GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

First vut.exe, now this

View previous topic View next topic Go down

First vut.exe, now this

Post by cicero_x on Tue Jun 14, 2011 1:16 am

Hey!

A few nights ago i noticed that my computer wasn't performing as well as I like it to. I opened the task manager to see if anything looked abnormal. Saw a 'vut.exe' that I hadn't seen before, so I stopped it and attempted to get rid of it, but it kept coming back. Was finally able to delete it and empty my recycle bin, but now whenever I try to open a program I get the "Open With" window, with no option to select 'Always use this selection to open this type of file'. Even when I open files through double clicking and tracking down the file again in the "Open With" window, they don't seem to run properly. I also tried to go to the control panel to attempt to try something there, but all of the icons give me a 'C:\WINDOWS\system32\rundll32.exe Application not found' message. Please help!

Below is the report from OTL. About 40 seconds in I got a "Windows - No Disk" message that said: "Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c". Don't know if this means anything, but I figure including it here wouldn't hurt. will run the scans from aswMBR and Security Check and will post those results upon completion of the scans. Thank you!

OTL logfile created on: 6/13/2011 5:56:54 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.02 Gb Total Space | 145.03 Gb Free Space | 64.74% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 48.52 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive E: | 8.84 Gb Total Space | 0.48 Gb Free Space | 5.45% Space Free | Partition Type: FAT32
Drive O: | 149.01 Gb Total Space | 4.21 Gb Free Space | 2.82% Space Free | Partition Type: FAT32

Computer Name: BIGDUDE | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/17 21:06:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/09 22:04:33 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
PRC - [2005/10/12 12:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 21:06:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- D:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - File not found [Auto | Stopped] -- C:\bin\httpd.exe -- (Apache2.2)
SRV - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/01/18 21:10:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/09 22:04:33 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2006/08/14 11:53:03 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/10/12 12:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2011/06/13 17:24:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75806283-A204-486B-9B57-B43DDBAF7453}\MpKsl9e53b919.sys -- (MpKsl9e53b919)
DRV - [2011/06/10 16:54:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75806283-A204-486B-9B57-B43DDBAF7453}\MpKsl16ece967.sys -- (MpKsl16ece967)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/05 02:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/10/20 16:52:19 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/07/13 15:03:48 | 000,079,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmserd.sys -- (mqdmserd)
DRV - [2006/07/13 15:03:12 | 000,092,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmmdm.sys -- (mqdmmdm)
DRV - [2006/07/13 15:02:40 | 000,009,232 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmmdfl.sys -- (mqdmmdfl) Motorola USB Modem (Filter)
DRV - [2006/07/13 14:58:00 | 000,066,656 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmbus.sys -- (mqdmbus) Motorola DM Composite Driver (WDM)
DRV - [2006/04/20 07:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 06:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/25 09:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/08 07:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 07:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 07:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 07:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 07:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/10/05 03:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/11/05 15:54:14 | 000,420,870 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICM10USB.sys -- (ICM10USB) Intel(r)
DRV - [2001/11/05 14:54:38 | 000,014,182 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\icm10blk.sys -- (icm10blk) Intel(r)
DRV - [2001/08/23 12:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: close@doubleclick:1.12
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {44C2CACE-0D2F-4BA1-9D71-09D398B9E42E}:0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.7
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {66bd2442-241b-44cd-8c7a-b51037053cdb}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 09:23:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 09:23:18 | 000,000,000 | ---D | M]

[2008/12/12 21:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/06/13 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions
[2011/01/14 08:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/07/08 17:53:58 | 000,000,000 | ---D | M] (MegaUpload Time Attack) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c}
[2010/05/03 08:33:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/01 17:02:21 | 000,000,000 | ---D | M] (Fark Tags) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{20F15C99-8BF3-4eb9-8EDE-575C4E80D923}
[2011/06/10 16:56:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/26 10:15:10 | 000,000,000 | ---D | M] (KickassTorrents Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{44C2CACE-0D2F-4BA1-9D71-09D398B9E42E}
[2011/05/01 09:23:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/05 05:59:54 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2009/07/08 17:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{9c9c8cff-c707-48b9-b81e-6fceeb4ce43e}
[2009/04/02 19:52:30 | 000,000,000 | ---D | M] (Farkit) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{9c9c8cff-c707-48b9-b81e-6fceeb4ce43f}
[2010/09/11 10:26:57 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011/06/13 17:31:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/05 05:59:48 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/13 11:28:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/12/13 22:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\CLIP@chris.synan
[2010/01/26 23:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\close@doubleclick
[2011/04/05 05:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\engine@conduit.com
[2010/05/03 08:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\firedownload@mozilla.org
[2011/04/05 05:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\piclens@cooliris.com
[2009/07/08 17:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\remove-new-tab-button@forerunnerdesigns.com
[2009/12/12 21:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\tabberwocky@studio17.wordpress.com
[2011/03/08 00:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\tineye@ideeinc.com
[2011/05/01 09:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2006/11/20 19:21:07 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/03/10 19:43:53 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2008/10/02 18:59:20 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/12/12 21:40:03 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/12/14 18:27:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [{B23C9422-3C67-A840-815F-3D66ED53470C}] C:\Documents and Settings\HP_Administrator\Application Data\Ixtu\oquf.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ryrghiyb] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\totwxicwc\laccanxsika.exe File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{638547C2-2ABA-46F4-AE28-85FF6E83CB54}\_18be6784.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe File not found
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/07 20:51:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/06/10 21:22:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/14 18:50:45 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/14 18:50:45 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/14 17:50:46 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/05/02 15:47:02 | 000,000,000 | RH-D | M] - O:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/12/14 17:50:48 | 000,000,000 | RHSD | M] - O:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8ddaefe6-4139-11df-9f40-001731b0cc97}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{8ddaefe6-4139-11df-9f40-001731b0cc97}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{ff437c2d-3078-11dc-8f0b-001731b0cc97}\Shell - "" = AutoRun
O33 - MountPoints2\{ff437c2d-3078-11dc-8f0b-001731b0cc97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff437c2d-3078-11dc-8f0b-001731b0cc97}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "%1" %* File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {052D456C-E710-9219-7F59-61340A62CAD0} - Microsoft Windows Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10D65296-989E-7202-EF2A-9CCC44FD7503} - Outlook Express
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49DA818B-3815-D4F0-348E-10866C4DD5B4} - NetShow
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7277423D-B6C3-19B6-2960-9EC72B99469C} - Java (Sun)
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {97DFC8F1-D54C-77ED-1E1F-37B44743CDFC} - NetShow
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A2C36BD0-E17C-7E4A-4123-B9F6FA387649} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {A68E9532-9FB2-65BA-EED0-5C34D02083A7} - Vector Graphics Rendering (VML)
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {AC343DBC-F803-68E1-3166-71018F9BDB57} - Internet Explorer
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C7B95F45-A768-3EE0-A41C-CA1E65FD2A09} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll ([You must be registered and logged in to see this link.]
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 22:03:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 17:55:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3788916967-3067819686-3848672155-1008UA.job
[2011/06/13 17:29:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/13 17:26:02 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2011/06/13 17:25:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 17:25:42 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/13 17:25:10 | 000,005,077 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2011/06/13 17:24:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/13 17:24:21 | 2145,865,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 17:22:06 | 000,005,381 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled.wmv
[2011/06/13 17:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/06/13 16:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/06/13 15:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/06/13 14:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/06/13 13:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/06/13 12:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/06/13 11:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/06/13 10:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/06/13 09:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/06/13 08:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/06/13 07:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/06/13 06:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/06/13 05:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/06/13 04:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/06/13 03:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/13 02:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/13 01:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/13 00:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/12 23:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/06/12 22:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/06/12 21:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/06/12 20:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/06/12 19:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/06/12 18:55:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3788916967-3067819686-3848672155-1008Core.job
[2011/06/12 18:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/06/12 12:45:38 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/12 12:43:08 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/10 16:57:31 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/06/09 00:56:11 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/06/09 00:56:11 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/08 20:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/30 16:14:39 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/30 16:08:31 | 000,001,460 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/30 16:08:31 | 000,001,460 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/26 20:33:25 | 002,595,063 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\funny-gifs-shopping.gif
[2011/05/24 22:03:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

...continued next post

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Tue Jun 14, 2011 1:17 am


========== Files Created - No Company Name ==========

[2011/06/13 17:22:06 | 000,005,381 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled.wmv
[2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/26 20:33:24 | 002,595,063 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\funny-gifs-shopping.gif
[2010/12/05 23:45:47 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\CA2E.597
[2010/10/11 01:08:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dsfsds.bat
[2010/08/21 09:27:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/01 20:28:23 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2009/09/01 20:28:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2009/04/13 08:00:04 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/12 21:38:17 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/17 00:39:42 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/02/17 00:39:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/02/16 22:50:49 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/27 02:13:49 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/27 02:13:49 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/14 03:33:32 | 000,000,542 | ---- | C] () -- C:\Program Files\WS_FTP.LOG
[2007/01/06 15:27:18 | 001,024,000 | ---- | C] () -- C:\WINDOWS\System32\ewmpegco.dll
[2006/10/30 21:53:19 | 000,002,994 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 16:35:31 | 006,615,041 | ---- | C] () -- C:\Program Files\Library.xml
[2006/08/16 20:04:48 | 000,040,579 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/08/16 20:04:48 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/16 20:00:34 | 000,006,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/16 20:00:34 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/13 20:54:35 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/07 23:19:12 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/10 21:47:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/10 21:28:08 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/10 21:24:51 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/10 21:24:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/10 21:22:35 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/10 21:20:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/10 21:10:28 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/10 21:09:51 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/10 20:58:49 | 000,003,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/10 20:57:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/10 20:55:07 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/10 20:55:07 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/10 20:55:07 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/10 20:55:07 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/10 20:53:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/10 20:33:26 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/10 20:33:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/10 20:33:07 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 10:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 14:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2006/08/21 22:44:23 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/03/24 16:49:43 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/14 09:25:40 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 09:25:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/14 09:25:59 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2004/08/09 14:00:00 | 000,127,213 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ega.cpi
[2005/08/30 06:55:16 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2008/04/13 08:42:06 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[2010/05/16 13:57:20 | 000,000,194 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\TVersityMediaServer.log
[2011/06/13 17:25:42 | 000,420,889 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vsconfig.xml
[2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\WINDOWS\system32\vsdatant.sys
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/01/27 00:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2006/10/20 16:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2009/05/23 13:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Actiontec
[2010/10/17 21:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/27 00:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Alex Feinman
[2007/09/11 18:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/08 18:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2009/11/09 22:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/04/24 09:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/04/13 21:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2011/03/13 13:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2011/04/25 15:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/11/22 23:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/03/29 13:40:28 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/10/17 21:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/11 08:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/01/28 20:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/03/13 13:47:27 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2009/09/16 18:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertHelper
[2009/08/23 23:18:43 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2007/08/16 16:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007/02/28 19:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2006/06/10 20:35:47 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2007/11/07 23:41:54 | 000,000,000 | ---D | M] -- C:\Program Files\eRightSoft
[2010/08/21 09:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/08/23 23:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2009/10/25 15:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2007/06/04 03:08:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/11/16 05:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2008/12/29 19:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/08/22 16:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/06/10 21:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\HP DigitalMedia Archive
[2006/06/10 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\HP Rhapsody
[2009/08/23 23:37:17 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/06/10 20:53:11 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/13 03:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/25 15:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/25 15:29:32 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/11/11 23:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/08/14 12:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/01/27 01:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2009/11/09 21:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2009/06/15 07:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/01 21:25:24 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/05 09:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/07/17 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/12/31 14:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Broadband Networking
[2008/08/10 03:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/14 11:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/09/13 02:18:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/01/28 20:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/04/22 22:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/06/10 21:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/06/10 21:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/11/16 22:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola USB Drivers
[2010/08/13 03:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/01 09:23:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/07 19:56:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/09/13 02:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/14 11:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/06/10 21:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/11/14 11:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/19 04:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/04/19 19:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/02/05 23:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2008/07/02 22:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2007/02/16 22:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/11/24 02:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/06/10 21:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2010/10/17 21:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2006/06/10 21:31:48 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 04:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/06/10 21:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2006/06/10 21:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2009/04/09 23:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2007/04/19 19:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2011/03/27 08:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/05/23 14:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Qwest
[2006/06/10 21:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/07 19:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/01/18 21:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2007/01/27 02:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Setup
[2009/10/18 02:18:12 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2007/06/18 17:27:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/07/29 20:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek-Test
[2008/08/08 17:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2008/12/02 00:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/10/25 17:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity
[2010/08/21 09:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity Codec Pack
[2011/01/28 20:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\TVersitybar
[2005/11/11 08:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/06/10 21:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2011/03/13 13:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/03/13 13:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentBar
[2008/11/16 22:06:16 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2006/12/24 15:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/06/26 17:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2006/06/10 21:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/07/23 04:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/05 09:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/07/05 09:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/03/02 02:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/02/19 03:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/24 02:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/14 11:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/11 08:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/09/01 15:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/08/16 20:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\WS_FTP
[2005/11/14 11:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/12/27 01:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/12/12 21:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2008/12/12 21:40:02 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarmSB


< MD5 for: AGP440.SYS >
[2004/08/09 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/09 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/09 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/09 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\cmdcons\iastor.sys
[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\hp\drivers\Intel_SATA_RAID_ICH7DH\iastor.sys
[2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\iaStor.sys
[2005/10/12 12:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2005/06/16 23:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-12 10:06:12

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" File not found
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode File not found
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 18:04:16 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 18:04:16 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 18:04:16 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE [2005/11/28 16:44:04 | 000,270,336 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -chrome "chrome://browser/content/pref/pref.xul" [2005/11/28 16:44:04 | 000,270,336 | ---- | M] (Netscape)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" File not found
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode File not found
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 18:04:16 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 18:04:16 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 18:04:16 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE [2005/11/28 16:44:04 | 000,270,336 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -chrome "chrome://browser/content/pref/pref.xul" [2005/11/28 16:44:04 | 000,270,336 | ---- | M] (Netscape)

< End of report >

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Tue Jun 14, 2011 1:24 am

< aswMBR.txt >

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-13 18:21:41
-----------------------------
18:21:41.062 OS Version: Windows 5.1.2600 Service Pack 3
18:21:41.062 Number of processors: 2 586 0x604
18:21:41.062 ComputerName: BIGDUDE UserName:
18:21:41.906 Initialize success
18:23:07.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:23:07.093 Disk 0 Vendor: ST325082 3.AH Size: 238475MB BusType: 3
18:23:07.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
18:23:07.093 Disk 1 Vendor: ST325082 3.AH Size: 238475MB BusType: 3
18:23:07.093 Disk 0 MBR read successfully
18:23:07.093 Disk 0 MBR scan
18:23:07.093 Disk 0 unknown MBR code
18:23:07.093 Disk 0 scanning sectors +488392065
18:23:07.125 Disk 0 scanning C:\WINDOWS\system32\drivers
18:23:12.375 Service scanning
18:23:13.500 Disk 0 trace - called modules:
18:23:13.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:23:13.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaa2548]
18:23:13.531 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8aa0a030]
18:23:13.531 Scan finished successfully
18:23:40.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
18:23:40.750 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by Belahzur on Tue Jun 14, 2011 3:57 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.




Next,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found
    O4 - HKCU..\Run: [{B23C9422-3C67-A840-815F-3D66ED53470C}] C:\Documents and Settings\HP_Administrator\Application Data\Ixtu\oquf.exe File not found
    O4 - HKCU..\Run: [ryrghiyb] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\totwxicwc\laccanxsika.exe File not found
    O4 - HKCU..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "%1" %* File not found
    [2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
    [2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
    [2010/10/11 01:08:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dsfsds.bat
    [2010/12/05 23:45:47 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\CA2E.597

    :files
    C:\WINDOWS\tasks\At*.job

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Thu Jun 16, 2011 4:15 am

Can't get RKill to run as RKill, eXplorer.exe, or iExplorer.exe. Got OTL to run with the custom stuff you posted above...here's the log:

OTL logfile created on: 6/15/2011 6:50:13 PM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.02 Gb Total Space | 144.51 Gb Free Space | 64.51% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 48.49 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive E: | 8.84 Gb Total Space | 0.48 Gb Free Space | 5.45% Space Free | Partition Type: FAT32
Drive O: | 149.01 Gb Total Space | 4.21 Gb Free Space | 2.82% Space Free | Partition Type: FAT32

Computer Name: BIGDUDE | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 18:28:23 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eXplorer.com
PRC - [2011/06/15 18:23:51 | 001,007,120 | ---- | M] () -- D:\incoming\rkill.exe
PRC - [2011/04/14 09:25:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/17 21:06:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/09 22:04:33 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
PRC - [2005/10/12 12:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 21:06:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- D:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - File not found [Auto | Stopped] -- C:\bin\httpd.exe -- (Apache2.2)
SRV - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/01/18 21:10:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/09 22:04:33 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2006/08/14 11:53:03 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/10/12 12:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/05 02:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/10/20 16:52:19 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/07/13 15:03:48 | 000,079,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmserd.sys -- (mqdmserd)
DRV - [2006/07/13 15:03:12 | 000,092,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmmdm.sys -- (mqdmmdm)
DRV - [2006/07/13 15:02:40 | 000,009,232 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmmdfl.sys -- (mqdmmdfl) Motorola USB Modem (Filter)
DRV - [2006/07/13 14:58:00 | 000,066,656 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqdmbus.sys -- (mqdmbus) Motorola DM Composite Driver (WDM)
DRV - [2006/04/20 07:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 06:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/25 09:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/08 07:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 07:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 07:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 07:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 07:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/10/05 03:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/11/05 15:54:14 | 000,420,870 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICM10USB.sys -- (ICM10USB) Intel(r)
DRV - [2001/11/05 14:54:38 | 000,014,182 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\icm10blk.sys -- (icm10blk) Intel(r)
DRV - [2001/08/23 12:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: close@doubleclick:1.12
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {44C2CACE-0D2F-4BA1-9D71-09D398B9E42E}:0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.7
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {66bd2442-241b-44cd-8c7a-b51037053cdb}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 09:23:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 09:23:18 | 000,000,000 | ---D | M]

[2008/12/12 21:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/06/15 18:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions
[2011/01/14 08:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/07/08 17:53:58 | 000,000,000 | ---D | M] (MegaUpload Time Attack) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c}
[2010/05/03 08:33:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/01 17:02:21 | 000,000,000 | ---D | M] (Fark Tags) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{20F15C99-8BF3-4eb9-8EDE-575C4E80D923}
[2011/06/10 16:56:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/26 10:15:10 | 000,000,000 | ---D | M] (KickassTorrents Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{44C2CACE-0D2F-4BA1-9D71-09D398B9E42E}
[2011/06/15 18:44:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/05 05:59:54 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2009/07/08 17:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{9c9c8cff-c707-48b9-b81e-6fceeb4ce43e}
[2009/04/02 19:52:30 | 000,000,000 | ---D | M] (Farkit) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{9c9c8cff-c707-48b9-b81e-6fceeb4ce43f}
[2010/09/11 10:26:57 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011/06/13 17:31:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/05 05:59:48 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/13 11:28:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/12/13 22:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\CLIP@chris.synan
[2010/01/26 23:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\close@doubleclick
[2011/04/05 05:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\engine@conduit.com
[2010/05/03 08:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\firedownload@mozilla.org
[2011/04/05 05:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\piclens@cooliris.com
[2009/07/08 17:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\remove-new-tab-button@forerunnerdesigns.com
[2009/12/12 21:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\tabberwocky@studio17.wordpress.com
[2011/03/08 00:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\extensions\tineye@ideeinc.com
[2011/05/01 09:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2006/11/20 19:21:07 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/03/10 19:43:53 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2008/10/02 18:59:20 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/12/12 21:40:03 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/12/14 18:27:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [{B23C9422-3C67-A840-815F-3D66ED53470C}] C:\Documents and Settings\HP_Administrator\Application Data\Ixtu\oquf.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ryrghiyb] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\totwxicwc\laccanxsika.exe File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{638547C2-2ABA-46F4-AE28-85FF6E83CB54}\_18be6784.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe File not found
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/11/22 23:30:07 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/07 20:51:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/06/10 21:22:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/14 18:50:45 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/14 18:50:45 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/14 17:50:46 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/05/02 15:47:02 | 000,000,000 | RH-D | M] - O:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/12/14 17:50:48 | 000,000,000 | RHSD | M] - O:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8ddaefe6-4139-11df-9f40-001731b0cc97}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{8ddaefe6-4139-11df-9f40-001731b0cc97}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{ff437c2d-3078-11dc-8f0b-001731b0cc97}\Shell - "" = AutoRun
O33 - MountPoints2\{ff437c2d-3078-11dc-8f0b-001731b0cc97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff437c2d-3078-11dc-8f0b-001731b0cc97}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "%1" %* File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 22:03:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 18:40:48 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/15 18:36:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 18:36:51 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2011/06/15 18:36:32 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/15 18:36:01 | 000,005,077 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2011/06/15 18:35:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 18:35:25 | 2145,865,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 18:28:23 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eXplorer.com
[2011/06/15 18:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/06/15 17:55:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3788916967-3067819686-3848672155-1008UA.job
[2011/06/15 17:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/06/15 16:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/06/15 15:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/06/15 14:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/06/15 13:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/06/15 12:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/06/15 11:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/06/15 10:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/06/15 09:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/06/15 08:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/06/15 07:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/06/15 06:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/06/15 05:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/06/15 04:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/06/15 03:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/15 02:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/15 01:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/15 00:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/14 23:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/06/14 22:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/06/14 21:55:58 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/06/14 21:55:58 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 21:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/06/14 20:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/06/14 19:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/06/14 18:55:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3788916967-3067819686-3848672155-1008Core.job
[2011/06/13 18:23:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
[2011/06/13 17:22:06 | 000,005,381 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled.wmv
[2011/06/12 12:45:38 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/12 12:43:08 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/10 16:57:31 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/06/08 20:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/30 16:14:39 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/30 16:08:31 | 000,001,460 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/30 16:08:31 | 000,001,460 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/26 20:33:25 | 002,595,063 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\funny-gifs-shopping.gif
[2011/05/24 22:03:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 18:28:20 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eXplorer.com
[2011/06/13 18:23:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
[2011/06/13 17:22:06 | 000,005,381 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled.wmv
[2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2
[2011/05/26 20:33:24 | 002,595,063 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\funny-gifs-shopping.gif
[2010/12/05 23:45:47 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\CA2E.597
[2010/10/11 01:08:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dsfsds.bat
[2010/08/21 09:27:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/01 20:28:23 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2009/09/01 20:28:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2009/04/13 08:00:04 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/12 21:38:17 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/17 00:39:42 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/02/17 00:39:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/02/16 22:50:49 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/27 02:13:49 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/27 02:13:49 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/14 03:33:32 | 000,000,542 | ---- | C] () -- C:\Program Files\WS_FTP.LOG
[2007/01/06 15:27:18 | 001,024,000 | ---- | C] () -- C:\WINDOWS\System32\ewmpegco.dll
[2006/10/30 21:53:19 | 000,002,994 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 16:35:31 | 006,615,041 | ---- | C] () -- C:\Program Files\Library.xml
[2006/08/16 20:04:48 | 000,040,579 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/08/16 20:04:48 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/16 20:00:34 | 000,006,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/16 20:00:34 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/13 20:54:35 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/07 23:19:12 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/10 21:47:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/10 21:28:08 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/10 21:24:51 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/10 21:24:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/10 21:22:35 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/10 21:20:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/10 21:10:28 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/10 21:09:51 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/10 20:58:49 | 000,003,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/10 20:57:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/10 20:55:07 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/10 20:55:07 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/10 20:55:07 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/10 20:55:07 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/10 20:53:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/10 20:33:26 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/10 20:33:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/10 20:33:07 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 10:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 14:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< :OTL >

< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKLM..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found >

< O4 - HKCU..\Run: [{B23C9422-3C67-A840-815F-3D66ED53470C}] C:\Documents and Settings\HP_Administrator\Application Data\Ixtu\oquf.exe File not found >

< O4 - HKCU..\Run: [ryrghiyb] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\totwxicwc\laccanxsika.exe File not found >

< O4 - HKCU..\Run: [siknmdwo] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe File not found >

< O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vut.exe" -a "%1" %* File not found >

< [2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2 >
Invalid Switch: 30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2


< [2011/05/30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2 >
Invalid Switch: 30 16:05:02 | 000,001,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\621g73w1t32s28rbr6d2q484sxtka4h075t2


< [2010/10/11 01:08:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dsfsds.bat >
Invalid Switch: 11 01:08:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dsfsds.bat


< [2010/12/05 23:45:47 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\CA2E.597 >
Invalid Switch: 05 23:45:47 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\CA2E.597


< >

< :files >

< C:\WINDOWS\tasks\At*.job >
[2011/06/15 00:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/15 09:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/06/15 10:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/06/15 11:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/06/15 12:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/06/15 13:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/06/15 14:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/06/15 15:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/06/15 16:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/06/15 17:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/06/15 18:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/06/15 01:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/14 19:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/06/14 20:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/06/14 21:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/06/14 22:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/06/14 23:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/06/15 02:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/15 03:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/15 04:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/06/15 05:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/06/15 06:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/06/15 07:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/06/15 08:11:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

< >

< :commands >

< [emptytemp] >

< [reboot] >

< End of report >

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Thu Jun 16, 2011 4:17 am

When I tried to run RKill with any of the file names, it kept bringing me back to the "Open With" box. When I tried to pick the actual file to open, it would instead open an additional "Open With" box. After the fourth one I stopped. Also, above the list of programs and icons to select from, the file name changes from explore.exe or iexplore.exe to File:userinit.exe. There are about 30 instances of this file in my Local Settings\temp\ folders. Hopefully this helps. Please let me know if I'm missing anything. Thank you


Last edited by cicero_x on Thu Jun 16, 2011 4:26 am; edited 1 time in total (Reason for editing : Left out some info)

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by Belahzur on Thu Jun 16, 2011 7:47 pm

Hello.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Fri Jun 17, 2011 12:04 am

exeHelper by Raktor
Build 20100414
Run at 17:02:40 on 06/16/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by Belahzur on Fri Jun 17, 2011 12:06 am

Okay that fixed the file association issue.

Try my OTL fix again please, you hit the scan button and not the fix button when you went to do the fix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Fri Jun 17, 2011 12:09 am

exeHelper by Raktor
Build 20100414
Run at 17:02:40 on 06/16/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Fri Jun 17, 2011 12:10 am

After running this I can double click on files and have them open now!

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by Belahzur on Fri Jun 17, 2011 5:50 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by cicero_x on Sun Jun 19, 2011 9:59 am

ComboFix 11-06-17.04 - HP_Administrator 06/19/2011 2:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1411 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: ZoneAlarm Security Suite Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Ain\WINDOWS
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HP_Administrator\0.036420485205955644.exe
c:\documents and settings\HP_Administrator\Application Data\Ixtu\oquf.exe
c:\documents and settings\HP_Administrator\Recent\Thumbs.db
c:\documents and settings\HP_Administrator\Templates\621g73w1t32s28rbr6d2q484sxtka4h075t2
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\MCX1\WINDOWS
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-17 00:34 . 2011-06-17 00:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7060B5CD-8217-41E6-A0F1-15DB115E965A}\MpKsl6aa8e1ec.sys
2011-06-17 00:34 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7060B5CD-8217-41E6-A0F1-15DB115E965A}\mpengine.dll
2011-05-25 05:03 . 2011-05-25 05:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:14 . 2010-04-24 17:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-09 20:46 . 2010-04-25 10:52 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-14 16:26 . 2011-05-01 16:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-09-12 10:46 227328 --sha-r- c:\windows\system32\ac3DX.ax.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-10 23:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-10 27136]
.
c:\documents and settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-10 27136]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-1-27 576000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Broadband Networking.lnk - c:\windows\Installer\{638547C2-2ABA-46F4-AE28-85FF6E83CB54}\_18be6784.exe [2006-8-7 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
.
R1 MpKsl6aa8e1ec;MpKsl6aa8e1ec;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7060B5CD-8217-41E6-A0F1-15DB115E965A}\MpKsl6aa8e1ec.sys [6/16/2011 5:34 PM 28752]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [6/10/2006 8:56 PM 82048]
S2 Apache2.2;Apache2.2;"c:\bin\httpd.exe" -k runservice --> c:\bin\httpd.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 2:00 PM 14336]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [6/10/2006 8:55 PM 468768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6AA8E1EC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788916967-3067819686-3848672155-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-17 09:40]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788916967-3067819686-3848672155-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-17 09:40]
.
2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9gybcsag.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-siknmdwo - c:\documents and settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe
HKCU-Run-{B23C9422-3C67-A840-815F-3D66ED53470C} - c:\documents and settings\HP_Administrator\Application Data\Ixtu\oquf.exe
HKLM-Run-siknmdwo - c:\documents and settings\HP_Administrator\Local Settings\Application Data\penrpi\eudosysguard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-19 02:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-19 02:57:00
ComboFix-quarantined-files.txt 2011-06-19 09:56
ComboFix2.txt 2008-12-15 01:33
.
Pre-Run: 154,169,823,232 bytes free
Post-Run: 163,896,885,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0E58E7222F510DD7F21B1A001F305B54

cicero_x
Novice
Novice

Status :
Online
Offline

Posts : 21
Joined : 2008-12-14
OS : XP
Points : 29245
# Likes : 0

View user profile

Back to top Go down

Re: First vut.exe, now this

Post by Sneakyone on Tue Jun 21, 2011 3:35 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\TVersitybar
    c:\program files\ConduitEngine
    c:\program files\uTorrentBar

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"=-
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [-HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"=-
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [-HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66BD2442-241B-44CD-8C7A-B51037053CDB}"=-
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
    [-HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=-

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:43902
    uInternet Settings,ProxyOverride = ;*.local

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum