HI-JACKED BY Anti Virus Pro 2010 Scareware

NolaBudMan13

Anyone have a clue how to remove this ???? It's disabled all my anti-virus,spyware, "hi-jack this" as well as my "admin rights" on my desktop. Can't even open my task manager ... HELP !?!?!?!?!

NolaBudMan13

Downloaded OTS ... only scan I could run. Trying to post log but it says it's too long by 20,000 characters. Try and post it in 2 comments ...

[code]
OTS logfile created on: 9/10/2009 7:12:47 PM - Run 1
OTS by OldTimer - Version 3.0.12.0 Folder = K:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 583.86 Mb Available Physical Memory | 60.91% Memory free
2.26 Gb Paging File | 1.96 Gb Available in Paging File | 86.78% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.50 Gb Total Space | 151.23 Gb Free Space | 85.20% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 979.05 Mb Total Space | 865.66 Mb Free Space | 88.42% Space Free | Partition Type: FAT32

Computer Name: KABANG13
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan

[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/07/03 09:49:06 | 00,520,024 | ---- | M] (Lavasoft)
arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft)
ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpsysdrv.exe -> c:\windows\system\hpsysdrv.exe -> [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe -> [2005/08/27 03:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\HP\KBD\KBD.EXE -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
ots.exe -> K:\OTS.exe -> [2009/09/10 19:06:58 | 00,516,096 | ---- | M] (OldTimer Tools)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2004/08/09 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)

[Win32 Services - Safe List]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -> [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -> [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(lavasoft ad-aware service) lavasoft ad-aware service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
(sdauxservice) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(sdcoreservice) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/07/13 16:29:29 | 01,174,152 | ---- | M] (Symantec Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
{bf56a325-23f2-42ad-f4e4-00aac39caa53} [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [C:\WINDOWS\system32\tajf83ikdmf.dll] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [MSN Toolbar] -> [2009/02/09 21:33:14 | 00,082,768 | ---- | M] (Microsoft Corp.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 20:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft)
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
"HP Software Update" -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/16 00:34:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 01:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"KBD" -> C:\HP\KBD\KBD.EXE [C:\HP\KBD\KBD.EXE] -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"Microsoft Default Manager" -> C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ["C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume] -> [2009/02/03 13:05:02 | 00,233,304 | ---- | M] (Microsoft Corp.)
"MSConfig" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto] -> [2008/04/13 19:12:27 | 00,169,984 | ---- | M] (Microsoft Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/10/07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"PCDrProfiler" -> C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe ["C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r] -> File not found
"Recguard" -> C:\WINDOWS\SMINST\RECGUARD.EXE [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/23 00:14:00 | 00,237,568 | ---- | M] ()
"Reminder" -> C:\Windows\Creator\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> [2004/12/14 04:23:44 | 00,663,552 | ---- | M] (SoftThinks)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/03/08 06:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"tadekihih" -> C:\WINDOWS\System32\fiseziju.DLL [Rundll32.exe "c:\windows\system32\fiseziju.dll",a] -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
"TkBellExe" -> ["realsched.exe" -osboot] -> File not found
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
"winupdate.exe" -> C:\WINDOWS\System32\winupdate.exe [C:\WINDOWS\system32\winupdate.exe] -> [2009/09/09 21:46:52 | 00,044,970 | -HS- | M] ()
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
"Windows System Recover!" -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\spoolsv.exe] -> [2009/09/10 17:52:58 | 00,022,532 | -H-- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoFolderOptions" -> [1] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [1] -> File not found
\\"DisableTaskMgr" -> [1] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Translate English Word -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Backward Links -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cached Snapshot of Page -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmcache.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
Similar Pages -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate Page into English -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &Maps -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &SMS -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Button: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Menu: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E908B145-C847-4e85-B315-07E2E70DECF8}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&amp;mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab [VerifyGMN Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156614833598 [MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5F2081DF-EABA-47AD-916E-16C7DAA761B9}\\DhcpNameServer -> 192.168.2.1 (Belkin Wireless G Plus MIMO USB Network Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{BE5485AA-FD3B-429B-B68F-1AF97420330E}\\DhcpNameServer -> 192.168.2.1 () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
c:\windows\system32\fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
guzuyavu.dll -> C:\WINDOWS\System32\guzuyavu.dll -> [2009/06/10 09:47:52 | 00,050,176 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [gudelogob] -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"" [HKLM] -> Reg Error: Key error. [C:\WINDOWS\system32\tajf83ikdmf.dll] -> File not found
"{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}" [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [ghya673gidh87we9inkff] -> File not found
"{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [kupuhivus] -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
"ThreadingModel" [HKLM] -> Reg Error: Key error. [Apartment] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM] -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 04:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 04:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 04:11:50 | 00,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\HP Rhapsody\rhapsody.exe" -> C:\Program Files\HP Rhapsody\rhapsody.exe [C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody] -> [2005/11/17 05:01:08 | 05,627,904 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 06:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 04:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 03:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 03:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 03:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 04:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2005/09/21 06:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2005/12/15 21:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2005/09/21 06:40:04 | 00,196,608 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2005/12/15 21:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2005/12/15 20:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 03:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/10 01:41:28 | 00,573,440 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/10 01:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort] -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Piolet\Piolet.exe" -> C:\Program Files\Piolet\Piolet.exe [C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet] -> [2008/07/04 08:45:02 | 01,733,120 | ---- | M] (MP2P Technologies.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:explorer] -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\dllhost.exe" -> C:\WINDOWS\System32\dllhost.exe [C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost] -> [2008/04/13 19:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\spoolsv.exe" -> C:\WINDOWS\System32\spoolsv.exe [C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv] -> [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" -> C:\WINDOWS\System32\wbem\wmiprvse.exe [C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse] -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\System32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation)

NolaBudMan13

Part 2 of OTS scan ...

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/05/25 05:34:11 | 00,000,100 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 14 Days]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
LastGood -> C:\WINDOWS\LastGood -> [2009/09/10 19:10:37 | 00,000,000 | ---D | C]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/10 19:08:42 | 00,002,148 | ---- | C] ()
{EF63305C-BAD7-4144-9208-D65528260864} -> C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} -> [2009/09/10 19:05:52 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/09/10 19:05:51 | 00,000,922 | ---- | C] ()
Lavasoft -> C:\Program Files\Lavasoft -> [2009/09/10 19:05:44 | 00,000,000 | ---D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/10 19:00:16 | 10,051,13344 | -HS- | C] ()
Malwarebytes -> C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes -> [2009/09/10 18:28:16 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/09/10 18:28:09 | 00,000,000 | ---D | C]
~0 -> C:\Documents and Settings\All Users\Application Data\~0 -> [2009/09/10 01:49:43 | 00,000,000 | -H-D | C]
Oberon Media -> C:\Documents and Settings\HP_Administrator\My Documents\Oberon Media -> [2009/09/10 01:42:11 | 00,000,000 | ---D | C]
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/09/09 23:14:34 | 00,159,600 | ---- | C] (PC Tools)
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/09/09 23:14:24 | 00,206,256 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/09/09 23:14:24 | 00,086,888 | ---- | C] (PC Tools)
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/09/09 23:14:24 | 00,007,396 | ---- | C] ()
pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2009/09/09 23:14:12 | 00,064,392 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/09/09 23:14:12 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\HP_Administrator\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
60e682b77c77cf96df -> C:\60e682b77c77cf96df -> [2009/09/09 22:59:11 | 00,000,000 | -H-D | C]
ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf -> [2009/09/09 22:58:13 | 00,018,530 | ---- | C] ()
husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys -> [2009/09/09 22:58:13 | 00,018,417 | ---- | C] ()
nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif -> [2009/09/09 22:58:13 | 00,018,380 | ---- | C] ()
likamosu.exe -> C:\Program Files\Common Files\likamosu.exe -> [2009/09/09 22:58:13 | 00,013,940 | ---- | C] ()
ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf -> [2009/09/09 22:58:13 | 00,013,835 | ---- | C] ()
boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat -> [2009/09/09 22:58:13 | 00,013,809 | ---- | C] ()
ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys -> [2009/09/09 22:58:13 | 00,013,037 | ---- | C] ()
oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat -> [2009/09/09 22:58:13 | 00,012,653 | ---- | C] ()
umykyh.dll -> C:\WINDOWS\umykyh.dll -> [2009/09/09 22:58:13 | 00,012,124 | ---- | C] ()
emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban -> [2009/09/09 22:58:13 | 00,011,487 | ---- | C] ()
delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib -> [2009/09/09 22:58:13 | 00,011,024 | ---- | C] ()
naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg -> [2009/09/09 22:58:13 | 00,010,996 | ---- | C] ()
fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif -> [2009/09/09 22:58:13 | 00,010,569 | ---- | C] ()
usegic.scr -> C:\Documents and Settings\All Users\Documents\usegic.scr -> [2009/09/09 22:58:13 | 00,010,097 | ---- | C] ()
kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy -> [2009/09/09 22:58:12 | 00,015,406 | ---- | C] ()
vozu.lib -> C:\WINDOWS\vozu.lib -> [2009/09/09 22:58:12 | 00,012,603 | ---- | C] ()
ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com -> [2009/09/09 21:48:09 | 00,019,751 | ---- | C] ()
silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl -> [2009/09/09 21:48:09 | 00,018,449 | ---- | C] ()
teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl -> [2009/09/09 21:48:09 | 00,018,269 | ---- | C] ()
uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat -> [2009/09/09 21:48:09 | 00,017,643 | ---- | C] ()
aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr -> [2009/09/09 21:48:09 | 00,017,305 | ---- | C] ()
kacynus.ban -> C:\WINDOWS\kacynus.ban -> [2009/09/09 21:48:09 | 00,017,174 | ---- | C] ()
ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin -> [2009/09/09 21:48:09 | 00,016,740 | ---- | C] ()
upuk.db -> C:\Program Files\Common Files\upuk.db -> [2009/09/09 21:48:09 | 00,016,129 | ---- | C] ()
tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl -> [2009/09/09 21:48:09 | 00,015,947 | ---- | C] ()
aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db -> [2009/09/09 21:48:09 | 00,015,633 | ---- | C] ()
ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat -> [2009/09/09 21:48:09 | 00,015,450 | ---- | C] ()
zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat -> [2009/09/09 21:48:09 | 00,014,519 | ---- | C] ()
yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg -> [2009/09/09 21:48:09 | 00,013,976 | ---- | C] ()
fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif -> [2009/09/09 21:48:09 | 00,012,111 | ---- | C] ()
hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl -> [2009/09/09 21:48:09 | 00,010,577 | ---- | C] ()
riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat -> [2009/09/09 21:48:09 | 00,010,203 | ---- | C] ()
13958284 -> C:\Documents and Settings\All Users\Application Data\13958284 -> [2009/09/09 21:46:56 | 00,000,000 | ---D | C]
winupdate.exe -> C:\WINDOWS\System32\winupdate.exe -> [2009/09/09 21:46:54 | 00,044,970 | -HS- | C] ()
Minidump -> C:\WINDOWS\Minidump -> [2009/09/09 21:40:54 | 00,000,000 | ---D | C]
UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys -> [2009/09/09 21:39:53 | 00,050,688 | ---- | C] ()
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:07 | 00,198,948 | ---- | C] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:13 | 00,123,376 | ---- | C] ()
hpwmdl12.dat -> C:\WINDOWS\hpwmdl12.dat -> [2009/09/08 19:35:13 | 00,001,325 | ---- | C] ()
AVG8 -> C:\Documents and Settings\HP_Administrator\Application Data\AVG8 -> [2009/09/05 14:24:58 | 00,000,000 | ---D | C]
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | C] ()

[Files/Folders - Modified Within 14 Days]
793 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
8 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
rekesetu -> C:\WINDOWS\System32\rekesetu -> [2009/09/10 19:14:16 | 00,011,168 | -H-- | M] ()
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2009/09/10 19:14:12 | 00,076,416 | ---- | M] ()
hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2009/09/10 19:10:47 | 00,000,188 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/10 19:09:50 | 00,002,148 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/09/10 19:09:42 | 00,000,472 | ---- | M] ()
Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2009/09/10 19:08:57 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/10 19:08:47 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/09/10 19:08:39 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/10 19:08:33 | 10,051,13344 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\HP_Administrator\ntuser.dat -> [2009/09/10 19:06:31 | 05,242,880 | ---- | M] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/09/10 19:05:51 | 00,000,922 | ---- | M] ()
Perflib_Perfdata_538.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_538.dat -> [2009/09/10 19:00:34 | 00,016,384 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/09/10 18:58:17 | 00,000,792 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/09/10 18:58:17 | 00,000,279 | RHS- | M] ()
System.ini -> C:\WINDOWS\System.ini -> [2009/09/10 18:58:17 | 00,000,264 | ---- | M] ()
IrfanView.lnk -> C:\Documents and Settings\All Users\Desktop\IrfanView.lnk -> [2009/09/10 18:54:13 | 00,000,959 | ---- | M] ()
notepad.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\notepad.exe -> [2009/09/10 17:53:00 | 00,022,532 | -H-- | M] ()
winlogon.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winlogon.exe -> [2009/09/10 17:52:59 | 00,022,532 | -H-- | M] ()
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\setup.exe -> [2009/09/10 17:52:59 | 00,022,532 | -H-- | M] ()
spoolsv.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe -> [2009/09/10 17:52:58 | 00,022,532 | -H-- | M] ()
login.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\login.exe -> [2009/09/10 17:52:58 | 00,022,532 | -H-- | M] ()
1833564672.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1833564672.exe -> [2009/09/10 17:52:53 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_248.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_248.dat -> [2009/09/10 17:52:17 | 00,016,384 | ---- | M] ()
svchost.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe -> [2009/09/10 16:09:10 | 00,022,532 | -H-- | M] ()
smss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\smss.exe -> [2009/09/10 16:09:08 | 00,022,532 | -H-- | M] ()
3979011612.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3979011612.exe -> [2009/09/10 16:09:04 | 00,022,528 | ---- | M] ()
mdm.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mdm.exe -> [2009/09/10 12:58:41 | 00,022,532 | -H-- | M] ()
lsass.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lsass.exe -> [2009/09/10 12:58:40 | 00,022,532 | -H-- | M] ()
1373161308.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1373161308.exe -> [2009/09/10 12:58:37 | 00,022,528 | ---- | M] ()
taskmgr.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\taskmgr.exe -> [2009/09/10 09:48:15 | 00,022,532 | -H-- | M] ()
install.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.exe -> [2009/09/10 09:48:15 | 00,022,532 | -H-- | M] ()
3063997050.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3063997050.exe -> [2009/09/10 09:48:10 | 00,022,528 | ---- | M] ()
webofefa.dll -> C:\WINDOWS\System32\webofefa.dll -> [2009/09/10 09:47:50 | 00,050,176 | -HS- | M] ()
fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll -> [2009/09/10 09:47:20 | 00,088,064 | -HS- | M] ()
hidujuku.dll -> C:\WINDOWS\System32\hidujuku.dll -> [2009/09/10 09:47:20 | 00,037,376 | -HS- | M] ()
services.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\services.exe -> [2009/09/10 06:37:46 | 00,022,532 | -H-- | M] ()
system.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\system.exe -> [2009/09/10 06:37:45 | 00,022,532 | -H-- | M] ()
97521746.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\97521746.exe -> [2009/09/10 06:37:39 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_2a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2a4.dat -> [2009/09/10 06:36:36 | 00,016,384 | ---- | M] ()
debug.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\debug.exe -> [2009/09/10 05:03:59 | 00,022,532 | -H-- | M] ()
16315344.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\16315344.exe -> [2009/09/10 05:03:55 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_674.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_674.dat -> [2009/09/10 01:52:23 | 00,016,384 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/10 01:43:21 | 00,081,408 | ---- | M] ()
mpengine.dll16921f29 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dll16921f29 -> [2009/09/10 01:11:03 | 05,395,280 | ---- | M] (Microsoft Corporation)
mpengine.dllce7daabe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dllce7daabe -> [2009/09/10 01:10:52 | 05,395,280 | ---- | M] (Microsoft Corporation)
csrss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrss.exe -> [2009/09/10 01:04:10 | 00,022,532 | -H-- | M] ()
2016453408.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2016453408.exe -> [2009/09/10 01:04:03 | 00,022,528 | ---- | M] ()
3660483204.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3660483204.exe -> [2009/09/10 00:59:40 | 00,022,528 | ---- | M] ()
win.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win.exe -> [2009/09/10 00:11:39 | 00,022,532 | -H-- | M] ()
winamp.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winamp.exe -> [2009/09/10 00:11:38 | 00,022,532 | -H-- | M] ()
569818230.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\569818230.exe -> [2009/09/10 00:11:33 | 00,022,528 | ---- | M] ()
mPlayer.3.0.9.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mProjector1838663841\mPlayer.3.0.9.dll -> [2009/09/10 00:00:37 | 00,122,880 | ---- | M] ()
FriendFinder Messenger v4.1.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\FriendFinder Messenger v4.1.lnk -> [2009/09/10 00:00:37 | 00,002,557 | ---- | M] ()
1983157618.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1983157618.exe -> [2009/09/09 23:52:29 | 00,022,528 | ---- | M] ()
mpengine.dll5a6d0e74 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dll5a6d0e74 -> [2009/09/09 23:29:59 | 05,395,280 | ---- | M] (Microsoft Corporation)
mpengine.dlla7674c67 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dlla7674c67 -> [2009/09/09 22:59:02 | 05,395,280 | ---- | M] (Microsoft Corporation)
mpengine.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mpengine.dll -> [2009/09/09 22:58:43 | 05,395,280 | ---- | M] (Microsoft Corporation)
ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf -> [2009/09/09 22:58:13 | 00,018,530 | ---- | M] ()
husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys -> [2009/09/09 22:58:13 | 00,018,417 | ---- | M] ()
nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif -> [2009/09/09 22:58:13 | 00,018,380 | ---- | M] ()
likamosu.exe -> C:\Program Files\Common Files\likamosu.exe -> [2009/09/09 22:58:13 | 00,013,940 | ---- | M] ()
ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf -> [2009/09/09 22:58:13 | 00,013,835 | ---- | M] ()
boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat -> [2009/09/09 22:58:13 | 00,013,809 | ---- | M] ()
ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys -> [2009/09/09 22:58:13 | 00,013,037 | ---- | M] ()
oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat -> [2009/09/09 22:58:13 | 00,012,653 | ---- | M] ()
umykyh.dll -> C:\WINDOWS\umykyh.dll -> [2009/09/09 22:58:13 | 00,012,124 | ---- | M] ()
emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban -> [2009/09/09 22:58:13 | 00,011,487 | ---- | M] ()
delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib -> [2009/09/09 22:58:13 | 00,011,024 | ---- | M] ()
naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg -> [2009/09/09 22:58:13 | 00,010,996 | ---- | M] ()
fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif -> [2009/09/09 22:58:13 | 00,010,569 | ---- | M] ()
usegic.scr -> C:\Documents and Settings\All Users\Documents\usegic.scr -> [2009/09/09 22:58:13 | 00,010,097 | ---- | M] ()
kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy -> [2009/09/09 22:58:12 | 00,015,406 | ---- | M] ()
vozu.lib -> C:\WINDOWS\vozu.lib -> [2009/09/09 22:58:12 | 00,012,603 | ---- | M] ()
Perflib_Perfdata_d1c.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_d1c.dat -> [2009/09/09 22:58:07 | 00,016,384 | ---- | M] ()
360395986.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\360395986.exe -> [2009/09/09 22:53:48 | 00,022,528 | ---- | M] ()
Perflib_Perfdata_544.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_544.dat -> [2009/09/09 22:52:27 | 00,016,384 | ---- | M] ()
ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com -> [2009/09/09 21:48:09 | 00,019,751 | ---- | M] ()
silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl -> [2009/09/09 21:48:09 | 00,018,449 | ---- | M] ()
teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl -> [2009/09/09 21:48:09 | 00,018,269 | ---- | M] ()
uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat -> [2009/09/09 21:48:09 | 00,017,643 | ---- | M] ()
aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr -> [2009/09/09 21:48:09 | 00,017,305 | ---- | M] ()
kacynus.ban -> C:\WINDOWS\kacynus.ban -> [2009/09/09 21:48:09 | 00,017,174 | ---- | M] ()
ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin -> [2009/09/09 21:48:09 | 00,016,740 | ---- | M] ()
upuk.db -> C:\Program Files\Common Files\upuk.db -> [2009/09/09 21:48:09 | 00,016,129 | ---- | M] ()
tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl -> [2009/09/09 21:48:09 | 00,015,947 | ---- | M] ()
aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db -> [2009/09/09 21:48:09 | 00,015,633 | ---- | M] ()
ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat -> [2009/09/09 21:48:09 | 00,015,450 | ---- | M] ()
zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat -> [2009/09/09 21:48:09 | 00,014,519 | ---- | M] ()
yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg -> [2009/09/09 21:48:09 | 00,013,976 | ---- | M] ()
fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif -> [2009/09/09 21:48:09 | 00,012,111 | ---- | M] ()
hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl -> [2009/09/09 21:48:09 | 00,010,577 | ---- | M] ()
riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat -> [2009/09/09 21:48:09 | 00,010,203 | ---- | M] ()
pufuyada.exe -> C:\WINDOWS\System32\pufuyada.exe -> [2009/09/09 21:46:55 | 01,064,996 | -HS- | M] ()
wutivoba.dll -> C:\WINDOWS\System32\wutivoba.dll -> [2009/09/09 21:46:52 | 00,088,576 | -HS- | M] ()
winupdate.exe -> C:\WINDOWS\System32\winupdate.exe -> [2009/09/09 21:46:52 | 00,044,970 | -HS- | M] ()
huzivewe.exe -> C:\WINDOWS\System32\huzivewe.exe -> [2009/09/09 21:46:52 | 00,044,970 | -HS- | M] ()
fugafizu.dll -> C:\WINDOWS\System32\fugafizu.dll -> [2009/09/09 21:46:51 | 00,037,888 | -HS- | M] ()
UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys -> [2009/09/09 21:39:53 | 00,050,688 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/09 16:42:14 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/09 16:42:14 | 00,004,232 | ---- | M] ()
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:09 | 00,198,948 | ---- | M] ()
Global.sw2 -> C:\Documents and Settings\All Users\Documents\Global.sw2 -> [2009/09/08 20:50:29 | 00,007,081 | ---- | M] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:23 | 00,123,376 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db -> [2009/09/05 12:54:02 | 01,579,462 | -H-- | M] ()
album.ini -> C:\WINDOWS\album.ini -> [2009/08/31 00:29:27 | 00,000,032 | ---- | M] ()
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | M] ()
gtapi.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\is-61TFG.tmp\gtapi.dll -> [2009/07/07 10:13:34 | 00,079,488 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/06/02 09:56:24 | 00,008,284 | ---- | M] ()
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/09/18 16:24:06 | 00,166,221 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/18 16:22:18 | 00,016,384 | ---- | M] ()

[Files/Folders - Unicode - All]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:33 | 00,000,000 | ---D | C]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:51 | 00,000,000 | ---D | M]

[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/09/10 19:05:52 | 00,000,000 | RH-D | M]
{EF63305C-BAD7-4144-9208-D65528260864} -> C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} -> [2009/09/10 19:05:52 | 00,000,000 | -H-D | M]
~0 -> C:\Documents and Settings\All Users\Application Data\~0 -> [2009/09/10 19:03:23 | 00,000,000 | -H-D | M]
13958284 -> C:\Documents and Settings\All Users\Application Data\13958284 -> [2009/09/09 21:47:03 | 00,000,000 | ---D | M]
Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2007/06/16 12:59:16 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/05/25 05:27:27 | 00,000,000 | ---D | M]
Digital Interactive Systems Corporation -> C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation -> [2007/04/06 07:13:12 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2006/05/25 05:34:30 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2006/11/17 18:51:55 | 00,000,000 | ---D | M]
PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/10/26 14:43:04 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2006/05/25 05:02:26 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/09/09 23:28:12 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/09/10 19:09:42 | 00,000,000 | --SD | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2009/09/10 19:09:42 | 00,000,472 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/10 06:00:00 | 00,000,065 | RH-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/09/10 19:08:47 | 00,000,006 | -H-- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

rpggamergirl

Hi,

The system is heavily infected, rootkits and all. With these rogues you need to rename the tools(like MalwareBytes and Combofix) prior to saving the file to your desktop because nasties blocked them from running.


Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {bf56a325-23f2-42ad-f4e4-00aac39caa53} [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [C:\WINDOWS\system32\tajf83ikdmf.dll]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> "tadekihih" -> C:\WINDOWS\System32\fiseziju.DLL [Rundll32.exe "c:\windows\system32\fiseziju.dll",a]
YY -> "winupdate.exe" -> C:\WINDOWS\System32\winupdate.exe [C:\WINDOWS\system32\winupdate.exe]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> trymedia.com .[http] -> Trusted sites
YN -> trymedia.com .[https] -> Trusted sites
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> c:\windows\system32\fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll
YY -> guzuyavu.dll -> C:\WINDOWS\System32\guzuyavu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [gudelogob]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "" [HKLM] -> Reg Error: Key error. [C:\WINDOWS\system32\tajf83ikdmf.dll]
YN -> "{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}" [HKLM] -> C:\WINDOWS\System32\tajf83ikdmf.dll [ghya673gidh87we9inkff]
YN -> "{d16c7692-0821-4fe6-8a9c-3e8df69472e8}" [HKLM] -> C:\WINDOWS\System32\fiseziju.dll [kupuhivus]
[Files/Folders - Created Within 14 Days]
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf
NY -> husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys
NY -> nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif
NY -> likamosu.exe -> C:\Program Files\Common Files\likamosu.exe
NY -> ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf
NY -> boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat
NY -> ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys
NY -> oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat
NY -> umykyh.dll -> C:\WINDOWS\umykyh.dll
NY -> emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban
NY -> delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib
NY -> naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg
NY -> fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif
NY -> usegic.scr -> C:\Documents and Settings\All Users\Documents\usegic.scr
NY -> kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy
NY -> vozu.lib -> C:\WINDOWS\vozu.lib
NY -> ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com
NY -> silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl
NY -> teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl
NY -> uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat
NY -> aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr
NY -> kacynus.ban -> C:\WINDOWS\kacynus.ban
NY -> ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin
NY -> upuk.db -> C:\Program Files\Common Files\upuk.db
NY -> tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl
NY -> aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db
NY -> ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat
NY -> zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat
NY -> yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg
NY -> fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif
NY -> hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl
NY -> riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat
NY -> 13958284 -> C:\Documents and Settings\All Users\Application Data\13958284
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys
[Files/Folders - Modified Within 14 Days]
NY -> rekesetu -> C:\WINDOWS\System32\rekesetu
NY -> notepad.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\notepad.exe
NY -> winlogon.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winlogon.exe
NY -> setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\setup.exe
NY -> spoolsv.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe
NY -> login.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\login.exe
NY -> 1833564672.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1833564672.exe
NY -> svchost.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe
NY -> smss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\smss.exe
NY -> 3979011612.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3979011612.exe
NY -> lsass.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lsass.exe
NY -> 1373161308.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1373161308.exe
NY -> taskmgr.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\taskmgr.exe
NY -> install.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.exe
NY -> 3063997050.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3063997050.exe
NY -> webofefa.dll -> C:\WINDOWS\System32\webofefa.dll
NY -> fiseziju.dll -> C:\WINDOWS\System32\fiseziju.dll
NY -> hidujuku.dll -> C:\WINDOWS\System32\hidujuku.dll
NY -> services.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\services.exe
NY -> system.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\system.exe
NY -> 97521746.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\97521746.exe
NY -> 16315344.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\16315344.exe
NY -> csrss.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrss.exe
NY -> 2016453408.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2016453408.exe
NY -> 3660483204.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3660483204.exe
NY -> win.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win.exe
NY -> winamp.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winamp.exe
NY -> 569818230.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\569818230.exe
NY -> 1983157618.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1983157618.exe
NY -> ekanum.inf -> C:\Documents and Settings\All Users\Documents\ekanum.inf
NY -> husehyjix.sys -> C:\Program Files\Common Files\husehyjix.sys
NY -> nyhowi.pif -> C:\Documents and Settings\All Users\Documents\nyhowi.pif
NY -> likamosu.exe -> C:\Program Files\Common Files\likamosu.exe
NY -> ogyzic.inf -> C:\Program Files\Common Files\ogyzic.inf
NY -> boturotyja.bat -> C:\Documents and Settings\All Users\Application Data\boturotyja.bat
NY -> ojubopub.sys -> C:\Program Files\Common Files\ojubopub.sys
NY -> oduh.dat -> C:\Documents and Settings\All Users\Documents\oduh.dat
NY -> umykyh.dll -> C:\WINDOWS\umykyh.dll
NY -> emovigugat.ban -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban
NY -> delewe.lib -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib
NY -> naraxydogu.reg -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg
NY -> fuba.pif -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif
NY -> kamu._sy -> C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy
NY -> vozu.lib -> C:\WINDOWS\vozu.lib
NY -> 360395986.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\360395986.exe
NY -> ehepicupa.com -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com
NY -> silo.dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl
NY -> teraqopuf._dl -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl
NY -> uzafit.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat
NY -> aqymupaguv.scr -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr
NY -> kacynus.ban -> C:\WINDOWS\kacynus.ban
NY -> ebybes.bin -> C:\Documents and Settings\All Users\Application Data\ebybes.bin
NY -> upuk.db -> C:\Program Files\Common Files\upuk.db
NY -> tuxeqaxol.dl -> C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl
NY -> aretet.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db
NY -> ikolazywe.bat -> C:\WINDOWS\ikolazywe.bat
NY -> zexewy.bat -> C:\Documents and Settings\All Users\Application Data\zexewy.bat
NY -> yfawywy.reg -> C:\Documents and Settings\All Users\Documents\yfawywy.reg
NY -> fevekipa.pif -> C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif
NY -> hopawomi.dl -> C:\Program Files\Common Files\hopawomi.dl
NY -> riny.bat -> C:\Documents and Settings\HP_Administrator\Application Data\riny.bat
NY -> pufuyada.exe -> C:\WINDOWS\System32\pufuyada.exe
NY -> wutivoba.dll -> C:\WINDOWS\System32\wutivoba.dll
NY -> winupdate.exe -> C:\WINDOWS\System32\winupdate.exe
NY -> huzivewe.exe -> C:\WINDOWS\System32\huzivewe.exe
NY -> fugafizu.dll -> C:\WINDOWS\System32\fugafizu.dll
NY -> UACd.sys -> C:\WINDOWS\System32\drivers\UACd.sys
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

2. Also download and run ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run, re-download and rename prior to saving the file to your desktop)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

NolaBudMan13

Here's the OTS log post running fix ... tried to D/L and run ComboFix but get error on run. Reads as follows ...

"Some files could not be created. Please close all applications, reboot Windows and restart this installation"

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tadekihih deleted successfully.
C:\WINDOWS\System32\fiseziju.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winupdate.exe deleted successfully.
C:\WINDOWS\System32\winupdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\https deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fiseziju.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\fiseziju.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:guzuyavu.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\guzuyavu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gudelogob not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d16c7692-0821-4fe6-8a9c-3e8df69472e8}\ not found.
File C:\WINDOWS\System32\fiseziju.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{d16c7692-0821-4fe6-8a9c-3e8df69472e8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d16c7692-0821-4fe6-8a9c-3e8df69472e8}\ not found.
[Files/Folders - Created Within 14 Days]
C:\WINDOWS\msdownld.tmp\msdownld.tmp folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Documents\ekanum.inf moved successfully.
C:\Program Files\Common Files\husehyjix.sys moved successfully.
C:\Documents and Settings\All Users\Documents\nyhowi.pif moved successfully.
C:\Program Files\Common Files\likamosu.exe moved successfully.
C:\Program Files\Common Files\ogyzic.inf moved successfully.
C:\Documents and Settings\All Users\Application Data\boturotyja.bat moved successfully.
C:\Program Files\Common Files\ojubopub.sys moved successfully.
C:\Documents and Settings\All Users\Documents\oduh.dat moved successfully.
C:\WINDOWS\umykyh.dll moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif moved successfully.
C:\Documents and Settings\All Users\Documents\usegic.scr moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy moved successfully.
C:\WINDOWS\vozu.lib moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr moved successfully.
C:\WINDOWS\kacynus.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\ebybes.bin moved successfully.
C:\Program Files\Common Files\upuk.db moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db moved successfully.
C:\WINDOWS\ikolazywe.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\zexewy.bat moved successfully.
C:\Documents and Settings\All Users\Documents\yfawywy.reg moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif moved successfully.
C:\Program Files\Common Files\hopawomi.dl moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\riny.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\13958284 folder moved successfully.
File C:\WINDOWS\System32\winupdate.exe not found!
C:\WINDOWS\System32\drivers\UACd.sys moved successfully.
[Files/Folders - Modified Within 14 Days]
C:\WINDOWS\System32\rekesetu moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\notepad.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winlogon.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\setup.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\spoolsv.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\login.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1833564672.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svchost.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\smss.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3979011612.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lsass.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1373161308.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\taskmgr.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3063997050.exe moved successfully.
C:\WINDOWS\System32\webofefa.dll moved successfully.
File C:\WINDOWS\System32\fiseziju.dll not found!
C:\WINDOWS\System32\hidujuku.dll moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\services.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\system.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\97521746.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\16315344.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrss.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2016453408.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3660483204.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\winamp.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\569818230.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\1983157618.exe moved successfully.
File C:\Documents and Settings\All Users\Documents\ekanum.inf not found!
File C:\Program Files\Common Files\husehyjix.sys not found!
File C:\Documents and Settings\All Users\Documents\nyhowi.pif not found!
File C:\Program Files\Common Files\likamosu.exe not found!
File C:\Program Files\Common Files\ogyzic.inf not found!
File C:\Documents and Settings\All Users\Application Data\boturotyja.bat not found!
File C:\Program Files\Common Files\ojubopub.sys not found!
File C:\Documents and Settings\All Users\Documents\oduh.dat not found!
File C:\WINDOWS\umykyh.dll not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\emovigugat.ban not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\delewe.lib not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\naraxydogu.reg not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fuba.pif not found!
File C:\Documents and Settings\HP_Administrator\Application Data\kamu._sy not found!
File C:\WINDOWS\vozu.lib not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\360395986.exe moved successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ehepicupa.com not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\silo.dl not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\teraqopuf._dl not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uzafit.dat not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aqymupaguv.scr not found!
File C:\WINDOWS\kacynus.ban not found!
File C:\Documents and Settings\All Users\Application Data\ebybes.bin not found!
File C:\Program Files\Common Files\upuk.db not found!
File C:\Documents and Settings\HP_Administrator\Application Data\tuxeqaxol.dl not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\aretet.db not found!
File C:\WINDOWS\ikolazywe.bat not found!
File C:\Documents and Settings\All Users\Application Data\zexewy.bat not found!
File C:\Documents and Settings\All Users\Documents\yfawywy.reg not found!
File C:\Documents and Settings\HP_Administrator\Application Data\fevekipa.pif not found!
File C:\Program Files\Common Files\hopawomi.dl not found!
File C:\Documents and Settings\HP_Administrator\Application Data\riny.bat not found!
C:\WINDOWS\System32\pufuyada.exe moved successfully.
C:\WINDOWS\System32\wutivoba.dll moved successfully.
File C:\WINDOWS\System32\winupdate.exe not found!
C:\WINDOWS\System32\huzivewe.exe moved successfully.
C:\WINDOWS\System32\fugafizu.dll moved successfully.
File C:\WINDOWS\System32\drivers\UACd.sys not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]

rpggamergirl

Delete the Combofix you already have.
Re-download Combofix but rename it prior to saving the file to your desktop. Some nasties can blocked it from running.


Also try MalwareBytes.. this also need to be renamed prior to saving the file.
http://www.malwarebytes.org/forums/index.php?showtopic=23983

If MalwareBytes is not installed, save the installer file to your desktop and rename it to installer.com then run the file.
Once MBAM is installed, you then locate and rename mbam.exe to mbam.com

Click on the renamed file to run it and then perform a quickscan. Allow it to delete what it finds and then allow the computer to reboot.

NolaBudMan13

I've tried numerous times to download both ComboFix and Malwarebytes, renaming both and it won't let me run either. MBAM starts scan and then just disappears within a few seconds. ComboFix ... I get an error message that some files couldn't be written and I need to reboot and try again. Any other suggestions ?!?!?! I appreciate your patience

rpggamergirl

Sorry about the Combofix instructions in attaching the log, the canned I used is for another forum.

Combofix still won't run even if renamed before saving the file?
Okay, try renaming it to CF.bat and also make sure that the "Save as Type:" is set to "All Files"


If it still won't run...then run this diagnostic tool:
Please download this tool and run it.
http://ad13.geekstogo.com/Win32kDiag.exe

Double-click on Win32Diag.exe to run it.
A black command prompt window shall appear.
It will now begin to scan. This may take a while, please be paitent until the scan is complete.
Once it's done, in the black screen it will say "Finished! Press any key to exit....
A log file called Win32KDiag.txt will be created on your desktop.
Please copy and paste the contents of that log file here in your next reply please.

Win32kdiag.exe will not delete or remove anything but it can tell us if a particular infection is present in the system and we can then deal with its removal.

NolaBudMan13

Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4URY13IY\Win32kDiag[1].exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E2.tmp\ZAP3E2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40B.tmp\ZAP40B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Corel\Corel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3070616681-1575120707-133626937-1008\S-1-5-21-3070616681-1575120707-133626937-1008

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\AddIns\AddIns

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Proof\Proof

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\STARTUP\STARTUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\MSHist012008082720080828

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-09 23:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-09 23:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 62464 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790

Mount point destination : \Device\__max++>\^



Finished!

rpggamergirl

We could run OTS again but these steps below should fix and clean the infection..

Found the patched system file... once the patched file is replaced, MBAM or Combofix should be able to run and clean the infection.

Step 1:

Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger2/download.php

* Right click on the Avenger.zip folder and select "Extract All..."
* Follow the prompts and extract the avenger folder to your desktop

* Start up Avenger.
In the "Input script here:" box that opens, copy,then paste the following bolded text below: (including the text "Files to move:")

---

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

---

Click on 'Execute'.
Then press OK at the prompt to reboot your PC.
Please copy/paste the content of c:\avenger.txt into your reply.



Step 2:

Click on Start->Run, and copy-paste the following command into the "Open:" box, and click OK.


"%userprofile%\desktop\win32kdiag.exe" -f -r



When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



Step4:

Run a renamed MBAM or a renamed Combofix and attach the logs.(Rename them before saving the file to your desktop).

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php



Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log.
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

NolaBudMan13

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\logevent.dll" not found!
File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

WIN32DIA LOG:

Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4URY13IY\Win32kDiag[1].exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E2.tmp\ZAP3E2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40B.tmp\ZAP40B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Corel\Corel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}\{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3070616681-1575120707-133626937-1008\S-1-5-21-3070616681-1575120707-133626937-1008

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\AddIns\AddIns

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Proof\Proof

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\STARTUP\STARTUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\MSHist012008082720080828

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-09 23:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790

Mount point destination : \Device\__max++>\^



Finished!

ComboFix 09-09-16.02 - HP_Administrator 09/16/2009 21:03.1.1 - NTFSx86
Running from: c:\documents and settings\HP_Administrator\Desktop\Installer.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Cookies\ykewi.sys
c:\documents and settings\HP_Administrator\Start Menu\Advanced Virus Remover.lnk
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\010112010146120114.xe
c:\windows\0101120101465049.xe
c:\windows\0101120101465154.xe
c:\windows\drnokmp.dbe
c:\windows\freddy63.exe
c:\windows\Installer\1053524.msi
c:\windows\Installer\2a5a505.msp
c:\windows\Installer\2e7c5f1.msp
c:\windows\Installer\7737f4.msp
c:\windows\Installer\7737f5.msp
c:\windows\Installer\7737f6.msp
c:\windows\Installer\7737f7.msp
c:\windows\Installer\7737f8.msp
c:\windows\Installer\7737f9.msp
c:\windows\Installer\7737fa.msp
c:\windows\Installer\7737fb.msp
c:\windows\Installer\7737fc.msp
c:\windows\Installer\7d1c32.msp
c:\windows\Installer\7d69a7.msp
c:\windows\Installer\7d69a8.msp
c:\windows\Installer\7d69a9.msp
c:\windows\Installer\7d69aa.msp
c:\windows\Installer\7d69ab.msp
c:\windows\Installer\7d69ac.msp
c:\windows\Installer\7d69ad.msp
c:\windows\Installer\7d69ae.msp
c:\windows\Installer\7d69af.msp
c:\windows\Installer\7d69b0.msp
c:\windows\Installer\7f3ae3.msp
c:\windows\Installer\7f3aee.msp
c:\windows\Installer\7f3afa.msp
c:\windows\Installer\eb7e05.msp
c:\windows\kb913800.exe
c:\windows\ld14.exe
c:\windows\system32\bamekoro.dll
c:\windows\system32\bijikoko.dll
c:\windows\system32\bisawuza.dll
c:\windows\system32\bohemuko.dll
c:\windows\system32\drivers\OLD9.tmp
c:\windows\system32\Drivers\tjbdol.sys
c:\windows\system32\dudetelo.exe
c:\windows\system32\fukafati.dll
c:\windows\system32\hewurogo.dll
c:\windows\system32\hijagolu.dll
c:\windows\system32\jitodujo.dll
c:\windows\system32\kozodobe.dll
c:\windows\system32\nigavimi.dll
c:\windows\system32\nobajanu.dll
c:\windows\system32\rakevaka.dll
c:\windows\system32\reyoduza.dll
c:\windows\system32\tinuhagu.dll
c:\windows\system32\vabazaja.exe
c:\windows\system32\vudaviyi.dll
c:\windows\system32\vuyohasu.dll
c:\windows\system32\wijuyira.dll
c:\windows\system32\wowafuha.exe
c:\windows\system32\yehifuni.exe
c:\windows\vkl_1252640875.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\beep.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

---

\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

---

\Service_sfx

---

\Legacy_ddnsfilter

---

\Service_ddnsfilter


((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.

2009-09-15 00:00 . 2009-09-15 22:53

---

d

---

w- c:\program files\MInstaller
2009-09-12 21:22 . 2009-09-12 21:24

---

d

---

w- c:\program files\M
2009-09-12 09:21 . 2009-09-12 21:13

---

d

---

w- c:\program files\Trend Micro
2009-09-11 03:48 . 2009-09-11 03:48 1 ---h--w- c:\windows\bk23567.dat
2009-09-11 03:48 . 2009-09-11 03:48

---

d

---

w- c:\program files\webserver
2009-09-11 03:47 . 2009-09-11 03:47 18432 ----a-w- c:\windows\srpira1252640874.eXE
2009-09-11 02:47 . 2009-09-11 02:47 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-09-11 02:47 . 2009-09-11 02:47 173 ----a-w- c:\windows\dxxdv34567.bat
2009-09-11 00:05 . 2009-09-12 18:31

---

dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-09-10 23:54 . 2009-09-10 23:54

---

d

---

w- c:\documents and settings\Administrator\Application Data\HPQ
2009-09-10 23:28 . 2009-09-10 23:28

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-09-10 23:28 . 2009-09-10 23:28

---

d

---

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 06:49 . 2009-09-11 00:03

---

dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-09-10 04:14 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-10 04:14 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-10 04:14 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-10 04:14 . 2009-09-10 04:17

---

d

---

w- c:\program files\Common Files\PC Tools
2009-09-10 04:14 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-10 04:14 . 2009-09-10 04:14

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-09-10 04:14 . 2009-09-10 04:14

---

d

---

w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-10 03:59 . 2009-09-10 03:59

---

d

---

w- C:\60e682b77c77cf96df
2009-09-10 03:18 . 2009-09-10 23:38

---

d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 00:35 . 2009-09-09 00:35 123376 ----a-w- c:\windows\hpwins12.dat
2009-09-09 00:35 . 2007-07-08 23:42 1325

---

w- c:\windows\hpwmdl12.dat
2009-09-09 00:35 . 2007-07-04 16:38 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2009-09-05 19:24 . 2009-09-05 19:24

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-08-27 10:55 . 2009-09-03 10:02

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-08-27 10:55 . 2009-08-27 10:55

---

d

---

w- c:\windows\Hewlett-Packard
2009-08-21 08:04 . 2008-07-06 12:06 89088

---

w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488

---

w- c:\windows\system32\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488

---

w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288

---

w- c:\windows\system32\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288

---

w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 117760

---

w- c:\windows\system32\prntvpt.dll
2009-08-21 08:04 . 2008-07-06 10:50 597504

---

w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 08:04 . 2009-08-21 08:05

---

d

---

w- C:\a5c6bb0a81d4aef3c4e0d70d8590

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 02:16 . 2004-08-10 04:00 76416 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-17 01:47 . 2009-09-17 01:47 76416 ----a-w- c:\windows\system32\drivers\OLD84.tmp
2009-09-17 01:46 . 2009-09-17 01:46 76416 ----a-w- c:\windows\system32\drivers\OLD82.tmp
2009-09-17 01:41 . 2009-09-17 01:41 76416 ----a-w- c:\windows\system32\drivers\OLD80.tmp
2009-09-17 00:46 . 2009-09-17 00:46 166 ----a-w- c:\program files\ahxvnw.txt
2009-09-16 03:41 . 2006-11-26 19:11

---

d

---

w- c:\program files\Piolet
2009-09-14 18:46 . 2009-06-14 18:46 88064 --sha-w- c:\windows\system32\wuholove.dll
2009-09-14 06:45 . 2009-06-14 06:45 89088 --sha-w- c:\windows\system32\jijeruwa.dll
2009-09-13 18:46 . 2009-06-13 18:45 50688 --sha-w- c:\windows\system32\papupona.dll
2009-09-13 18:45 . 2009-06-13 18:45 88576 --sha-w- c:\windows\system32\kumiberu.dll
2009-09-13 08:06 . 2009-09-13 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD78.tmp
2009-09-13 08:05 . 2009-09-13 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2009-09-13 06:45 . 2009-06-13 06:45 88064 --sha-w- c:\windows\system32\wenijalu.dll
2009-09-12 18:35 . 2009-06-12 18:35 88064 --sha-w- c:\windows\system32\mihamake.dll
2009-09-12 18:31 . 2007-07-23 23:53

---

d

---

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-12 09:37 . 2009-09-12 09:37 76416 ----a-w- c:\windows\system32\drivers\OLD2A.tmp
2009-09-12 02:48 . 2009-06-12 02:48 88576 --sha-w- c:\windows\system32\mepagasa.dll
2009-09-11 14:47 . 2009-06-11 14:47 88576 --sha-w- c:\windows\system32\mamotapi.dll
2009-09-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\kigilepi.dll
2009-09-11 02:47 . 2009-06-11 02:47 88576 --sha-w- c:\windows\system32\feyajute.dll
2009-09-11 02:47 . 2009-06-11 02:47 53248 --sha-w- c:\windows\system32\himepuka.exe
2009-09-10 23:01 . 2009-09-10 23:01 76416 ----a-w- c:\windows\system32\drivers\OLD1A.tmp
2009-09-10 23:00 . 2009-09-10 23:00 76416 ----a-w- c:\windows\system32\drivers\OLD18.tmp
2009-09-10 22:59 . 2009-09-10 22:59 76416 ----a-w- c:\windows\system32\drivers\OLD16.tmp
2009-09-10 22:57 . 2009-09-10 22:57 76416 ----a-w- c:\windows\system32\drivers\OLD14.tmp
2009-09-10 11:57 . 2009-09-10 11:57 76416 ----a-w- c:\windows\system32\drivers\OLD10.tmp
2009-09-10 11:56 . 2009-09-10 11:56 76416 ----a-w- c:\windows\system32\drivers\OLDE.tmp
2009-09-10 11:51 . 2009-09-10 11:51 76416 ----a-w- c:\windows\system32\drivers\OLDC.tmp
2009-09-10 11:50 . 2009-09-10 11:50 76416 ----a-w- c:\windows\system32\drivers\OLDA.tmp
2009-09-10 08:09 . 2009-09-10 08:09 76416 ----a-w- c:\windows\system32\drivers\OLD5E1.tmp
2009-09-10 08:07 . 2009-09-10 08:07 76416 ----a-w- c:\windows\system32\drivers\OLD5DF.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5DD.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5DB.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5D9.tmp
2009-09-10 08:06 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5D7.tmp
2009-09-10 08:05 . 2009-09-10 08:06 76416 ----a-w- c:\windows\system32\drivers\OLD5D5.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5D3.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5D1.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5CF.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5CD.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5CB.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C9.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C7.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C5.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C3.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5C1.tmp
2009-09-10 08:05 . 2009-09-10 08:05 76416 ----a-w- c:\windows\system32\drivers\OLD5BF.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5BD.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5BB.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B9.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B7.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B5.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B3.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5B1.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5AF.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5AD.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5AB.tmp
2009-09-10 08:04 . 2009-09-10 08:04 76416 ----a-w- c:\windows\system32\drivers\OLD5A9.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A7.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A5.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A3.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD5A1.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD59F.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD59D.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD59B.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD599.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD597.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD595.tmp
2009-09-10 08:03 . 2009-09-10 08:03 76416 ----a-w- c:\windows\system32\drivers\OLD593.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD591.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD58F.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD58D.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD58B.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD589.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD587.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD585.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD583.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD581.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD57F.tmp
2009-09-10 08:02 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD57D.tmp
2009-09-10 08:01 . 2009-09-10 08:02 76416 ----a-w- c:\windows\system32\drivers\OLD57B.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD579.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD577.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD575.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD573.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD571.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD56F.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD56D.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD56B.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD569.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD567.tmp
2009-09-10 08:01 . 2009-09-10 08:01 76416 ----a-w- c:\windows\system32\drivers\OLD565.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD563.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD561.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD55F.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD55D.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD55B.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD559.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD557.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD555.tmp
2009-06-13 18:46 . 2009-06-13 18:46 50688 --sha-w- c:\windows\system32\javinete.dll
2009-06-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\nunupofa.dll.tmp
2009-06-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\rafaweti.dll
2009-06-11 02:47 . 2009-06-11 02:47 49664 --sha-w- c:\windows\system32\woyevepa.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7810e65-72ce-4fcd-8d5d-7af6dd942bee}]
2009-06-13 18:46 50688 --sha-w- c:\windows\system32\javinete.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"tadekihih"="c:\windows\system32\wuholove.dll" [2009-09-14 88064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-08 16010240]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{ed1faddf-e166-4d65-9ea3-63003cb8d519}"= "c:\windows\system32\wuholove.dll" [2009-09-14 88064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"goyufopob"= {ed1faddf-e166-4d65-9ea3-63003cb8d519} - c:\windows\system32\wuholove.dll [2009-09-14 88064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=&quot;"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=&quot;"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver

R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/9/2009 11:14 PM 206256]
R1 filter;Filter;c:\windows\system32\drivers\Filter.sys [9/10/2009 9:47 PM 37760]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 webserver;webserver;c:\program files\webserver\webserver.exe [9/10/2009 10:48 PM 13824]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
HKLM-Run-TkBellExe - realsched.exe
HKLM-Run-buwezaweti - kozodobe.dll
HKU-Default-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe
SharedTaskScheduler-ThreadingModel - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 21:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\WININET.dll
c:\windows\system32\wuholove.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.

---

Other Running Processes

---

.
c:\windows\arservice.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-09-17 21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-17 02:18

Pre-Run: 162,413,834,240 bytes free
Post-Run: 162,596,048,896 bytes free

412 --- E O F --- 2009-09-02 08:00

rpggamergirl

Did you run Avenger twice? just curious.

c:\program files\Piolet <-- did you purposely installed this program?

There are still bad files that need to be removed using Combofix script function.
Run combofix again using this script.

1. Open Notepad.
2. Now copy/paste the bolded text between the lines below into the Notepad window:

---

KillAll::

File::
c:\windows\bk23567.dat
c:\windows\srpira1252640874.eXE
c:\windows\system32\drivers\Filter.sys
c:\windows\dxxdv34567.bat
c:\program files\ahxvnw.txt
c:\windows\system32\drivers\OLD84.tmp
c:\windows\system32\drivers\OLD82.tmp
c:\windows\system32\drivers\OLD80.tmp
c:\windows\system32\wuholove.dll
c:\windows\system32\jijeruwa.dll
c:\windows\system32\papupona.dll
c:\windows\system32\kumiberu.dll
c:\windows\system32\drivers\OLD78.tmp
c:\windows\system32\drivers\OLD5B.tmp
c:\windows\system32\wenijalu.dll
c:\windows\system32\mihamake.dll
c:\windows\system32\drivers\OLD2A.tmp
c:\windows\system32\mepagasa.dll
c:\windows\system32\mamotapi.dll
c:\windows\system32\kigilepi.dll
c:\windows\system32\feyajute.dll
c:\windows\system32\himepuka.exe
c:\windows\system32\drivers\OLD1A.tmp
c:\windows\system32\drivers\OLD18.tmp
c:\windows\system32\drivers\OLD16.tmp
c:\windows\system32\drivers\OLD14.tmp
c:\windows\system32\drivers\OLD10.tmp
c:\windows\system32\drivers\OLDE.tmp
c:\windows\system32\drivers\OLDC.tmp
c:\windows\system32\drivers\OLDA.tmp
c:\windows\system32\drivers\OLD5E1.tmp
c:\windows\system32\drivers\OLD5DF.tmp
c:\windows\system32\drivers\OLD5DD.tmp
c:\windows\system32\drivers\OLD5DB.tmp
c:\windows\system32\drivers\OLD5D9.tmp
c:\windows\system32\drivers\OLD5D7.tmp
c:\windows\system32\drivers\OLD5D5.tmp
c:\windows\system32\drivers\OLD5D3.tmp
c:\windows\system32\drivers\OLD5D1.tmp
c:\windows\system32\drivers\OLD5CF.tmp
c:\windows\system32\drivers\OLD5CD.tmp
c:\windows\system32\drivers\OLD5CB.tmp
c:\windows\system32\drivers\OLD5C9.tmp
c:\windows\system32\drivers\OLD5C7.tmp
c:\windows\system32\drivers\OLD5C5.tmp
c:\windows\system32\drivers\OLD5C3.tmp
c:\windows\system32\drivers\OLD5C1.tmp
c:\windows\system32\drivers\OLD5BF.tmp
c:\windows\system32\drivers\OLD5BD.tmp
c:\windows\system32\drivers\OLD5BB.tmp
c:\windows\system32\drivers\OLD5B9.tmp
c:\windows\system32\drivers\OLD5B7.tmp
c:\windows\system32\drivers\OLD5B5.tmp
c:\windows\system32\drivers\OLD5B3.tmp
c:\windows\system32\drivers\OLD5B1.tmp
c:\windows\system32\drivers\OLD5AF.tmp
c:\windows\system32\drivers\OLD5AD.tmp
c:\windows\system32\drivers\OLD5AB.tmp
c:\windows\system32\drivers\OLD5A9.tmp
c:\windows\system32\drivers\OLD5A7.tmp
c:\windows\system32\drivers\OLD5A5.tmp
c:\windows\system32\drivers\OLD5A3.tmp
c:\windows\system32\drivers\OLD5A1.tmp
c:\windows\system32\drivers\OLD59F.tmp
c:\windows\system32\drivers\OLD59D.tmp
c:\windows\system32\drivers\OLD59B.tmp
c:\windows\system32\drivers\OLD599.tmp
c:\windows\system32\drivers\OLD597.tmp
c:\windows\system32\drivers\OLD595.tmp
c:\windows\system32\drivers\OLD593.tmp
c:\windows\system32\drivers\OLD591.tmp
c:\windows\system32\drivers\OLD58F.tmp
c:\windows\system32\drivers\OLD58D.tmp
c:\windows\system32\drivers\OLD58B.tmp
c:\windows\system32\drivers\OLD589.tmp
c:\windows\system32\drivers\OLD587.tmp
c:\windows\system32\drivers\OLD585.tmp
c:\windows\system32\drivers\OLD583.tmp
c:\windows\system32\drivers\OLD581.tmp
c:\windows\system32\drivers\OLD57F.tmp
c:\windows\system32\drivers\OLD57D.tmp
c:\windows\system32\drivers\OLD57B.tmp
c:\windows\system32\drivers\OLD579.tmp
c:\windows\system32\drivers\OLD577.tmp
c:\windows\system32\drivers\OLD575.tmp
c:\windows\system32\drivers\OLD573.tmp
c:\windows\system32\drivers\OLD571.tmp
c:\windows\system32\drivers\OLD56F.tmp
c:\windows\system32\drivers\OLD56D.tmp
c:\windows\system32\drivers\OLD56B.tmp
c:\windows\system32\drivers\OLD569.tmp
c:\windows\system32\drivers\OLD567.tmp
c:\windows\system32\drivers\OLD565.tmp
c:\windows\system32\drivers\OLD563.tmp
c:\windows\system32\drivers\OLD561.tmp
c:\windows\system32\drivers\OLD55F.tmp
c:\windows\system32\drivers\OLD55D.tmp
c:\windows\system32\drivers\OLD55B.tmp
c:\windows\system32\drivers\OLD559.tmp
c:\windows\system32\drivers\OLD557.tmp
c:\windows\system32\drivers\OLD555.tmp
c:\windows\system32\javinete.dll
c:\windows\system32\nunupofa.dll.tmp
c:\windows\system32\rafaweti.dll
c:\windows\system32\woyevepa.dll.tmp
c:\windows\system32\javinete.dll

Rootkit::
c:\windows\system32\wuholove.dll

Folder::
c:\program files\webserver

Driver::
webserver

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7810e65-72ce-4fcd-8d5d-7af6dd942bee}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tadekihih"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{ed1faddf-e166-4d65-9ea3-63003cb8d519}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"goyufopob"=-

---

3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

NolaBudMan13

Did run it twice ... when it tried to reboot it froze while shutting down and the Piolet upgrade I can thank my roomie for that ...

ComboFix 09-09-17.04 - HP_Administrator 09/17/2009 18:56.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.496 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Installer.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\program files\ahxvnw.txt"
"c:\windows\bk23567.dat"
"c:\windows\dxxdv34567.bat"
"c:\windows\srpira1252640874.eXE"
"c:\windows\system32\drivers\Filter.sys"
"c:\windows\system32\drivers\OLD10.tmp"
"c:\windows\system32\drivers\OLD14.tmp"
"c:\windows\system32\drivers\OLD16.tmp"
"c:\windows\system32\drivers\OLD18.tmp"
"c:\windows\system32\drivers\OLD1A.tmp"
"c:\windows\system32\drivers\OLD2A.tmp"
"c:\windows\system32\drivers\OLD555.tmp"
"c:\windows\system32\drivers\OLD557.tmp"
"c:\windows\system32\drivers\OLD559.tmp"
"c:\windows\system32\drivers\OLD55B.tmp"
"c:\windows\system32\drivers\OLD55D.tmp"
"c:\windows\system32\drivers\OLD55F.tmp"
"c:\windows\system32\drivers\OLD561.tmp"
"c:\windows\system32\drivers\OLD563.tmp"
"c:\windows\system32\drivers\OLD565.tmp"
"c:\windows\system32\drivers\OLD567.tmp"
"c:\windows\system32\drivers\OLD569.tmp"
"c:\windows\system32\drivers\OLD56B.tmp"
"c:\windows\system32\drivers\OLD56D.tmp"
"c:\windows\system32\drivers\OLD56F.tmp"
"c:\windows\system32\drivers\OLD571.tmp"
"c:\windows\system32\drivers\OLD573.tmp"
"c:\windows\system32\drivers\OLD575.tmp"
"c:\windows\system32\drivers\OLD577.tmp"
"c:\windows\system32\drivers\OLD579.tmp"
"c:\windows\system32\drivers\OLD57B.tmp"
"c:\windows\system32\drivers\OLD57D.tmp"
"c:\windows\system32\drivers\OLD57F.tmp"
"c:\windows\system32\drivers\OLD581.tmp"
"c:\windows\system32\drivers\OLD583.tmp"
"c:\windows\system32\drivers\OLD585.tmp"
"c:\windows\system32\drivers\OLD587.tmp"
"c:\windows\system32\drivers\OLD589.tmp"
"c:\windows\system32\drivers\OLD58B.tmp"
"c:\windows\system32\drivers\OLD58D.tmp"
"c:\windows\system32\drivers\OLD58F.tmp"
"c:\windows\system32\drivers\OLD591.tmp"
"c:\windows\system32\drivers\OLD593.tmp"
"c:\windows\system32\drivers\OLD595.tmp"
"c:\windows\system32\drivers\OLD597.tmp"
"c:\windows\system32\drivers\OLD599.tmp"
"c:\windows\system32\drivers\OLD59B.tmp"
"c:\windows\system32\drivers\OLD59D.tmp"
"c:\windows\system32\drivers\OLD59F.tmp"
"c:\windows\system32\drivers\OLD5A1.tmp"
"c:\windows\system32\drivers\OLD5A3.tmp"
"c:\windows\system32\drivers\OLD5A5.tmp"
"c:\windows\system32\drivers\OLD5A7.tmp"
"c:\windows\system32\drivers\OLD5A9.tmp"
"c:\windows\system32\drivers\OLD5AB.tmp"
"c:\windows\system32\drivers\OLD5AD.tmp"
"c:\windows\system32\drivers\OLD5AF.tmp"
"c:\windows\system32\drivers\OLD5B.tmp"
"c:\windows\system32\drivers\OLD5B1.tmp"
"c:\windows\system32\drivers\OLD5B3.tmp"
"c:\windows\system32\drivers\OLD5B5.tmp"
"c:\windows\system32\drivers\OLD5B7.tmp"
"c:\windows\system32\drivers\OLD5B9.tmp"
"c:\windows\system32\drivers\OLD5BB.tmp"
"c:\windows\system32\drivers\OLD5BD.tmp"
"c:\windows\system32\drivers\OLD5BF.tmp"
"c:\windows\system32\drivers\OLD5C1.tmp"
"c:\windows\system32\drivers\OLD5C3.tmp"
"c:\windows\system32\drivers\OLD5C5.tmp"
"c:\windows\system32\drivers\OLD5C7.tmp"
"c:\windows\system32\drivers\OLD5C9.tmp"
"c:\windows\system32\drivers\OLD5CB.tmp"
"c:\windows\system32\drivers\OLD5CD.tmp"
"c:\windows\system32\drivers\OLD5CF.tmp"
"c:\windows\system32\drivers\OLD5D1.tmp"
"c:\windows\system32\drivers\OLD5D3.tmp"
"c:\windows\system32\drivers\OLD5D5.tmp"
"c:\windows\system32\drivers\OLD5D7.tmp"
"c:\windows\system32\drivers\OLD5D9.tmp"
"c:\windows\system32\drivers\OLD5DB.tmp"
"c:\windows\system32\drivers\OLD5DD.tmp"
"c:\windows\system32\drivers\OLD5DF.tmp"
"c:\windows\system32\drivers\OLD5E1.tmp"
"c:\windows\system32\drivers\OLD78.tmp"
"c:\windows\system32\drivers\OLD80.tmp"
"c:\windows\system32\drivers\OLD82.tmp"
"c:\windows\system32\drivers\OLD84.tmp"
"c:\windows\system32\drivers\OLDA.tmp"
"c:\windows\system32\drivers\OLDC.tmp"
"c:\windows\system32\drivers\OLDE.tmp"
"c:\windows\system32\feyajute.dll"
"c:\windows\system32\himepuka.exe"
"c:\windows\system32\javinete.dll"
"c:\windows\system32\jijeruwa.dll"
"c:\windows\system32\kigilepi.dll"
"c:\windows\system32\kumiberu.dll"
"c:\windows\system32\mamotapi.dll"
"c:\windows\system32\mepagasa.dll"
"c:\windows\system32\mihamake.dll"
"c:\windows\system32\nunupofa.dll.tmp"
"c:\windows\system32\papupona.dll"
"c:\windows\system32\rafaweti.dll"
"c:\windows\system32\wenijalu.dll"
"c:\windows\system32\woyevepa.dll.tmp"
"c:\windows\system32\wuholove.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ahxvnw.txt
c:\program files\webserver
c:\windows\Alcmtr.exe
c:\windows\bk23567.dat
c:\windows\dxxdv34567.bat
c:\windows\srpira1252640874.eXE
c:\windows\system32\drivers\Filter.sys
c:\windows\system32\drivers\OLD10.tmp
c:\windows\system32\drivers\OLD14.tmp
c:\windows\system32\drivers\OLD16.tmp
c:\windows\system32\drivers\OLD18.tmp
c:\windows\system32\drivers\OLD1A.tmp
c:\windows\system32\drivers\OLD2A.tmp
c:\windows\system32\drivers\OLD555.tmp
c:\windows\system32\drivers\OLD557.tmp
c:\windows\system32\drivers\OLD559.tmp
c:\windows\system32\drivers\OLD55B.tmp
c:\windows\system32\drivers\OLD55D.tmp
c:\windows\system32\drivers\OLD55F.tmp
c:\windows\system32\drivers\OLD561.tmp
c:\windows\system32\drivers\OLD563.tmp
c:\windows\system32\drivers\OLD565.tmp
c:\windows\system32\drivers\OLD567.tmp
c:\windows\system32\drivers\OLD569.tmp
c:\windows\system32\drivers\OLD56B.tmp
c:\windows\system32\drivers\OLD56D.tmp
c:\windows\system32\drivers\OLD56F.tmp
c:\windows\system32\drivers\OLD571.tmp
c:\windows\system32\drivers\OLD573.tmp
c:\windows\system32\drivers\OLD575.tmp
c:\windows\system32\drivers\OLD577.tmp
c:\windows\system32\drivers\OLD579.tmp
c:\windows\system32\drivers\OLD57B.tmp
c:\windows\system32\drivers\OLD57D.tmp
c:\windows\system32\drivers\OLD57F.tmp
c:\windows\system32\drivers\OLD581.tmp
c:\windows\system32\drivers\OLD583.tmp
c:\windows\system32\drivers\OLD585.tmp
c:\windows\system32\drivers\OLD587.tmp
c:\windows\system32\drivers\OLD589.tmp
c:\windows\system32\drivers\OLD58B.tmp
c:\windows\system32\drivers\OLD58D.tmp
c:\windows\system32\drivers\OLD58F.tmp
c:\windows\system32\drivers\OLD591.tmp
c:\windows\system32\drivers\OLD593.tmp
c:\windows\system32\drivers\OLD595.tmp
c:\windows\system32\drivers\OLD597.tmp
c:\windows\system32\drivers\OLD599.tmp
c:\windows\system32\drivers\OLD59B.tmp
c:\windows\system32\drivers\OLD59D.tmp
c:\windows\system32\drivers\OLD59F.tmp
c:\windows\system32\drivers\OLD5A1.tmp
c:\windows\system32\drivers\OLD5A3.tmp
c:\windows\system32\drivers\OLD5A5.tmp
c:\windows\system32\drivers\OLD5A7.tmp
c:\windows\system32\drivers\OLD5A9.tmp
c:\windows\system32\drivers\OLD5AB.tmp
c:\windows\system32\drivers\OLD5AD.tmp
c:\windows\system32\drivers\OLD5AF.tmp
c:\windows\system32\drivers\OLD5B.tmp
c:\windows\system32\drivers\OLD5B1.tmp
c:\windows\system32\drivers\OLD5B3.tmp
c:\windows\system32\drivers\OLD5B5.tmp
c:\windows\system32\drivers\OLD5B7.tmp
c:\windows\system32\drivers\OLD5B9.tmp
c:\windows\system32\drivers\OLD5BB.tmp
c:\windows\system32\drivers\OLD5BD.tmp
c:\windows\system32\drivers\OLD5BF.tmp
c:\windows\system32\drivers\OLD5C1.tmp
c:\windows\system32\drivers\OLD5C3.tmp
c:\windows\system32\drivers\OLD5C5.tmp
c:\windows\system32\drivers\OLD5C7.tmp
c:\windows\system32\drivers\OLD5C9.tmp
c:\windows\system32\drivers\OLD5CB.tmp
c:\windows\system32\drivers\OLD5CD.tmp
c:\windows\system32\drivers\OLD5CF.tmp
c:\windows\system32\drivers\OLD5D1.tmp
c:\windows\system32\drivers\OLD5D3.tmp
c:\windows\system32\drivers\OLD5D5.tmp
c:\windows\system32\drivers\OLD5D7.tmp
c:\windows\system32\drivers\OLD5D9.tmp
c:\windows\system32\drivers\OLD5DB.tmp
c:\windows\system32\drivers\OLD5DD.tmp
c:\windows\system32\drivers\OLD5DF.tmp
c:\windows\system32\drivers\OLD5E1.tmp
c:\windows\system32\drivers\OLD78.tmp
c:\windows\system32\drivers\OLD80.tmp
c:\windows\system32\drivers\OLD82.tmp
c:\windows\system32\drivers\OLD84.tmp
c:\windows\system32\drivers\OLDA.tmp
c:\windows\system32\drivers\OLDC.tmp
c:\windows\system32\drivers\OLDE.tmp
c:\windows\system32\feyajute.dll
c:\windows\system32\himepuka.exe
c:\windows\system32\javinete.dll
c:\windows\system32\jijeruwa.dll
c:\windows\system32\kigilepi.dll
c:\windows\system32\kumiberu.dll
c:\windows\system32\mamotapi.dll
c:\windows\system32\mepagasa.dll
c:\windows\system32\mihamake.dll
c:\windows\system32\nunupofa.dll.tmp
c:\windows\system32\papupona.dll
c:\windows\system32\rafaweti.dll
c:\windows\system32\wenijalu.dll
c:\windows\system32\woyevepa.dll.tmp
c:\windows\system32\wuholove.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\Legacy_webserver

---

\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

---

\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

---

\Service_webserver

---

\Legacy_filter

---

\Service_filter


((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-17 08:09 . 2009-09-17 10:27

---

d

---

w- C:\$AVG8.VAULT$
2009-09-17 03:54 . 2009-09-17 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-17 03:54 . 2009-09-17 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-17 03:54 . 2009-09-17 03:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-17 03:54 . 2009-09-17 03:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-17 03:53 . 2009-09-17 22:48

---

d

---

w- c:\windows\system32\drivers\Avg
2009-09-17 03:53 . 2009-09-17 04:19

---

d

---

w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-17 03:53 . 2009-09-17 03:53

---

d

---

w- c:\program files\AVG
2009-09-17 03:53 . 2009-09-17 03:53

---

d

---

w- c:\documents and settings\All Users\Application Data\avg8
2009-09-15 00:00 . 2009-09-15 22:53

---

d

---

w- c:\program files\MInstaller
2009-09-12 21:22 . 2009-09-12 21:24

---

d

---

w- c:\program files\M
2009-09-12 09:21 . 2009-09-12 21:13

---

d

---

w- c:\program files\Trend Micro
2009-09-11 00:05 . 2009-09-12 18:31

---

dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-09-10 23:54 . 2009-09-10 23:54

---

d

---

w- c:\documents and settings\Administrator\Application Data\HPQ
2009-09-10 23:28 . 2009-09-10 23:28

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-09-10 23:28 . 2009-09-10 23:28

---

d

---

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 06:49 . 2009-09-11 00:03

---

dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-09-10 04:14 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-10 04:14 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-10 04:14 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-10 04:14 . 2009-09-10 04:17

---

d

---

w- c:\program files\Common Files\PC Tools
2009-09-10 04:14 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-10 04:14 . 2009-09-10 04:14

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-09-10 04:14 . 2009-09-10 04:14

---

d

---

w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-10 03:59 . 2009-09-10 03:59

---

d

---

w- C:\60e682b77c77cf96df
2009-09-10 03:18 . 2009-09-10 23:38

---

d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 00:35 . 2009-09-09 00:35 123376 ----a-w- c:\windows\hpwins12.dat
2009-09-09 00:35 . 2007-07-08 23:42 1325

---

w- c:\windows\hpwmdl12.dat
2009-09-09 00:35 . 2007-07-04 16:38 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2009-09-05 19:24 . 2009-09-05 19:24

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-08-27 10:55 . 2009-09-03 10:02

---

d

---

w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-08-27 10:55 . 2009-08-27 10:55

---

d

---

w- c:\windows\Hewlett-Packard
2009-08-21 08:04 . 2008-07-06 12:06 89088

---

w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488

---

w- c:\windows\system32\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 575488

---

w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288

---

w- c:\windows\system32\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 1676288

---

w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 08:04 . 2008-07-06 12:06 117760

---

w- c:\windows\system32\prntvpt.dll
2009-08-21 08:04 . 2008-07-06 10:50 597504

---

w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 08:04 . 2009-08-21 08:05

---

d

---

w- C:\a5c6bb0a81d4aef3c4e0d70d8590

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 00:10 . 2004-08-10 04:00 76416 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-17 04:18 . 2006-05-25 10:18 53336 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 03:41 . 2006-11-26 19:11

---

d

---

w- c:\program files\Piolet
2009-09-12 18:31 . 2007-07-23 23:53

---

d

---

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD553.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD551.tmp
2009-09-10 08:00 . 2009-09-10 08:00 76416 ----a-w- c:\windows\system32\drivers\OLD54F.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD54D.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD54B.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD549.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD547.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD545.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD543.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD541.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD53F.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD53D.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD53B.tmp
2009-09-10 07:59 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD539.tmp
2009-09-10 07:58 . 2009-09-10 07:59 76416 ----a-w- c:\windows\system32\drivers\OLD537.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD535.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD533.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD531.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD52F.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD52D.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD52B.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD529.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD527.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD525.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD523.tmp
2009-09-10 07:58 . 2009-09-10 07:58 76416 ----a-w- c:\windows\system32\drivers\OLD521.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD51F.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD51D.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD51B.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD519.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD517.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD515.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD513.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD511.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD50F.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD50D.tmp
2009-09-10 07:57 . 2009-09-10 07:57 76416 ----a-w- c:\windows\system32\drivers\OLD50B.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD509.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD507.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD505.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD503.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD501.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4FF.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4FD.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4FB.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4F9.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4F7.tmp
2009-09-10 07:56 . 2009-09-10 07:56 76416 ----a-w- c:\windows\system32\drivers\OLD4F5.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4F3.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4F1.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4EF.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4ED.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4EB.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E9.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E7.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E5.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E3.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4E1.tmp
2009-09-10 07:55 . 2009-09-10 07:55 76416 ----a-w- c:\windows\system32\drivers\OLD4DF.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4DD.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4DB.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D9.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D7.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D5.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D3.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4D1.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4CF.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4CD.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4CB.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4C9.tmp
2009-09-10 07:54 . 2009-09-10 07:54 76416 ----a-w- c:\windows\system32\drivers\OLD4C7.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4C5.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4C3.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4C1.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4BF.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4BD.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4BB.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B9.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B7.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B5.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B3.tmp
2009-09-10 07:53 . 2009-09-10 07:53 76416 ----a-w- c:\windows\system32\drivers\OLD4B1.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4AF.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4AD.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4AB.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A9.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A7.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A5.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A3.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD4A1.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD49F.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD49D.tmp
2009-09-10 07:52 . 2009-09-10 07:52 76416 ----a-w- c:\windows\system32\drivers\OLD49B.tmp
2009-09-10 07:51 . 2009-09-10 07:51 76416 ----a-w- c:\windows\system32\drivers\OLD499.tmp
2009-09-10 07:51 . 2009-09-10 07:51 76416 ----a-w- c:\windows\system32\drivers\OLD497.tmp
2009-09-10 07:51 . 2009-09-10 07:51 76416 ----a-w- c:\windows\system32\drivers\OLD495.tmp
.

---

Sigcheck

---

[7] 2004-08-09 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[7] 2004-08-09 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2004-08-09 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-17_02.16.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-18 00:09 . 2009-09-18 00:09 16384 c:\windows\temp\Perflib_Perfdata_348.dat
+ 2009-09-18 00:10 . 2009-09-18 00:10 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2007832]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-08 16010240]
"TkBellExe"="realsched.exe" [BU]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-17 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=&quot;"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=&quot;"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver

R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/9/2009 11:14 PM 206256]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/16/2009 10:54 PM 335240]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/16/2009 10:54 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/16/2009 10:53 PM 297752]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tadekihih - c:\windows\system32\wuholove.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 19:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.

---

Other Running Processes

---

.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-18 19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 00:14
ComboFix2.txt 2009-09-17 02:19

Pre-Run: 162,048,856,064 bytes free
Post-Run: 162,285,637,632 bytes free

572 --- E O F --- 2009-09-02 08:00

rpggamergirl

That would explain the Avenger error then.

Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:

---

File::
c:\windows\system32\drivers\OLD553.tmp
c:\windows\system32\drivers\OLD551.tmp
c:\windows\system32\drivers\OLD54F.tmp
c:\windows\system32\drivers\OLD54D.tmp
c:\windows\system32\drivers\OLD54B.tmp
c:\windows\system32\drivers\OLD549.tmp
c:\windows\system32\drivers\OLD547.tmp
c:\windows\system32\drivers\OLD545.tmp
c:\windows\system32\drivers\OLD543.tmp
c:\windows\system32\drivers\OLD541.tmp
c:\windows\system32\drivers\OLD53F.tmp
c:\windows\system32\drivers\OLD53D.tmp
c:\windows\system32\drivers\OLD53B.tmp
c:\windows\system32\drivers\OLD539.tmp
c:\windows\system32\drivers\OLD537.tmp
c:\windows\system32\drivers\OLD535.tmp
c:\windows\system32\drivers\OLD533.tmp
c:\windows\system32\drivers\OLD531.tmp
c:\windows\system32\drivers\OLD52F.tmp
c:\windows\system32\drivers\OLD52D.tmp
c:\windows\system32\drivers\OLD52B.tmp
c:\windows\system32\drivers\OLD529.tmp
c:\windows\system32\drivers\OLD527.tmp
c:\windows\system32\drivers\OLD525.tmp
c:\windows\system32\drivers\OLD523.tmp
c:\windows\system32\drivers\OLD521.tmp
c:\windows\system32\drivers\OLD51F.tmp
c:\windows\system32\drivers\OLD51B.tmp
c:\windows\system32\drivers\OLD519.tmp
c:\windows\system32\drivers\OLD517.tmp
c:\windows\system32\drivers\OLD515.tmp
c:\windows\system32\drivers\OLD513.tmp
c:\windows\system32\drivers\OLD511.tmp
c:\windows\system32\drivers\OLD50F.tmp
c:\windows\system32\drivers\OLD50D.tmp
c:\windows\system32\drivers\OLD50B.tmp
c:\windows\system32\drivers\OLD509.tmp
c:\windows\system32\drivers\OLD507.tmp
c:\windows\system32\drivers\OLD505.tmp
c:\windows\system32\drivers\OLD503.tmp
c:\windows\system32\drivers\OLD501.tmp
c:\windows\system32\drivers\OLD4FF.tmp
c:\windows\system32\drivers\OLD4FD.tmp
c:\windows\system32\drivers\OLD4FB.tmp
c:\windows\system32\drivers\OLD4F9.tmp
c:\windows\system32\drivers\OLD4F7.tmp
c:\windows\system32\drivers\OLD4F5.tmp
c:\windows\system32\drivers\OLD4F3.tmp
c:\windows\system32\drivers\OLD4F1.tmp
c:\windows\system32\drivers\OLD4EF.tmp
c:\windows\system32\drivers\OLD4ED.tmp
c:\windows\system32\drivers\OLD4EB.tmp
c:\windows\system32\drivers\OLD4E9.tmp
c:\windows\system32\drivers\OLD4E7.tmp
c:\windows\system32\drivers\OLD4E5.tmp
c:\windows\system32\drivers\OLD4E3.tmp
c:\windows\system32\drivers\OLD4E1.tmp
c:\windows\system32\drivers\OLD4DF.tmp
c:\windows\system32\drivers\OLD4DD.tmp
c:\windows\system32\drivers\OLD4DB.tmp
c:\windows\system32\drivers\OLD4D9.tmp
c:\windows\system32\drivers\OLD4D7.tmp
c:\windows\system32\drivers\OLD4D5.tmp
c:\windows\system32\drivers\OLD4D3.tmp
c:\windows\system32\drivers\OLD4D1.tmp
c:\windows\system32\drivers\OLD4CF.tmp
c:\windows\system32\drivers\OLD4CD.tmp
c:\windows\system32\drivers\OLD4CB.tmp
c:\windows\system32\drivers\OLD4C9.tmp
c:\windows\system32\drivers\OLD4C7.tmp
c:\windows\system32\drivers\OLD4C5.tmp
c:\windows\system32\drivers\OLD4C3.tmp
c:\windows\system32\drivers\OLD4C1.tmp
c:\windows\system32\drivers\OLD4BF.tmp
c:\windows\system32\drivers\OLD4BD.tmp
c:\windows\system32\drivers\OLD4BB.tmp
c:\windows\system32\drivers\OLD4B9.tmp
c:\windows\system32\drivers\OLD4B7.tmp
c:\windows\system32\drivers\OLD4B5.tmp
c:\windows\system32\drivers\OLD4B3.tmp
c:\windows\system32\drivers\OLD4B1.tmp
c:\windows\system32\drivers\OLD4AF.tmp
c:\windows\system32\drivers\OLD4AD.tmp
c:\windows\system32\drivers\OLD4AB.tmp
c:\windows\system32\drivers\OLD4A9.tmp
c:\windows\system32\drivers\OLD4A7.tmp
c:\windows\system32\drivers\OLD4A5.tmp
c:\windows\system32\drivers\OLD4A3.tmp
c:\windows\system32\drivers\OLD4A1.tmp
c:\windows\system32\drivers\OLD49F.tmp
c:\windows\system32\drivers\OLD49D.tmp
c:\windows\system32\drivers\OLD49B.tmp
c:\windows\system32\drivers\OLD499.tmp
c:\windows\system32\drivers\OLD497.tmp
c:\windows\system32\drivers\OLD495.tmp

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"ddnsfilter"=-

---

3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.



After that can you scan again with OTS and an online Kaspersky scan. Kaspersky won't delete if it finds any threats so you need to save a logfile.
http://www.kaspersky.com/virusscanner

NolaBudMan13

OTS scan is too long so I'll post it in 2 parts ...

[code]
OTS logfile created on: 9/20/2009 7:53:35 PM - Run 2
OTS by OldTimer - Version 3.0.12.0 Folder = K:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 465.41 Mb Available Physical Memory | 48.56% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.50 Gb Total Space | 150.47 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 979.05 Mb Total Space | 799.41 Mb Free Space | 81.65% Space Free | Partition Type: FAT32

Computer Name: KABANG13
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/09/16 22:53:52 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/09/16 22:53:52 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/09/16 22:53:48 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/16 22:53:48 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpsysdrv.exe -> c:\windows\system\hpsysdrv.exe -> [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\HP\KBD\KBD.EXE -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
omg.exe -> K:\OMG.exe -> [2009/09/10 19:06:58 | 00,516,096 | ---- | M] (OldTimer Tools)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2006/03/08 06:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe -> [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)

[Win32 Services - Safe List]
(ARSVC) ARSVC [Win32_Own | Auto | Stopped] -> C:\WINDOWS\arservice.exe -> [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/16 22:53:48 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -> [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -> [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(lavasoft ad-aware service) lavasoft ad-aware service [Win32_Own | Auto | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
(sdauxservice) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(sdcoreservice) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/07/13 16:29:29 | 01,174,152 | ---- | M] (Symantec Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)

[Driver Services - Safe List]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\AGRSM.sys -> [2006/01/25 18:24:30 | 01,149,888 | ---- | M] (Agere Systems)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\AmdK8.sys -> [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices)
(avgldx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/09/16 22:54:17 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgmfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/09/16 22:54:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgtdix) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/09/16 22:54:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -> [2004/03/08 13:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2006/09/11 03:00:00 | 00,387,432 | ---- | M] (Symantec Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2005/10/27 19:24:28 | 00,049,664 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2005/10/27 19:24:30 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2005/10/27 19:24:30 | 00,021,568 | ---- | M] (HP)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2006/03/08 15:27:12 | 04,246,016 | ---- | M] (Realtek Semiconductor Corp.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -> [2006/03/03 16:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -> [2006/03/03 16:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation)
(pctcore) PCTools KDS [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\PCTCore.sys -> [2009/08/24 14:05:06 | 00,206,256 | ---- | M] (PC Tools)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\PS2.sys -> [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/09 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/27 02:55:31 | 00,036,624 | ---- | M] (Sonic Solutions)
(QCDonner) Logitech QuickCam Express [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\OVCD.sys -> [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation)
(RT73) Belkin Wireless G Plus MIMO USB Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\rt73.sys -> [2007/11/09 03:50:42 | 00,452,480 | ---- | M] (Ralink Technology, Corp.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2004/08/03 16:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\serscan.sys -> [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\symlcbrd.sys -> [2006/05/25 05:51:19 | 00,010,344 | ---- | M] (Symantec Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.my.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\firefox\extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/09/16 22:53:53 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{a3bc75a2-1f87-4686-aa43-5347d756017c} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [MSN Toolbar] -> [2009/02/09 21:33:14 | 00,082,768 | ---- | M] (Microsoft Corp.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2009/03/13 17:18:14 | 00,908,528 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/09/16 22:53:48 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 23:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
"HP Software Update" -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/16 00:34:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 01:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"KBD" -> C:\HP\KBD\KBD.EXE [C:\HP\KBD\KBD.EXE] -> [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"Microsoft Default Manager" -> C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ["C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume] -> [2009/02/03 13:05:02 | 00,233,304 | ---- | M] (Microsoft Corp.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/10/07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"Recguard" -> C:\WINDOWS\SMINST\RECGUARD.EXE [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/23 00:14:00 | 00,237,568 | ---- | M] ()
"Reminder" -> C:\Windows\Creator\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> [2004/12/14 04:23:44 | 00,663,552 | ---- | M] (SoftThinks)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/03/08 06:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> ["realsched.exe" -osboot] -> File not found
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"disableregistrytools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Translate English Word -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Backward Links -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cached Snapshot of Page -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmcache.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
Similar Pages -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate Page into English -> c:\program files\google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html] -> [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &Maps -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
Yahoo! &SMS -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2009/04/28 00:15:48 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/27 18:30:03 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Button: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Menu: Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->

NolaBudMan13

Part 2 of OTS scan ...

CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E908B145-C847-4e85-B315-07E2E70DECF8}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab [VerifyGMN Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156614833598 [MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5F2081DF-EABA-47AD-916E-16C7DAA761B9}\\DhcpNameServer -> 192.168.2.1 (Belkin Wireless G Plus MIMO USB Network Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{BE5485AA-FD3B-429B-B68F-1AF97420330E}\\DhcpNameServer -> 192.168.2.1 () ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/09/16 22:54:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM] -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 04:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 04:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 04:11:50 | 00,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\HP Rhapsody\rhapsody.exe" -> C:\Program Files\HP Rhapsody\rhapsody.exe [C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody] -> [2005/11/17 05:01:08 | 05,627,904 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 06:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 04:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 03:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 03:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 03:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 04:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2005/09/21 06:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2005/12/15 21:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2005/09/21 06:40:04 | 00,196,608 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2005/12/15 21:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2005/12/15 20:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 03:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/10 01:41:28 | 00,573,440 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/10 01:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort] -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Piolet\Piolet.exe" -> C:\Program Files\Piolet\Piolet.exe [C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet] -> [2008/11/10 10:48:44 | 01,311,232 | ---- | M] (MP2P Technologies.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\dllhost.exe" -> C:\WINDOWS\System32\dllhost.exe [C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost] -> [2008/04/13 19:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\spoolsv.exe" -> C:\WINDOWS\System32\spoolsv.exe [C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv] -> [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" -> C:\WINDOWS\System32\wbem\wmiprvse.exe [C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse] -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/05/25 05:34:11 | 00,000,100 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
709 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
LastGood -> C:\WINDOWS\LastGood -> [2009/09/20 19:52:40 | 00,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2009/09/20 19:40:11 | 00,000,000 | -HSD | C]
CF16252.exe -> C:\WINDOWS\System32\CF16252.exe -> [2009/09/20 19:39:55 | 00,389,120 | ---- | C] (Microsoft Corporation)
Installer -> C:\Installer -> [2009/09/20 19:39:55 | 00,000,000 | --SD | C]
CF28798.exe -> C:\WINDOWS\System32\CF28798.exe -> [2009/09/20 19:37:12 | 00,389,120 | ---- | C] (Microsoft Corporation)
temp -> C:\WINDOWS\temp -> [2009/09/17 19:04:54 | 00,000,000 | ---D | C]
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/09/17 18:54:19 | 00,031,232 | ---- | C] (NirSoft)
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/09/17 03:09:43 | 00,000,000 | ---D | C]
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/09/16 22:54:28 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
AVG Free 8.5.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk -> [2009/09/16 22:54:28 | 00,001,562 | ---- | C] ()
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/09/16 22:54:26 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/09/16 22:54:17 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/09/16 22:54:16 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/09/16 22:54:03 | 41,588,388 | ---- | C] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/09/16 22:54:01 | 00,112,419 | ---- | C] ()
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/09/16 22:54:00 | 00,463,779 | ---- | C] ()
avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2009/09/16 22:53:58 | 06,061,540 | ---- | C] ()
Avg -> C:\WINDOWS\System32\drivers\Avg -> [2009/09/16 22:53:58 | 00,000,000 | ---D | C]
AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2009/09/16 22:53:57 | 00,000,000 | ---D | C]
AVG -> C:\Program Files\AVG -> [2009/09/16 22:53:48 | 00,000,000 | ---D | C]
avg8 -> C:\Documents and Settings\All Users\Application Data\avg8 -> [2009/09/16 22:53:47 | 00,000,000 | ---D | C]
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/09/16 21:01:16 | 00,229,888 | ---- | C] ()
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/09/16 21:01:16 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/09/16 21:01:16 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/09/16 21:01:16 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> C:\WINDOWS\sed.exe -> [2009/09/16 21:01:16 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/09/16 21:01:16 | 00,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/09/16 21:01:16 | 00,068,096 | ---- | C] ()
ERDNT -> C:\WINDOWS\ERDNT -> [2009/09/16 21:01:09 | 00,000,000 | ---D | C]
Installer.exe -> C:\Documents and Settings\HP_Administrator\Desktop\Installer.exe -> [2009/09/16 20:55:29 | 03,316,998 | R--- | C] ()
Avenger -> C:\Avenger -> [2009/09/16 20:19:43 | 00,000,000 | ---D | C]
MInstaller -> C:\Program Files\MInstaller -> [2009/09/14 19:00:18 | 00,000,000 | ---D | C]
M -> C:\Program Files\M -> [2009/09/12 16:22:02 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/09/12 13:49:26 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/09/12 04:21:24 | 00,000,000 | ---D | C]
0535251103110107106.yux -> C:\WINDOWS\0535251103110107106.yux -> [2009/09/10 22:47:55 | 00,000,002 | ---- | C] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/10 19:08:42 | 00,002,148 | ---- | C] ()
~1 -> C:\Documents and Settings\All Users\Application Data\~1 -> [2009/09/10 19:05:52 | 00,000,000 | -H-D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/10 19:00:16 | 10,051,13344 | -HS- | C] ()
Malwarebytes -> C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes -> [2009/09/10 18:28:16 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/09/10 18:28:09 | 00,000,000 | ---D | C]
~0 -> C:\Documents and Settings\All Users\Application Data\~0 -> [2009/09/10 01:49:43 | 00,000,000 | -H-D | C]
Oberon Media -> C:\Documents and Settings\HP_Administrator\My Documents\Oberon Media -> [2009/09/10 01:42:11 | 00,000,000 | ---D | C]
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/09/09 23:14:34 | 00,159,600 | ---- | C] (PC Tools)
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/09/09 23:14:24 | 00,206,256 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/09/09 23:14:24 | 00,086,888 | ---- | C] (PC Tools)
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/09/09 23:14:24 | 00,007,396 | ---- | C] ()
pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2009/09/09 23:14:12 | 00,064,392 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/09/09 23:14:12 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\HP_Administrator\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2009/09/09 23:14:08 | 00,000,000 | ---D | C]
60e682b77c77cf96df -> C:\60e682b77c77cf96df -> [2009/09/09 22:59:11 | 00,000,000 | ---D | C]
Minidump -> C:\WINDOWS\Minidump -> [2009/09/09 21:40:54 | 00,000,000 | ---D | C]
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:07 | 00,198,948 | ---- | C] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:13 | 00,123,376 | ---- | C] ()
hpwmdl12.dat -> C:\WINDOWS\hpwmdl12.dat -> [2009/09/08 19:35:13 | 00,001,325 | ---- | C] ()
AVG8 -> C:\Documents and Settings\HP_Administrator\Application Data\AVG8 -> [2009/09/05 14:24:58 | 00,000,000 | ---D | C]
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | C] ()
HpUpdate -> C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate -> [2009/08/27 05:55:32 | 00,000,000 | ---D | C]
Hewlett-Packard -> C:\WINDOWS\Hewlett-Packard -> [2009/08/27 05:55:26 | 00,000,000 | ---D | C]
Scans -> C:\Documents and Settings\HP_Administrator\My Documents\Scans -> [2009/08/24 19:52:09 | 00,000,000 | ---D | C]
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2008/11/14 06:15:07 | 00,135,168 | ---- | C] ()
_delis32.ini -> C:\WINDOWS\_delis32.ini -> [2007/07/21 17:53:56 | 00,000,544 | ---- | C] ()
COVERE~1.INI -> C:\WINDOWS\COVERE~1.INI -> [2007/04/21 17:13:18 | 00,000,391 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/04/21 11:55:00 | 00,000,069 | ---- | C] ()
HP_48BitScanUpdatePatch.ini -> C:\WINDOWS\HP_48BitScanUpdatePatch.ini -> [2006/12/26 07:47:17 | 00,000,214 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2006/09/12 18:26:27 | 00,000,025 | ---- | C] ()
HP_CounterReport_Update_HPSU.ini -> C:\WINDOWS\HP_CounterReport_Update_HPSU.ini -> [2006/09/04 18:00:11 | 00,000,227 | ---- | C] ()
HPGdiPlus.ini -> C:\WINDOWS\HPGdiPlus.ini -> [2006/08/28 17:32:29 | 00,000,206 | ---- | C] ()
album.ini -> C:\WINDOWS\album.ini -> [2006/08/14 21:17:32 | 00,000,032 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/25 06:02:17 | 00,000,061 | ---- | C] ()
USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2006/05/25 05:42:10 | 00,028,848 | ---- | C] ()
CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2006/05/25 05:36:55 | 00,014,317 | ---- | C] ()
hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2006/05/25 05:36:49 | 00,045,056 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2006/05/25 05:34:27 | 00,000,174 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/25 05:31:53 | 00,000,376 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/05/25 05:20:39 | 00,000,157 | ---- | C] ()
NSSetDefaultBrowser.ini -> C:\WINDOWS\NSSetDefaultBrowser.ini -> [2006/05/25 05:20:01 | 00,000,698 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/05/25 05:05:24 | 00,001,793 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/05/25 05:02:49 | 01,703,936 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/05/25 05:02:49 | 01,486,848 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/05/25 05:02:49 | 01,019,904 | ---- | C] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/05/25 05:02:49 | 00,573,440 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/05/25 05:02:49 | 00,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/05/25 05:02:49 | 00,286,720 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/05/25 05:01:19 | 00,000,791 | ---- | C] ()
pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2006/05/25 04:41:17 | 00,323,584 | ---- | C] ()
pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2006/05/25 04:41:17 | 00,094,208 | ---- | C] ()
bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2006/05/25 04:40:58 | 00,016,896 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2006/03/17 19:23:44 | 00,000,000 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2005/08/30 23:02:00 | 00,000,792 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2005/08/30 15:52:36 | 00,000,264 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 23:01:54 | 00,235,008 | ---- | C] ()
armcex.dll -> C:\WINDOWS\armcex.dll -> [2005/08/03 01:19:16 | 00,050,176 | ---- | C] ()
qt-mt331.dll -> C:\WINDOWS\System32\qt-mt331.dll -> [2004/10/26 17:39:05 | 03,375,104 | ---- | C] ()
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2004/08/09 23:00:00 | 00,076,416 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/07/26 09:51:38 | 00,000,560 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/08 00:05:08 | 00,002,695 | ---- | C] ()
hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2001/07/07 00:30:00 | 00,003,399 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [1999/08/10 12:02:20 | 00,116,736 | ---- | C] ()
lffpx7.dll -> C:\WINDOWS\System32\lffpx7.dll -> [1999/08/10 12:02:16 | 00,343,040 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
8 C:\Documents and Settings\HP_Administrator\Local Settings\temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\*.tmp ->
beep.sys -> C:\WINDOWS\System32\drivers\beep.sys -> [2009/09/20 19:57:56 | 00,076,416 | ---- | M] ()
beep.sys -> C:\WINDOWS\System32\dllcache\beep.sys -> [2009/09/20 19:52:35 | 00,076,416 | ---- | M] ()
hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2009/09/20 19:45:54 | 00,000,188 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/20 19:45:30 | 00,002,148 | ---- | M] ()
Perflib_Perfdata_400.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_400.dat -> [2009/09/20 19:44:14 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/20 19:43:23 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/09/20 19:43:12 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/20 19:43:01 | 10,051,13344 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\HP_Administrator\ntuser.dat -> [2009/09/20 19:41:56 | 05,242,880 | ---- | M] ()
catchme.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\catchme.dll -> [2009/09/20 19:40:57 | 00,053,248 | ---- | M] ()
CF16252.exe -> C:\WINDOWS\System32\CF16252.exe -> [2009/09/20 19:37:51 | 00,389,120 | ---- | M] (Microsoft Corporation)
Installer.exe -> C:\Documents and Settings\HP_Administrator\Desktop\Installer.exe -> [2009/09/20 19:37:29 | 03,316,998 | R--- | M] ()
CF28798.exe -> C:\WINDOWS\System32\CF28798.exe -> [2009/09/20 19:36:39 | 00,389,120 | ---- | M] (Microsoft Corporation)
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/09/20 18:07:31 | 41,588,388 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/09/20 18:07:08 | 00,112,419 | ---- | M] ()
mPlayer.3.0.9.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\mProjector1838663841\mPlayer.3.0.9.dll -> [2009/09/20 17:52:40 | 00,122,880 | ---- | M] ()
FriendFinder Messenger v4.1.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\FriendFinder Messenger v4.1.lnk -> [2009/09/20 17:52:37 | 00,002,557 | ---- | M] ()
Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2009/09/19 14:42:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e48.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e48.dat -> [2009/09/17 22:15:23 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_f18.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\Perflib_Perfdata_f18.dat -> [2009/09/17 22:15:22 | 00,016,384 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/09/17 19:09:44 | 00,000,264 | ---- | M] ()
Perflib_Perfdata_348.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_348.dat -> [2009/09/17 19:09:02 | 00,016,384 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/09/17 19:08:47 | 00,000,027 | ---- | M] ()
rekesetu -> C:\WINDOWS\System32\rekesetu -> [2009/09/16 23:10:56 | 00,011,168 | -H-- | M] ()
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/09/16 22:54:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
AVG Free 8.5.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk -> [2009/09/16 22:54:28 | 00,001,562 | ---- | M] ()
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/09/16 22:54:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/09/16 22:54:17 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/09/16 22:54:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/09/16 22:54:01 | 00,463,779 | ---- | M] ()
avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2009/09/16 22:54:00 | 06,061,540 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/09/16 20:37:30 | 00,000,792 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/09/16 20:37:30 | 00,000,279 | RHS- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/16 19:52:18 | 00,082,944 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db -> [2009/09/16 19:46:17 | 05,299,996 | -H-- | M] ()
Global.sw2 -> C:\Documents and Settings\All Users\Documents\Global.sw2 -> [2009/09/15 22:26:04 | 00,009,385 | ---- | M] ()
Piolet.lnk -> C:\Documents and Settings\All Users\Desktop\Piolet.lnk -> [2009/09/15 22:25:58 | 00,000,709 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/09/14 02:12:36 | 00,229,888 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/09/13 01:45:51 | 00,008,284 | ---- | M] ()
0535251103110107106.yux -> C:\WINDOWS\0535251103110107106.yux -> [2009/09/10 22:47:55 | 00,000,002 | ---- | M] ()
IrfanView.lnk -> C:\Documents and Settings\All Users\Desktop\IrfanView.lnk -> [2009/09/10 18:54:13 | 00,000,959 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/09 16:42:14 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/09 16:42:14 | 00,004,232 | ---- | M] ()
Ass 003.jpg -> C:\Documents and Settings\HP_Administrator\My Documents\Ass 003.jpg -> [2009/09/09 01:05:09 | 00,198,948 | ---- | M] ()
hpwins12.dat -> C:\WINDOWS\hpwins12.dat -> [2009/09/08 19:35:23 | 00,123,376 | ---- | M] ()
album.ini -> C:\WINDOWS\album.ini -> [2009/08/31 00:29:27 | 00,000,032 | ---- | M] ()
Shortcut to My Pictures.lnk -> C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Pictures.lnk -> [2009/08/30 19:23:18 | 00,000,555 | ---- | M] ()
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/08/24 14:05:06 | 00,206,256 | ---- | M] (PC Tools)
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/09/18 16:24:06 | 00,166,221 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/18 16:22:18 | 00,016,384 | ---- | M] ()

[Files/Folders - Unicode - All]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:33 | 00,000,000 | ---D | C]
C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData -> C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData -> [2007/04/21 18:39:51 | 00,000,000 | ---D | M]

[Alternate Data Streams]
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
[/code]

NolaBudMan13

FYI ... I tried running the Kaspersky online scanner a couple times over the last 2 days. It seems to scan but I get no log file when it's done.