tmp\ZAP40B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Corel\Corel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\setup.pss\setup.pss
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3070616681-1575120707-133626937-1008\S-1-5-21-3070616681-1575120707-133626937-1008
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\AddIns\AddIns
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Proof\Proof
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\STARTUP\STARTUP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\MSHist012008082720080828
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\dumprep.exe
[1] 2004-08-09 23:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\i386
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790
Mount point destination : \Device\__max++>\^
Finished!
ComboFix 09-09-16.02 - HP_Administrator 09/16/2009 21:03.1.1 - NTFSx86
Running from: c:\documents and settings\HP_Administrator\Desktop\Installer.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Cookies\ykewi.sys
c:\documents and settings\HP_Administrator\Start Menu\Advanced Virus Remover.lnk
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\010112010146120114.xe
c:\windows\0101120101465049.xe
c:\windows\0101120101465154.xe
c:\windows\drnokmp.dbe
c:\windows\freddy63.exe
c:\windows\Installer\1053524.msi
c:\windows\Installer\2a5a505.msp
c:\windows\Installer\2e7c5f1.msp
c:\windows\Installer\7737f4.msp
c:\windows\Installer\7737f5.msp
c:\windows\Installer\7737f6.msp
c:\windows\Installer\7737f7.msp
c:\windows\Installer\7737f8.msp
c:\windows\Installer\7737f9.msp
c:\windows\Installer\7737fa.msp
c:\windows\Installer\7737fb.msp
c:\windows\Installer\7737fc.msp
c:\windows\Installer\7d1c32.msp
c:\windows\Installer\7d69a7.msp
c:\windows\Installer\7d69a8.msp
c:\windows\Installer\7d69a9.msp
c:\windows\Installer\7d69aa.msp
c:\windows\Installer\7d69ab.msp
c:\windows\Installer\7d69ac.msp
c:\windows\Installer\7d69ad.msp
c:\windows\Installer\7d69ae.msp
c:\windows\Installer\7d69af.msp
c:\windows\Installer\7d69b0.msp
c:\windows\Installer\7f3ae3.msp
c:\windows\Installer\7f3aee.msp
c:\windows\Installer\7f3afa.msp
c:\windows\Installer\eb7e05.msp
c:\windows\kb913800.exe
c:\windows\ld14.exe
c:\windows\system32\bamekoro.dll
c:\windows\system32\bijikoko.dll
c:\windows\system32\bisawuza.dll
c:\windows\system32\bohemuko.dll
c:\windows\system32\drivers\OLD9.tmp
c:\windows\system32\Drivers\tjbdol.sys
c:\windows\system32\dudetelo.exe
c:\windows\system32\fukafati.dll
c:\windows\system32\hewurogo.dll
c:\windows\system32\hijagolu.dll
c:\windows\system32\jitodujo.dll
c:\windows\system32\kozodobe.dll
c:\windows\system32\nigavimi.dll
c:\windows\system32\nobajanu.dll
c:\windows\system32\rakevaka.dll
c:\windows\system32\reyoduza.dll
c:\windows\system32\tinuhagu.dll
c:\windows\system32\vabazaja.exe
c:\windows\system32\vudaviyi.dll
c:\windows\system32\vuyohasu.dll
c:\windows\system32\wijuyira.dll
c:\windows\system32\wowafuha.exe
c:\windows\system32\yehifuni.exe
c:\windows\vkl_1252640875.exe
D:\Autorun.inf
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_sfx
-------\Legacy_ddnsfilter
-------\Service_ddnsfilter
((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.
2009-09-15 00:00 . 2009-09-15 22:53 -------- d-----w- c:\program files\MInstaller
2009-09-12 21:22 . 2009-09-12 21:24 -------- d-----w- c:\program files\M
2009-09-12 09:21 . 2009-09-12 21:13 -------- d-----w- c:\program files\Trend Micro
2009-09-11 03:48 . 2009-09-11 03:48 1 ---h--w- c:\windows\bk23567.dat
2009-09-11 03:48 . 2009-09-11 03:48 -------- d-----w- c:\program files\webserver
2009-09-11 03:47 . 2009-09-11 03:47 18432 ----a-w- c:\windows\srpira1252640874.eXE
2009-09-11 02:47 . 2009-09-11 02:47 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-09-11 02:47 . 2009-09-11 02:47 173 ----a-w- c:\windows\dxxdv34567.bat
2009-09-11 00:05 . 2009-09-12 18:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-09-10 23:54 . 2009-09-10 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2009-09-10 23:28 . 2009-09-10 23:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-09-10 23:28 . 2009-09-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 06:49 . 2009-09-11 00:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-09-10 04:14 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-10 04:14 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-10 04:14 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-10 04:14 . 2009-09-10 04:17 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-10 04:14 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-10 04:14 . 2009-09-10 04:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-09-10 04:14 . 2009-09-10 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-10 03:59 . 2009-09-10 03:59 -------- d-----w- C:\60e682b77c77cf96df
2009-09-10 03:18 . 2009-09-10 23:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 00:35 . 2009-09-09 00:35 123376 ----a-w- c:\windows\hpwins12.dat
2009-09-09 00:35 . 2007-07-08 23:42 1325 ------w- c:\windows\hpwmdl12.dat
2009-09-09 00:35 . 2007-07-04 16:38 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2009-09-05 19:24 . 2009-09-05 19:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-08-27 10:55 . 2009-09-03 10:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-08-27 10:55 . 2009-08-27 10:55 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-21 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 08:04 . 2009-08-21 08:05 -------- d-----w- C:\a5c6bb0a81d4aef3c4e0d70d8590
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 02:16 . 2004-08-10 04:00 76416 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-17 01:47 . 2009-09-17 01:47 76416 ----a-w- c:\windows\system32\drivers\OLD84.tmp
2009-09-17 01:46 . 2009-09-17 01:46 76416 ----a-w- c:\windows\system32\drivers\OLD82.tmp
2009-09-17 01:41 . 2009-09-17 01:41 76416 ----a-w- c:\windows\system32\drivers\OLD80.tmp
2009-09-17 00:46 . 2009-09-17 00:46 166 ----a-w- c:\program files\ahxvnw.txt
2009-09-16 03:41 . 2006-11-26 19:11 -------- d-----w- c:\program files\Piolet
2009-09-14 18:46 . 2009-06-14 18:46 88064 --sha-w- c:\windows\system32\wuholove.dll
2009-09-14 06:45 . 2009-06-14 06:45 89088 --sha-w- c:\windows\system32\jijeruwa.dll
2009-09-13 18:46 . 2009-06-13 18:45 50688 --sha-w- c:\windows\system32\papupona.dll
2009-09-13 18:45 . 2009-06-13 18:45 88576 --sha-w- c:\windows\system32\kumiberu.dll
2009-09-13 08:06 . 2009-09-13 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD78.tmp
2009-09-13 08:05 . 2009-09-13 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2009-09-13 06:45 . 2009-06-13 06:45 88064 --sha-w- c:\windows\system32\wenijalu.dll
2009-09-12 18:35 . 2009-06-12 18:35 88064 --sha-w- c:\windows\system32\mihamake.dll
2009-09-12 18:31 . 2007-07-23 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-12 09:37 . 2009-09-12 09:37 76416 ----a-w- c:\windows\system32\drivers\OLD2A.tmp
2009-09-12 02:48 . 2009-06-12 02:48 88576 --sha-w- c:\windows\system32\mepagasa.dll
2009-09-11 14:47 . 2009-06-11 14:47 88576 --sha-w- c:\windows\system32\mamotapi.dll
2009-09-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\kigilepi.dll
2009-09-11 02:47 . 2009-06-11 02:47 88576 --sha-w- c:\windows\system32\feyajute.dll
2009-09-11 02:47 . 2009-06-11 02:47 53248 --sha-w- c:\windows\system32\himepuka.exe
2009-09-10 23:01 . 2009-09-10 23:01 76416 ----a-w- c:\windows\system32\drivers\OLD1A.tmp
2009-09-10 23:00 . 2009-09-10 23:00 76416 ----a-w- c:\windows\system32\drivers\OLD18.tmp
2009-09-10 22:59 . 2009-09-10 22:59 76416 ----a-w- c:\windows\system32\drivers\OLD16.tmp
2009-09-10 22:57 . 2009-09-10 22:57 76416 ----a-w- c:\windows\system32\drivers\OLD14.tmp
2009-09-10 11:57 . 2009-09-10 11:57 76416 ----a-w- c:\windows\system32\drivers\OLD10.tmp
2009-09-10 11:56 . 2009-09-10 11:56 76416 ----a-w- c:\windows\system32\drivers\OLDE.tmp
2009-09-10 11:51 . 2009-09-10 11:51 76416 ----a-w- c:\windows\system32\drivers\OLDC.tmp
2009-09-10 11:50 . 2009-09-10 11:50 76416 ----a-w- c:\windows\system32\drivers\OLDA.tmp
2009-09-10 08:09 . 2009-09-10 08:09 76416 ----a-w- c:\windows\system32\drivers\OLD5E1.tmp
2009-09-10 08:07 . 2009-09-10 08:07 76416 ----a-w- c:\windows\system32\drivers\OLD5DF.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5DD.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5DB.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5D9.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5D7.tmp
2009-09-10 08:05 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5D5.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5D3.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5D1.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5CF.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5CD.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5CB.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C9.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C7.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C5.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C3.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C1.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5BF.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5BD.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5BB.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B9.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B7.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B5.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B3.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B1.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5AF.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5AD.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5AB.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5A9.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A7.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A5.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A3.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A1.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD59F.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD59D.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD59B.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD599.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD597.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD595.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD593.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD591.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD58F.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD58D.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD58B.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD589.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD587.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD585.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD583.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD581.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD57F.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD57D.tmp
2009-09-10 08:01 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD57B.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD579.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD577.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD575.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD573.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD571.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD56F.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD56D.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD56B.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD569.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD567.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD565.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD563.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD561.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD55F.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD55D.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD55B.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD559.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD557.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD555.tmp
2009-06-13 18:46 . 2009-06-13 18:46 50688 --sha-w- c:\windows\system32\javinete.dll
2009-06-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\nunupofa.dll.tmp
2009-06-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\rafaweti.dll
2009-06-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\woyevepa.dll.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7810e65-72ce-4fcd-8d5d-7af6dd942bee}]
2009-06-13 18:46 50688 --sha-w- c:\windows\system32\javinete.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"tadekihih"="c:\windows\system32\wuholove.dll" [2009-09-14 88064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-08 16010240]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{ed1faddf-e166-4d65-9ea3-63003cb8d519}"= "c:\windows\system32\wuholove.dll" [2009-09-14 88064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"goyufopob"= {ed1faddf-e166-4d65-9ea3-63003cb8d519} - c:\windows\system32\wuholove.dll [2009-09-14 88064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver
R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/9/2009 11:14 PM 206256]
R1 filter;Filter;c:\windows\system32\drivers\Filter.sys [9/10/2009 9:47 PM 37760]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 webserver;webserver;c:\program files\webserver\webserver.exe [9/10/2009 10:48 PM 13824]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
HKLM-Run-TkBellExe - realsched.exe
HKLM-Run-buwezaweti - kozodobe.dll
HKU-Default-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe
SharedTaskScheduler-ThreadingModel - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 21:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\WININET.dll
c:\windows\system32\wuholove.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-09-17 21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-17 02:18
Pre-Run: 162,413,834,240 bytes free
Post-Run: 162,596,048,896 bytes free
412 --- E O F --- 2009-09-02 08:00
rpggamergirl
17 Sep 2009, 2:52pm
Did you run Avenger twice? just curious.
c:\program files\Piolet <-- did you purposely installed this program?
There are still bad files that need to be removed using Combofix script function.
Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the bolded text between the lines below into the Notepad window:
------------------------------------------------------------------------
KillAll::
File::
c:\windows\bk23567.dat
c:\windows\srpira1252640874.eXE
c:\windows\system32\drivers\Filter.sys
c:\windows\dxxdv34567.bat
c:\program files\ahxvnw.txt
c:\windows\system32\drivers\OLD84.tmp
c:\windows\system32\drivers\OLD82.tmp
c:\windows\system32\drivers\OLD80.tmp
c:\windows\system32\wuholove.dll
c:\windows\system32\jijeruwa.dll
c:\windows\system32\papupona.dll
c:\windows\system32\kumiberu.dll
c:\windows\system32\drivers\OLD78.tmp
c:\windows\system32\drivers\OLD5B.tmp
c:\windows\system32\wenijalu.dll
c:\windows\system32\mihamake.dll
c:\windows\system32\drivers\OLD2A.tmp
c:\windows\system32\mepagasa.dll
c:\windows\system32\mamotapi.dll
c:\windows\system32\kigilepi.dll
c:\windows\system32\feyajute.dll
c:\windows\system32\himepuka.exe
c:\windows\system32\drivers\OLD1A.tmp
c:\windows\system32\drivers\OLD18.tmp
c:\windows\system32\drivers\OLD16.tmp
c:\windows\system32\drivers\OLD14.tmp
c:\windows\system32\drivers\OLD10.tmp
c:\windows\system32\drivers\OLDE.tmp
c:\windows\system32\drivers\OLDC.tmp
c:\windows\system32\drivers\OLDA.tmp
c:\windows\system32\drivers\OLD5E1.tmp
c:\windows\system32\drivers\OLD5DF.tmp
c:\windows\system32\drivers\OLD5DD.tmp
c:\windows\system32\drivers\OLD5DB.tmp
c:\windows\system32\drivers\OLD5D9.tmp
c:\windows\system32\drivers\OLD5D7.tmp
c:\windows\system32\drivers\OLD5D5.tmp
c:\windows\system32\drivers\OLD5D3.tmp
c:\windows\system32\drivers\OLD5D1.tmp
c:\windows\system32\drivers\OLD5CF.tmp
c:\windows\system32\drivers\OLD5CD.tmp
c:\windows\system32\drivers\OLD5CB.tmp
c:\windows\system32\drivers\OLD5C9.tmp
c:\windows\system32\drivers\OLD5C7.tmp
c:\windows\system32\drivers\OLD5C5.tmp
c:\windows\system32\drivers\OLD5C3.tmp
c:\windows\system32\drivers\OLD5C1.tmp
c:\windows\system32\drivers\OLD5BF.tmp
c:\windows\system32\drivers\OLD5BD.tmp
c:\windows\system32\drivers\OLD5BB.tmp
c:\windows\system32\drivers\OLD5B9.tmp
c:\windows\system32\drivers\OLD5B7.tmp
c:\windows\system32\drivers\OLD5B5.tmp
c:\windows\system32\drivers\OLD5B3.tmp
c:\windows\system32\drivers\OLD5B1.tmp
c:\windows\system32\drivers\OLD5AF.tmp
c:\windows\system32\drivers\OLD5AD.tmp
c:\windows\system32\drivers\OLD5AB.tmp
c:\windows\system32\drivers\OLD5A9.tmp
c:\windows\system32\drivers\OLD5A7.tmp
c:\windows\system32\drivers\OLD5A5.tmp
c:\windows\system32\drivers\OLD5A3.tmp
c:\windows\system32\drivers\OLD5A1.tmp
c:\windows\system32\drivers\OLD59F.tmp
c:\windows\system32\drivers\OLD59D.tmp
c:\windows\system32\drivers\OLD59B.tmp
c:\windows\system32\drivers\OLD599.tmp
c:\windows\system32\drivers\OLD597.tmp
c:\windows\system32\drivers\OLD595.tmp
c:\windows\system32\drivers\OLD593.tmp
c:\windows\system32\drivers\OLD591.tmp
c:\windows\system32\drivers\OLD58F.tmp
c:\windows\system32\drivers\OLD58D.tmp
c:\windows\system32\drivers\OLD58B.tmp
c:\windows\system32\drivers\OLD589.tmp
c:\windows\system32\drivers\OLD587.tmp
c:\windows\system32\drivers\OLD585.tmp
c:\windows\system32\drivers\OLD583.tmp
c:\windows\system32\drivers\OLD581.tmp
c:\windows\system32\drivers\OLD57F.tmp
c:\windows\system32\drivers\OLD57D.tmp
c:\windows\system32\drivers\OLD57B.tmp
c:\windows\system32\drivers\OLD579.tmp
c:\windows\system32\drivers\OLD577.tmp
c:\windows\system32\drivers\OLD575.tmp
c:\windows\system32\drivers\OLD573.tmp
c:\windows\system32\drivers\OLD571.tmp
c:\windows\system32\drivers\OLD56F.tmp
c:\windows\system32\drivers\OLD56D.tmp
c:\windows\system32\drivers\OLD56B.tmp
c:\windows\system32\drivers\OLD569.tmp
c:\windows\system32\drivers\OLD567.tmp
c:\windows\system32\drivers\OLD565.tmp
c:\windows\system32\drivers\OLD563.tmp
c:\windows\system32\drivers\OLD561.tmp
c:\windows\system32\drivers\OLD55F.tmp
c:\windows\system32\drivers\OLD55D.tmp
c:\windows\system32\drivers\OLD55B.tmp
c:\windows\system32\drivers\OLD559.tmp
c:\windows\system32\drivers\OLD557.tmp
c:\windows\system32\drivers\OLD555.tmp
c:\windows\system32\javinete.dll
c:\windows\system32\nunupofa.dll.tmp
c:\windows\system32\rafaweti.dll
c:\windows\system32\woyevepa.dll.tmp
c:\windows\system32\javinete.dll
Rootkit::
c:\windows\system32\wuholove.dll
Folder::
c:\program files\webserver
Driver::
webserver
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7810e65-72ce-4fcd-8d5d-7af6dd942bee}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tadekihih"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{ed1faddf-e166-4d65-9ea3-63003cb8d519}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"goyufopob"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
NolaBudMan13
18 Sep 2009, 1:35am
Did run it twice ... when it tried to reboot it froze while shutting down and the Piolet upgrade I can thank my roomie for that ...
ComboFix 09-09-17.04 - HP_Administrator 09/17/2009 18:56.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.496 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Installer.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FILE ::
"c:\program files\ahxvnw.txt"
"c:\windows\bk23567.dat"
"c:\windows\dxxdv34567.bat"
"c:\windows\srpira1252640874.eXE"
"c:\windows\system32\drivers\Filter.sys"
"c:\windows\system32\drivers\OLD10.tmp"
"c:\windows\system32\drivers\OLD14.tmp"
"c:\windows\system32\drivers\OLD16.tmp"
"c:\windows\system32\drivers\OLD18.tmp"
"c:\windows\system32\drivers\OLD1A.tmp"
"c:\windows\system32\drivers\OLD2A.tmp"
"c:\windows\system32\drivers\OLD555.tmp"
"c:\windows\system32\drivers\OLD557.tmp"
"c:\windows\system32\drivers\OLD559.tmp"
"c:\windows\system32\drivers\OLD55B.tmp"
"c:\windows\system32\drivers\OLD55D.tmp"
"c:\windows\system32\drivers\OLD55F.tmp"
"c:\windows\system32\drivers\OLD561.tmp"
"c:\windows\system32\drivers\OLD563.tmp"
"c:\windows\system32\drivers\OLD565.tmp"
"c:\windows\system32\drivers\OLD567.tmp"
"c:\windows\system32\drivers\OLD569.tmp"
"c:\windows\system32\drivers\OLD56B.tmp"
"c:\windows\system32\drivers\OLD56D.tmp"
"c:\windows\system32\drivers\OLD56F.tmp"
"c:\windows\system32\drivers\OLD571.tmp"
"c:\windows\system32\drivers\OLD573.tmp"
"c:\windows\system32\drivers\OLD575.tmp"
"c:\windows\system32\drivers\OLD577.tmp"
"c:\windows\system32\drivers\OLD579.tmp"
"c:\windows\system32\drivers\OLD57B.tmp"
"c:\windows\system32\drivers\OLD57D.tmp"
"c:\windows\system32\drivers\OLD57F.tmp"
"c:\windows\system32\drivers\OLD581.tmp"
"c:\windows\system32\drivers\OLD583.tmp"
"c:\windows\system32\drivers\OLD585.tmp"
"c:\windows\system32\drivers\OLD587.tmp"
"c:\windows\system32\drivers\OLD589.tmp"
"c:\windows\system32\drivers\OLD58B.tmp"
"c:\windows\system32\drivers\OLD58D.tmp"
"c:\windows\system32\drivers\OLD58F.tmp"
"c:\windows\system32\drivers\OLD591.tmp"
"c:\windows\system32\drivers\OLD593.tmp"
"c:\windows\system32\drivers\OLD595.tmp"
"c:\windows\system32\drivers\OLD597.tmp"
"c:\windows\system32\drivers\OLD599.tmp"
"c:\windows\system32\drivers\OLD59B.tmp"
"c:\windows\system32\drivers\OLD59D.tmp"
"c:\windows\system32\drivers\OLD59F.tmp"
"c:\windows\system32\drivers\OLD5A1.tmp"
"c:\windows\system32\drivers\OLD5A3.tmp"
"c:\windows\system32\drivers\OLD5A5.tmp"
"c:\windows\system32\drivers\OLD5A7.tmp"
"c:\windows\system32\drivers\OLD5A9.tmp"
"c:\windows\system32\drivers\OLD5AB.tmp"
"c:\windows\system32\drivers\OLD5AD.tmp"
"c:\windows\system32\drivers\OLD5AF.tmp"
"c:\windows\system32\drivers\OLD5B.tmp"
"c:\windows\system32\drivers\OLD5B1.tmp"
"c:\windows\system32\drivers\OLD5B3.tmp"
"c:\windows\system32\drivers\OLD5B5.tmp"
"c:\windows\system32\drivers\OLD5B7.tmp"
"c:\windows\system32\drivers\OLD5B9.tmp"
"c:\windows\system32\drivers\OLD5BB.tmp"
"c:\windows\system32\drivers\OLD5BD.tmp"
"c:\windows\system32\drivers\OLD5BF.tmp"
"c:\windows\system32\drivers\OLD5C1.tmp"
"c:\windows\system32\drivers\OLD5C3.tmp"
"c:\windows\system32\drivers\OLD5C5.tmp"
"c:\windows\system32\drivers\OLD5C7.tmp"
"c:\windows\system32\drivers\OLD5C9.tmp"
"c:\windows\system32\drivers\OLD5CB.tmp"
"c:\windows\system32\drivers\OLD5CD.tmp"
"c:\windows\system32\drivers\OLD5CF.tmp"
"c:\windows\system32\drivers\OLD5D1.tmp"
"c:\windows\system32\drivers\OLD5D3.tmp"
"c:\windows\system32\drivers\OLD5D5.tmp"
"c:\windows\system32\drivers\OLD5D7.tmp"
"c:\windows\system32\drivers\OLD5D9.tmp"
"c:\windows\system32\drivers\OLD5DB.tmp"
"c:\windows\system32\drivers\OLD5DD.tmp"
"c:\windows\system32\drivers\OLD5DF.tmp"
"c:\windows\system32\drivers\OLD5E1.tmp"
"c:\windows\system32\drivers\OLD78.tmp"
"c:\windows\system32\drivers\OLD80.tmp"
"c:\windows\system32\drivers\OLD82.tmp"
"c:\windows\system32\drivers\OLD84.tmp"
"c:\windows\system32\drivers\OLDA.tmp"
"c:\windows\system32\drivers\OLDC.tmp"
"c:\windows\system32\drivers\OLDE.tmp"
"c:\windows\system32\feyajute.dll"
"c:\windows\system32\himepuka.exe"
"c:\windows\system32\javinete.dll"
"c:\windows\system32\jijeruwa.dll"
"c:\windows\system32\kigilepi.dll"
"c:\windows\system32\kumiberu.dll"
"c:\windows\system32\mamotapi.dll"
"c:\windows\system32\mepagasa.dll"
"c:\windows\system32\mihamake.dll"
"c:\windows\system32\nunupofa.dll.tmp"
"c:\windows\system32\papupona.dll"
"c:\windows\system32\rafaweti.dll"
"c:\windows\system32\wenijalu.dll"
"c:\windows\system32\woyevepa.dll.tmp"
"c:\windows\system32\wuholove.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ahxvnw.txt
c:\program files\webserver
c:\windows\Alcmtr.exe
c:\windows\bk23567.dat
c:\windows\dxxdv34567.bat
c:\windows\srpira1252640874.eXE
c:\windows\system32\drivers\Filter.sys
c:\windows\system32\drivers\OLD10.tmp
c:\windows\system32\drivers\OLD14.tmp
c:\windows\system32\drivers\OLD16.tmp
c:\windows\system32\drivers\OLD18.tmp
c:\windows\system32\drivers\OLD1A.tmp
c:\windows\system32\drivers\OLD2A.tmp
c:\windows\system32\drivers\OLD555.tmp
c:\windows\system32\drivers\OLD557.tmp
c:\windows\system32\drivers\OLD559.tmp
c:\windows\system32\drivers\OLD55B.tmp
c:\windows\system32\drivers\OLD55D.tmp
c:\windows\system32\drivers\OLD55F.tmp
c:\windows\system32\drivers\OLD561.tmp
c:\windows\system32\drivers\OLD563.tmp
c:\windows\system32\drivers\OLD565.tmp
c:\windows\system32\drivers\OLD567.tmp
c:\windows\system32\drivers\OLD569.tmp
c:\windows\system32\drivers\OLD56B.tmp
c:\windows\system32\drivers\OLD56D.tmp
c:\windows\system32\drivers\OLD56F.tmp
c:\windows\system32\drivers\OLD571.tmp
c:\windows\system32\drivers\OLD573.tmp
c:\windows\system32\drivers\OLD575.tmp
c:\windows\system32\drivers\OLD577.tmp
c:\windows\system32\drivers\OLD579.tmp
c:\windows\system32\drivers\OLD57B.tmp
c:\windows\system32\drivers\OLD57D.tmp
c:\windows\system32\drivers\OLD57F.tmp
c:\windows\system32\drivers\OLD581.tmp
c:\windows\system32\drivers\OLD583.tmp
c:\windows\system32\drivers\OLD585.tmp
c:\windows\system32\drivers\OLD587.tmp
c:\windows\system32\drivers\OLD589.tmp
c:\windows\system32\drivers\OLD58B.tmp
c:\windows\system32\drivers\OLD58D.tmp
c:\windows\system32\drivers\OLD58F.tmp
c:\windows\system32\drivers\OLD591.tmp
c:\windows\system32\drivers\OLD593.tmp
c:\windows\system32\drivers\OLD595.tmp
c:\windows\system32\drivers\OLD597.tmp
c:\windows\system32\drivers\OLD599.tmp
c:\windows\system32\drivers\OLD59B.tmp
c:\windows\system32\drivers\OLD59D.tmp
c:\windows\system32\drivers\OLD59F.tmp
c:\windows\system32\drivers\OLD5A1.tmp
c:\windows\system32\drivers\OLD5A3.tmp
c:\windows\system32\drivers\OLD5A5.tmp
c:\windows\system32\drivers\OLD5A7.tmp
c:\windows\system32\drivers\OLD5A9.tmp
c:\windows\system32\drivers\OLD5AB.tmp
c:\windows\system32\drivers\OLD5AD.tmp
c:\windows\system32\drivers\OLD5AF.tmp
c:\windows\system32\drivers\OLD5B.tmp
c:\windows\system32\drivers\OLD5B1.tmp
c:\windows\system32\drivers\OLD5B3.tmp
c:\windows\system32\drivers\OLD5B5.tmp
c:\windows\system32\drivers\OLD5B7.tmp
c:\windows\system32\drivers\OLD5B9.tmp
c:\windows\system32\drivers\OLD5BB.tmp
c:\windows\system32\drivers\OLD5BD.tmp
c:\windows\system32\drivers\OLD5BF.tmp
c:\windows\system32\drivers\OLD5C1.tmp
c:\windows\system32\drivers\OLD5C3.tmp
c:\windows\system32\drivers\OLD5C5.tmp
c:\windows\system32\drivers\OLD5C7.tmp
c:\windows\system32\drivers\OLD5C9.tmp
c:\windows\system32\drivers\OLD5CB.tmp
c:\windows\system32\drivers\OLD5CD.tmp
c:\windows\system32\drivers\OLD5CF.tmp
c:\windows\system32\drivers\OLD5D1.tmp
c:\windows\system32\drivers\OLD5D3.tmp
c:\windows\system32\drivers\OLD5D5.tmp
c:\windows\system32\drivers\OLD5D7.tmp
c:\windows\system32\drivers\OLD5D9.tmp
c:\windows\system32\drivers\OLD5DB.tmp
c:\windows\system32\drivers\OLD5DD.tmp
c:\windows\system32\drivers\OLD5DF.tmp
c:\windows\system32\drivers\OLD5E1.tmp
c:\windows\system32\drivers\OLD78.tmp
c:\windows\system32\drivers\OLD80.tmp
c:\windows\system32\drivers\OLD82.tmp
c:\windows\system32\drivers\OLD84.tmp
c:\windows\system32\drivers\OLDA.tmp
c:\windows\system32\drivers\OLDC.tmp
c:\windows\system32\drivers\OLDE.tmp
c:\windows\system32\feyajute.dll
c:\windows\system32\himepuka.exe
c:\windows\system32\javinete.dll
c:\windows\system32\jijeruwa.dll
c:\windows\system32\kigilepi.dll
c:\windows\system32\kumiberu.dll
c:\windows\system32\mamotapi.dll
c:\windows\system32\mepagasa.dll
c:\windows\system32\mihamake.dll
c:\windows\system32\nunupofa.dll.tmp
c:\windows\system32\papupona.dll
c:\windows\system32\rafaweti.dll
c:\windows\system32\wenijalu.dll
c:\windows\system32\woyevepa.dll.tmp
c:\windows\system32\wuholove.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_webserver
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_webserver
-------\Legacy_filter
-------\Service_filter
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-09-17 08:09 . 2009-09-17 10:27 -------- d-----w- C:\$AVG8.VAULT$
2009-09-17 03:54 . 2009-09-17 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-17 03:54 . 2009-09-17 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-17 03:54 . 2009-09-17 03:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-17 03:54 . 2009-09-17 03:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-17 03:53 . 2009-09-17 22:48 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-17 03:53 . 2009-09-17 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-17 03:53 . 2009-09-17 03:53 -------- d-----w- c:\program files\AVG
2009-09-17 03:53 . 2009-09-17 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-15 00:00 . 2009-09-15 22:53 -------- d-----w- c:\program files\MInstaller
2009-09-12 21:22 . 2009-09-12 21:24 -------- d-----w- c:\program files\M
2009-09-12 09:21 . 2009-09-12 21:13 -------- d-----w- c:\program files\Trend Micro
2009-09-11 00:05 . 2009-09-12 18:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-09-10 23:54 . 2009-09-10 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2009-09-10 23:28 . 2009-09-10 23:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-09-10 23:28 . 2009-09-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 06:49 . 2009-09-11 00:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-09-10 04:14 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-10 04:14 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-10 04:14 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-10 04:14 . 2009-09-10 04:17 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-10 04:14 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-10 04:14 . 2009-09-10 04:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-09-10 04:14 . 2009-09-10 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-10 03:59 . 2009-09-10 03:59 -------- d-----w- C:\60e682b77c77cf96df
2009-09-10 03:18 . 2009-09-10 23:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 00:35 . 2009-09-09 00:35 123376 ----a-w- c:\windows\hpwins12.dat
2009-09-09 00:35 . 2007-07-08 23:42 1325 ------w- c:\windows\hpwmdl12.dat
2009-09-09 00:35 . 2007-07-04 16:38 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2009-09-05 19:24 . 2009-09-05 19:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-08-27 10:55 . 2009-09-03 10:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-08-27 10:55 . 2009-08-27 10:55 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-21 08:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 08:04 . 2009-08-21 08:05 -------- d-----w- C:\a5c6bb0a81d4aef3c4e0d70d8590
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 00:10 . 2004-08-10 04:00 76416 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-17 04:18 . 2006-05-25 10:18 53336 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 03:41 . 2006-11-26 19:11 -------- d-----w- c:\program files\Piolet
2009-09-12 18:31 . 2007-07-23 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD553.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD551.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD54F.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD54D.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD54B.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD549.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD547.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD545.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD543.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD541.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD53F.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD53D.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD53B.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD539.tmp
2009-09-10 07:58 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD537.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD535.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD533.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD531.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD52F.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD52D.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD52B.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD529.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD527.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD525.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD523.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD521.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD51F.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD51D.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD51B.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD519.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD517.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD515.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD513.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD511.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD50F.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD50D.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD50B.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD509.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD507.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD505.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD503.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD501.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4FF.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4FD.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4FB.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4F9.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4F7.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4F5.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4F3.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4F1.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4EF.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4ED.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4EB.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E9.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E7.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E5.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E3.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E1.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4DF.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4DD.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4DB.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D9.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D7.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D5.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D3.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D1.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4CF.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4CD.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4CB.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4C9.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4C7.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4C5.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4C3.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4C1.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4BF.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4BD.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4BB.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B9.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B7.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B5.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B3.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B1.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4AF.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4AD.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4AB.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A9.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A7.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A5.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A3.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A1.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD49F.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD49D.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD49B.tmp
2009-09-10 07:51 . 2009-09-10 07:51 76416 ----a-w- c:\windows\system32\drivers\OLD499.tmp
2009-09-10 07:51 . 2009-09-10 07:51 76416 ----a-w- c:\windows\system32\drivers\OLD497.tmp
2009-09-10 07:51 . 2009-09-10 07:51 76416 ----a-w- c:\windows\system32\drivers\OLD495.tmp
.
------- Sigcheck -------
[7] 2004-08-09 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[7] 2004-08-09 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2004-08-09 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-17_02.16.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-18 00:09 . 2009-09-18 00:09 16384 c:\windows\temp\Perflib_Perfdata_348.dat
+ 2009-09-18 00:10 . 2009-09-18 00:10 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2007832]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-08 16010240]
"TkBellExe"="realsched.exe" [BU]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-17 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver
R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/9/2009 11:14 PM 206256]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/16/2009 10:54 PM 335240]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/16/2009 10:54 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/16/2009 10:53 PM 297752]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-tadekihih - c:\windows\system32\wuholove.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 19:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-18 19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 00:14
ComboFix2.txt 2009-09-17 02:19
Pre-Run: 162,048,856,064 bytes free
Post-Run: 162,285,637,632 bytes free
572 --- E O F --- 2009-09-02 08:00
rpggamergirl
21 Sep 2009, 1:33am
That would explain the Avenger error then.
Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\windows\system32\drivers\OLD553.tmp
c:\windows\system32\drivers\OLD551.tmp
c:\windows\system32\drivers\OLD54F.tmp
c:\windows\system32\drivers\OLD54D.tmp
c:\windows\system32\drivers\OLD54B.tmp
c:\windows\system32\drivers\OLD549.tmp
c:\windows\system32\drivers\OLD547.tmp
c:\windows\system32\drivers\OLD545.tmp
c:\windows\system32\drivers\OLD543.tmp
c:\windows\system32\drivers\OLD541.tmp
c:\windows\system32\drivers\OLD53F.tmp
c:\windows\system32\drivers\OLD53D.tmp
c:\windows\system32\drivers\OLD53B.tmp
c:\windows\system32\drivers\OLD539.tmp
c:\windows\system32\drivers\OLD537.tmp
c:\windows\system32\drivers\OLD535.tmp
c:\windows\system32\drivers\OLD533.tmp
c:\windows\system32\drivers\OLD531.tmp
c:\windows\system32\drivers\OLD52F.tmp
c:\windows\system32\drivers\OLD52D.tmp
c:\windows\system32\drivers\OLD52B.tmp
c:\windows\system32\drivers\OLD529.tmp
c:\windows\system32\drivers\OLD527.tmp
c:\windows\system32\drivers\OLD525.tmp
c:\windows\system32\drivers\OLD523.tmp
c:\windows\system32\drivers\OLD521.tmp
c:\windows\system32\drivers\OLD51F.tmp
c:\windows\system32\drivers\OLD51B.tmp
c:\windows\system32\drivers\OLD519.tmp
c:\windows\system32\drivers\OLD517.tmp
c:\windows\system32\drivers\OLD515.tmp
c:\windows\system32\drivers\OLD513.tmp
c:\windows\system32\drivers\OLD511.tmp
c:\windows\system32\drivers\OLD50F.tmp
c:\windows\system32\drivers\OLD50D.tmp
c:\windows\system32\drivers\OLD50B.tmp
c:\windows\system32\drivers\OLD509.tmp
c:\windows\system32\drivers\OLD507.tmp
c:\windows\system32\drivers\OLD505.tmp
c:\windows\system32\drivers\OLD503.tmp
c:\windows\system32\drivers\OLD501.tmp
c:\windows\system32\drivers\OLD4FF.tmp
c:\windows\system32\drivers\OLD4FD.tmp
c:\windows\system32\drivers\OLD4FB.tmp
c:\windows\system32\drivers\OLD4F9.tmp
c:\windows\system32\drivers\OLD4F7.tmp
c:\windows\system32\drivers\OLD4F5.tmp
c:\windows\system32\drivers\OLD4F3.tmp
c:\windows\system32\drivers\OLD4F1.tmp
c:\windows\system32\drivers\OLD4EF.tmp
c:\windows\system32\drivers\OLD4ED.tmp
c:\windows\system32\drivers\OLD4EB.tmp
c:\windows\system32\drivers\OLD4E9.tmp
c:\windows\system32\drivers\OLD4E7.tmp
c:\windows\system32\drivers\OLD4E5.tmp
c:\windows\system32\drivers\OLD4E3.tmp
c:\windows\system32\drivers\OLD4E1.tmp
c:\windows\system32\drivers\OLD4DF.tmp
c:\windows\system32\drivers\OLD4DD.tmp
c:\windows\system32\drivers\OLD4DB.tmp
c:\windows\system32\drivers\OLD4D9.tmp
c:\windows\system32\drivers\OLD4D7.tmp
c:\windows\system32\drivers\OLD4D5.tmp
c:\windows\system32\drivers\OLD4D3.tmp
c:\windows\system32\drivers\OLD4D1.tmp
c:\windows\system32\drivers\OLD4CF.tmp
c:\windows\system32\drivers\OLD4CD.tmp
c:\windows\system32\drivers\OLD4CB.tmp
c:\windows\system32\drivers\OLD4C9.tmp
c:\windows\system32\drivers\OLD4C7.tmp
c:\windows\system32\drivers\OLD4C5.tmp
c:\windows\system32\drivers\OLD4C3.tmp
c:\windows\system32\drivers\OLD4C1.tmp
c:\windows\system32\drivers\OLD4BF.tmp
c:\windows\system32\drivers\OLD4BD.tmp
c:\windows\system32\drivers\OLD4BB.tmp
c:\windows\system32\drivers\OLD4B9.tmp
c:\windows\system32\drivers\OLD4B7.tmp
c:\windows\system32\drivers\OLD4B5.tmp
c:\windows\system32\drivers\OLD4B3.tmp
c:\windows\system32\drivers\OLD4B1.tmp
c:\windows\system32\drivers\OLD4AF.tmp
c:\windows\system32\drivers\OLD4AD.tmp
c:\windows\system32\drivers\OLD4AB.tmp
c:\windows\system32\drivers\OLD4A9.tmp
c:\windows\system32\drivers\OLD4A7.tmp
c:\windows\system32\drivers\OLD4A5.tmp
c:\windows\system32\drivers\OLD4A3.tmp
c:\windows\system32\drivers\OLD4A1.tmp
c:\windows\system32\drivers\OLD49F.tmp
c:\windows\system32\drivers\OLD49D.tmp
c:\windows\system32\drivers\OLD49B.tmp
c:\windows\system32\drivers\OLD499.tmp
c:\windows\system32\drivers\OLD497.tmp
c:\windows\system32\drivers\OLD495.tmp
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"ddnsfilter"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
After that can you scan again with OTS and an online Kaspersky scan. Kaspersky won't delete if it finds any threats so you need to save a logfile.
http://www.kaspersky.com/virusscanner
NolaBudMan13
21 Sep 2009, 2:09am
OTS scan is too long so I'll post it in 2 parts ...
[code]
OTS logfile created on: 9/20/2009 7:53:35 PM - Run 2
OTS by OldTimer - Version 3.0.12.0 Folder = K:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.48 Mb Total Physical Memory | 465.41 Mb Available Physical Memory | 48.56% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.50 Gb Total Space | 150.47 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 979.05 Mb Total Space | 799.41 Mb Free Space | 81.65% Space Free | Partition Type: FAT32
Computer Name: KABANG13
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/09/16 22:53:52 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/09/16 22:53:52 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/09/16 22:53:48 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/16 22:53:48 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpsysdrv.exe -> c:\windows\system\hpsysdrv.exe -> [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\HP\KBD\KBD.EXE -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
omg.exe -> K:\OMG.exe -> [2009/09/10 19:06:58 | 00,516,096 | ---- | M] (OldTimer Tools)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2006/03/08 06:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe -> [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)
[Win32 Services - Safe List]
(ARSVC) ARSVC [Win32_Own | Auto | Stopped] -> C:\WINDOWS\arservice.exe -> [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/16 22:53:48 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -> [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -> [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(lavasoft ad-aware service) lavasoft ad-aware service [Win32_Own | Auto | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
(sdauxservice) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(sdcoreservice) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/07/13 16:29:29 | 01,174,152 | ---- | M] (Symantec Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
[Driver Services - Safe List]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\AGRSM.sys -> [2006/01/25 18:24:30 | 01,149,888 | ---- | M] (Agere Systems)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\AmdK8.sys -> [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices)
(avgldx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/09/16 22:54:17 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgmfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/09/16 22:54:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgtdix) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/09/16 22:54:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -> [2004/03/08 13:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2006/09/11 03:00:00 | 00,387,432 | ---- | M] (Symantec Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2005/10/27 19:24:28 | 00,049,664 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2005/10/27 19:24:30 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2005/10/27 19:24:30 | 00,021,568 | ---- | M] (HP)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2006/03/08 15:27:12 | 04,246,016 | ---- | M] (Realtek Semiconductor Corp.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -> [2006/03/03 16:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -> [2006/03/03 16:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation)
(pctcore) PCTools KDS [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\PCTCore.sys -> [2009/08/24 14:05:06 | 00,206,256 | ---- | M] (PC Tools)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\PS2.sys -> [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/09 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/27 02:55:31 | 00,036,624 | ---- | M] (Sonic Solutions)
(QCDonner) Logitech QuickCam Express [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\OVCD.sys -> [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation)
(RT73) Belkin Wireless G Plus MIMO USB Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\rt73.sys -> [2007/11/09 03:50:42 | 00,452,480 | ---- | M] (Ralink Technology, Corp.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2004/08/03 16:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\serscan.sys -> [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\symlcbrd.sys -> [2006/05/25 05:51:19 | 00,010,344 | ---- | M] (Symantec Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.my.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\firefox\extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/09/16 22:53:53 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{a3bc75a2-1f87-4686-aa43-5347d756017c} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [MSN Toolbar] -> [2009/02/09 21:33:14 | 00,082,768 | ---- | M] (Microsoft Corp.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/09/16 22:53:48 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
"HP Software Update" -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/16 00:34:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 01:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"KBD" -> C:\HP\KBD\KBD.EXE [C:\HP\KBD\KBD.EXE] -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"Microsoft Default Manager" -> C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ["C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume] -> [2009/02/03 13:05:02 | 00,233,304 | ---- | M] (Microsoft Corp.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/10/07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"Recguard" -> C:\WINDOWS\SMINST\RECGUARD.EXE [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/23 00:14:00 | 00,237,568 | ---- | M] ()
"Reminder" -> C:\Windows\Creator\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> [2004/12/14 04:23:44 | 00,663,552 | ---- | M] (SoftThinks)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/03/08 06:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> ["realsched.exe" -osboot] -> File not found
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"disableregistrytools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Translate English Word -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Backward Links -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cached Snapshot of Page -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmcache.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
Similar Pages -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate Page into English -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &Maps -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &SMS -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Button: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Menu: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
NolaBudMan13
21 Sep 2009, 2:12am
Part 2 of OTS scan ...
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E908B145-C847-4e85-B315-07E2E70DECF8}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab [VerifyGMN Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156614833598 [MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5F2081DF-EABA-47AD-916E-16C7DAA761B9}\\DhcpNameServer -> 192.168.2.1 (Belkin Wireless G Plus MIMO USB Network Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{BE5485AA-FD3B-429B-B68F-1AF97420330E}\\DhcpNameServer -> 192.168.2.1 () ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/09/16 22:54:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM] -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 04:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 04:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 04:11:50 | 00,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\HP Rhapsody\rhapsody.exe" -> C:\Program Files\HP Rhapsody\rhapsody.exe [C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody] -> [2005/11/17 05:01:08 | 05,627,904 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 06:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 04:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 03:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 03:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 03:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 04:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2005/09/21 06:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2005/12/15 21:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2005/09/21 06:40:04 | 00,196,608 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2005/12/15 21:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2005/12/15 20:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 03:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/10 01:41:28 | 00,573,440 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/10 01:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort] -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Piolet\Piolet.exe" -> C:\Program Files\Piolet\Piolet.exe [C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet] -> [2008/11/10 10:48:44 | 01,311,232 | ---- | M] (MP2P Technologies.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\dllhost.exe" -> C:\WINDOWS\System32\dllhost.exe [C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost] -> [2008/04/13 19:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\spoolsv.exe" -> C:\WINDOWS\System32\spoolsv.exe [C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv] -> [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" -> C:\WINDOWS\System32\wbem\wmiprvse.exe [C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse] -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/05/25 05:34:11 | 00,000,100 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 30 Days]
709 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
LastGood -> C:\WINDOWS\LastGood -> [2009/09/20 19:52:40 | 00,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2009/09/20 19:40:11 | 00,000,000 | -HSD | C]
CF16252.exe -> C:\WINDOWS\System32\CF16252.exe -> [2009/09/20 19:39:55 | 00,389,120 | ---- | C] (Microsoft Corporation)
Installer -> C:\Installer -> [2009/09/20 19:39:55 | 00,000,000 | --SD | C]
CF28798.exe -> C:\WINDOWS\System32\CF28798.exe -> [2009/09/20 19:37:12 | 00,389,120 | ---- | C] (Microsoft Corporation)
temp -> C:\WINDOWS\temp -> [2009/09/17 19:04:54 | 00,000,000 | ---D | C]
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/09/17 18:54:19 | 00,031,232 | ---- | C] (NirSoft)
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/09/17 03:09:43 | 00,000,000 | ---D | C]
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/09/16 22:54:28 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
AVG Free 8.5.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk -> [2009/09/16 22:54:28 | 00,001,562 | ---- | C] ()
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/09/16 22:54:26 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/09/16 22:54:17 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/09/16 22:54:16 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/09/16 22:54:03 | 41,588,388 | ---- | C] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/09/16 22:54:01 | 00,112,419 | ---- | C] ()
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/09/16 22:54:00 | 00,463,779 | ---- | C] ()
avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2009/09/16 22:53:58 | 06,061,540 | ---- | C] ()
Avg -> C:\WINDOWS\System32\drivers\Avg -> [2009/09/16 22:53:58 | 00,000,000 | ---D | C]
AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2009/09/16 22:53:57 | 00,000,000 | ---D | C]
AVG -> C:\Program Files\AVG -> [2009/09/16 22:53:48 | 00,000,000 | ---D | C]
avg8 -> C:\Documents and Settings\All Users\Application Data\avg8 -> [2009/09/16 22:53:47 | 00,000,000 | ---D | C]
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/09/16 21:01:16 | 00,229,888 | ---- | C] ()
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/09/16 21:01:16 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/09/16 21:01:16 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/09/16 21:01:16 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> C:\WINDOWS\sed.exe -> [2009/09/16 21:01:16 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/09/16 21:01:16 | 00,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/09/16 21:01:16 | 00,068,096 | ---- | C] ()
ERDNT -> C:\WINDOWS\ERDNT -> [2009/09/16 21:01:09 | 00,000,000 | ---D | C]
Installer.exe -> C:\Documents and Settings\HP_Administrator\Desktop\Installer.exe -> [2009/09/16 20:55:29 | 03,316,998 | R--- | C] ()
Avenger -> C:\Avenger -> [2009/09/16 20:19:43 | 00,000,000 | ---D | C]
MInstaller -> C:\Program Files\MInstaller -> [2009/09/14 19:00:18 | 00,000,000 | ---D | C]
M -> C:\Program Files\M -> [2009/09/12 16:22:02 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/09/12 13:49:26 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/09/12 04:21:24 | 00,000,000 | ---D | C]
0535251103110107106.yux -> C:\WINDOWS\0535251103110107106.yux -> [2009/09/10 22:47:55 | 00,000,002 | ---- | C] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/10 19:08:42 | 00,002,148 | ---- | C] ()
~1 -> C:\Documents and Settings\All Users\Application Data\~1 -> [2009/09/10 19:05:52 | 00,000,000 | -H-D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/10 19:00:16 | 10,051,13344 | -HS- | C] ()
Malwarebytes -> C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes -> [2009/09/10 18:28:16 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/09/10 18:28:09 | 00,000,000 | ---D | C]
~0 -> C:\Documents and Settings\All Users\Application Data\~0 -> [2009/09/10 01:49:43 | 00,000,000 | -H-D | C]
Oberon Media -> C:\Documents and Settings\HP_Administrator\My Documents\Oberon Media -> [2009/09/10 01:42:11 | 00,000,000 | ---D | C]
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/09/09 23:14:34 | 00,159,600 | ---- | C] (PC Tools)
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/09/09 23:14:24 | 00,206,256 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/09/09 23:14:24 | 00,086,888 | ---- | C] (PC Tools)
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/09/09 23:14:24 | 00,007,396 | ---- | C] ()
pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2009/09/09 23:14:12 | 00,064,392 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/09/09 23:14:12 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\HP_Administrator\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
60e682b77c77cf96df -> C:\60e682b77c77cf96df -> [2009/09/09 22:59:11 | 00,000,000 | ---D | C]
Minidump -> C:\WINDOWS\Minidump -> [2009/09/09 21:40:54 | 00,000,000 | ---D | C]
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:07 | 00,198,948 | ---- | C] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:13 | 00,123,376 | ---- | C] ()
hpwmdl12.dat -> C:\WINDOWS\hpwmdl12.dat -> [2009/09/08 19:35:13 | 00,001,325 | ---- | C] ()
AVG8 -> C:\Documents and Settings\HP_Administrator\Application Data\AVG8 -> [2009/09/05 14:24:58 | 00,000,000 | ---D | C]
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | C] ()
HpUpdate -> C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate -> [2009/08/27 05:55:32 | 00,000,000 | ---D | C]
Hewlett-Packard -> C:\WINDOWS\Hewlett-Packard -> [2009/08/27 05:55:26 | 00,000,000 | ---D | C]
Scans -> C:\Documents and Settings\HP_Administrator\My Documents\Scans -> [2009/08/24 19:52:09 | 00,000,000 | ---D | C]
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2008/11/14 06:15:07 | 00,135,168 | ---- | C] ()
_delis32.ini -> C:\WINDOWS\_delis32.ini -> [2007/07/21 17:53:56 | 00,000,544 | ---- | C] ()
COVERE~1.INI -> C:\WINDOWS\COVERE~1.INI -> [2007/04/21 17:13:18 | 00,000,391 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/04/21 11:55:00 | 00,000,069 | ---- | C] ()
HP_48BitScanUpdatePatch.ini -> C:\WINDOWS\HP_48BitScanUpdatePatch.ini -> [2006/12/26 07:47:17 | 00,000,214 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2006/09/12 18:26:27 | 00,000,025 | ---- | C] ()
HP_CounterReport_Update_HPSU.ini -> C:\WINDOWS\HP_CounterReport_Update_HPSU.ini -> [2006/09/04 18:00:11 | 00,000,227 | ---- | C] ()
HPGdiPlus.ini -> C:\WINDOWS\HPGdiPlus.ini -> [2006/08/28 17:32:29 | 00,000,206 | ---- | C] ()
album.ini -> C:\WINDOWS\album.ini -> [2006/08/14 21:17:32 | 00,000,032 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/25 06:02:17 | 00,000,061 | ---- | C] ()
USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2006/05/25 05:42:10 | 00,028,848 | ---- | C] ()
CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2006/05/25 05:36:55 | 00,014,317 | ---- | C] ()
hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2006/05/25 05:36:49 | 00,045,056 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2006/05/25 05:34:27 | 00,000,174 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/25 05:31:53 | 00,000,376 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/05/25 05:20:39 | 00,000,157 | ---- | C] ()
NSSetDefaultBrowser.ini -> C:\WINDOWS\NSSetDefaultBrowser.ini -> [2006/05/25 05:20:01 | 00,000,698 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/05/25 05:05:24 | 00,001,793 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/05/25 05:02:49 | 01,703,936 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/05/25 05:02:49 | 01,486,848 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/05/25 05:02:49 | 01,019,904 | ---- | C] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/05/25 05:02:49 | 00,573,440 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/05/25 05:02:49 | 00,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/05/25 05:02:49 | 00,286,720 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/05/25 05:01:19 | 00,000,791 | ---- | C] ()
pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2006/05/25 04:41:17 | 00,323,584 | ---- | C] ()
pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2006/05/25 04:41:17 | 00,094,208 | ---- | C] ()
bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2006/05/25 04:40:58 | 00,016,896 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2006/03/17 19:23:44 | 00,000,000 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2005/08/30 23:02:00 | 00,000,792 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2005/08/30 15:52:36 | 00,000,264 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 23:01:54 | 00,235,008 | ---- | C] ()
armcex.dll -> C:\WINDOWS\armcex.dll -> [2005/08/03 01:19:16 | 00,050,176 | ---- | C] ()
qt-mt331.dll -> C:\WINDOWS\System32\qt-mt331.dll -> [2004/10/26 17:39:05 | 03,375,104 | ---- | C] ()
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2004/08/09 23:00:00 | 00,076,416 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/07/26 09:51:38 | 00,000,560 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/08 00:05:08 | 00,002,695 | ---- | C] ()
hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2001/07/07 00:30:00 | 00,003,399 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [1999/08/10 12:02:20 | 00,116,736 | ---- | C] ()
lffpx7.dll -> C:\WINDOWS\System32\lffpx7.dll -> [1999/08/10 12:02:16 | 00,343,040 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
8 C:\Documents and Settings\HP_Administrator\Local Settings\temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\*.tmp ->
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2009/09/20 19:57:56 | 00,076,416 | ---- | M] ()
beep.sys -> C:\WINDOWS\System32\dllcache\beep.sys -> [2009/09/20 19:52:35 | 00,076,416 | ---- | M] ()
hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2009/09/20 19:45:54 | 00,000,188 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/20 19:45:30 | 00,002,148 | ---- | M] ()
Perflib_Perfdata_400.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_400.dat -> [2009/09/20 19:44:14 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/20 19:43:23 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/09/20 19:43:12 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/20 19:43:01 | 10,051,13344 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\HP_Administrator\ntuser.dat -> [2009/09/20 19:41:56 | 05,242,880 | ---- | M] ()
catchme.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\catchme.dll -> [2009/09/20 19:40:57 | 00,053,248 | ---- | M] ()
CF16252.exe -> C:\WINDOWS\System32\CF16252.exe -> [2009/09/20 19:37:51 | 00,389,120 | ---- | M] (Microsoft Corporation)
Installer.exe -> C:\Documents and Settings\HP_Administrator\Desktop\Installer.exe -> [2009/09/20 19:37:29 | 03,316,998 | R--- | M] ()
CF28798.exe -> C:\WINDOWS\System32\CF28798.exe -> [2009/09/20 19:36:39 | 00,389,120 | ---- | M] (Microsoft Corporation)
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/09/20 18:07:31 | 41,588,388 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/09/20 18:07:08 | 00,112,419 | ---- | M] ()
mPlayer.3.0.9.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\mProjector1838663841\mPlayer.3.0.9.dll -> [2009/09/20 17:52:40 | 00,122,880 | ---- | M] ()
FriendFinder Messenger v4.1.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\FriendFinder Messenger v4.1.lnk -> [2009/09/20 17:52:37 | 00,002,557 | ---- | M] ()
Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2009/09/19 14:42:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e48.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e48.dat -> [2009/09/17 22:15:23 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_f18.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\Perflib_Perfdata_f18.dat -> [2009/09/17 22:15:22 | 00,016,384 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/09/17 19:09:44 | 00,000,264 | ---- | M] ()
Perflib_Perfdata_348.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_348.dat -> [2009/09/17 19:09:02 | 00,016,384 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/09/17 19:08:47 | 00,000,027 | ---- | M] ()
rekesetu -> C:\WINDOWS\System32\rekesetu -> [2009/09/16 23:10:56 | 00,011,168 | -H-- | M] ()
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/09/16 22:54:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
AVG Free 8.5.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk -> [2009/09/16 22:54:28 | 00,001,562 | ---- | M] ()
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/09/16 22:54:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/09/16 22:54:17 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/09/16 22:54:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/09/16 22:54:01 | 00,463,779 | ---- | M] ()
avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2009/09/16 22:54:00 | 06,061,540 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/09/16 20:37:30 | 00,000,792 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/09/16 20:37:30 | 00,000,279 | RHS- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/16 19:52:18 | 00,082,944 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db -> [2009/09/16 19:46:17 | 05,299,996 | -H-- | M] ()
Global.sw2 -> C:\Documents and Settings\All Users\Documents\Global.sw2 -> [2009/09/15 22:26:04 | 00,009,385 | ---- | M] ()
Piolet.lnk -> C:\Documents and Settings\All Users\Desktop\Piolet.lnk -> [2009/09/15 22:25:58 | 00,000,709 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/09/14 02:12:36 | 00,229,888 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/09/13 01:45:51 | 00,008,284 | ---- | M] ()
0535251103110107106.yux -> C:\WINDOWS\0535251103110107106.yux -> [2009/09/10 22:47:55 | 00,000,002 | ---- | M] ()
IrfanView.lnk -> C:\Documents and Settings\All Users\Desktop\IrfanView.lnk -> [2009/09/10 18:54:13 | 00,000,959 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/09 16:42:14 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/09 16:42:14 | 00,004,232 | ---- | M] ()
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:09 | 00,198,948 | ---- | M] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:23 | 00,123,376 | ---- | M] ()
album.ini -> C:\WINDOWS\album.ini -> [2009/08/31 00:29:27 | 00,000,032 | ---- | M] ()
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | M] ()
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/08/24 14:05:06 | 00,206,256 | ---- | M] (PC Tools)
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/09/18 16:24:06 | 00,166,221 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/18 16:22:18 | 00,016,384 | ---- | M] ()
[Files/Folders - Unicode - All]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:33 | 00,000,000 | ---D | C]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:51 | 00,000,000 | ---D | M]
[Alternate Data Streams]
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
[/code]
NolaBudMan13
22 Sep 2009, 6:29am
FYI ... I tried running the Kaspersky online scanner a couple times over the last 2 days. It seems to scan but I get no log file when it's done.
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.