Rootkit Win32:Bubnix-H

Received a pop-up from avast! saying that it found Win:32Bubnix-H[RtK] and asks me if I wanted to delete it, I clicked yes but still receive the same message every so often . I am unable to connect to the internet and the avast! mail scanner icon shows up in my system tray at random times.

OTL

OTL logfile created on: 2010-07-23 5:21:42 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 108.69 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.74 Gb Total Space | 3.74 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EXPLICIT
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-23 04:37:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010-07-22 20:08:44 | 000,219,537 | ---- | M] () -- C:\WINDOWS\szetyj67v.exe
PRC - [2010-06-09 17:46:50 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010-06-09 17:45:59 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009-11-24 13:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-24 13:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-24 13:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-24 13:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-24 13:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-02-27 01:06:42 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008-08-11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008-07-07 15:12:42 | 000,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008-04-13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-09-21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010-07-23 04:37:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008-07-07 15:11:06 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008-04-13 14:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\P.exe -- (P)
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\E.exe -- (E)
SRV - [2010-07-22 20:08:44 | 000,219,537 | ---- | M] () [Auto | Running] -- C:\WINDOWS\szetyj67v.exe -- (NetLog)
SRV - [2010-06-09 17:46:50 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009-11-24 13:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-24 13:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-24 13:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-24 13:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-11-17 12:19:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-08-05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009-04-28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008-09-09 13:49:52 | 000,906,504 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008-09-09 13:49:50 | 000,693,512 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008-08-11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006-08-10 04:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006-08-10 04:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [1998-06-06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\MRVW245.sys -- (MRVW245)
DRV - File not found [Kernel | On_Demand | Running] -- C:\windows\System32\3.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Linksys\WMP300N\GTNDIS5.SYS -- (GTNDIS5)
DRV - File not found [Kernel | Boot | Stopped] -- C:\windows\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010-06-09 17:46:06 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010-01-13 21:02:54 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010-01-13 21:02:52 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010-01-13 21:02:52 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2009-11-24 13:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-24 13:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-24 13:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-24 13:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-24 13:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-24 13:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-08-05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009-04-06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009-03-25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009-03-10 04:57:35 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\windows\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009-02-24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009-02-18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009-02-10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008-08-28 13:16:40 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\windows\System32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008-08-11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-08-11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008-07-23 23:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008-06-23 15:59:08 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008-06-20 01:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008-05-29 17:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008-04-13 08:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-13 08:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 06:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-10 00:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008-02-03 23:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007-12-28 07:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007-10-10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007-09-19 17:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007-06-18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007-04-09 02:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006-09-24 03:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\windows\system32\speedfan.sys -- (speedfan)
DRV - [2006-08-09 04:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006-08-08 09:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006-08-08 09:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006-08-08 09:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006-08-08 09:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006-08-08 09:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006-08-08 09:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006-08-08 09:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006-08-08 09:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006-08-04 08:37:28 | 000,099,208 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2006-08-01 20:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006-08-01 20:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006-08-01 19:46:34 | 000,051,800 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006-07-07 14:24:24 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006-01-07 12:09:50 | 000,007,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Samhid.sys -- (samhid)
DRV - [2005-09-23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-03-09 15:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005-01-07 21:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-12-15 12:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004-12-15 12:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-12-15 12:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004-08-10 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-10 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 02:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003-11-06 23:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [1996-04-03 09:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tmq.bingstart.com/?cfg=2-168-0-14y04
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://tmq.bingstart.com/?cfg=2-168-0-14y04"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBF2A085-5D02-4E75-8960-8312166AE2CA}:1.9.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100207
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=.ZqatOVHZw2NkMiVVsTJ0A&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c861&searchfor="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-star.net/?sid=10101038100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009-02-27 01:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBF2A085-5D02-4E75-8960-8312166AE2CA}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA} [2010-07-22 20:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-23 00:31:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-23 00:31:07 | 000,000,000 | ---D | M]

[2009-09-26 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010-06-29 04:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\88b0jld6.MW2\extensions
[2010-03-10 10:35:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\88b0jld6.MW2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-10 10:39:02 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\88b0jld6.MW2\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010-06-29 04:44:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\88b0jld6.MW2\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-06-26 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions
[2009-09-26 22:04:06 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2009-11-28 07:44:30 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009-09-26 23:23:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-05-20 08:44:12 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009-11-16 21:21:03 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010-02-19 11:39:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-10-21 17:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\FasterFox_Lite@BigRedBrent
[2010-02-19 11:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\nasanightlaunch@example.com
[2010-07-22 18:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mfa8b2hn.MW1\extensions
[2010-06-27 21:39:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mfa8b2hn.MW1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-08 22:06:54 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mfa8b2hn.MW1\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010-05-18 23:59:49 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mfa8b2hn.MW1\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-06-27 21:39:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mfa8b2hn.MW1\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-05-09 09:52:56 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\searchplugins\bing-zugo.xml
[2009-12-21 00:08:59 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\searchplugins\inbox-search.xml
[2009-12-29 12:54:10 | 000,009,977 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\searchplugins\mywebsearch.xml
[2009-11-29 16:43:10 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\searchplugins\sweetim.xml
[2009-11-29 17:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-09-21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010-07-22 01:17:34 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2008-09-13 17:11:30 | 000,264,036 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9157 more lines...
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\A Simple A264019142001\Alarm Clock\MSDXM.OCX ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinner.com/games/v41/mines/mines.cab (Mines Control)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} http://www.worldwinner.com/games/v44/walloffame/walloffame.cab (WallOfFame Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/skillgam/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinner.com/games/v45/moneylist/moneylist.cab (MoneyList Control)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab (SolitaireRush Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab (WWHearts Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228447369906 (WUWebControl Class)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228447031656 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v50/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {B6FA2311-5F85-47D3-B885-7055340FC740} http://www.worldwinner.com/games/v46/grandslam/grandslamtrivia.cab (GrandSlamTrivia Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} http://www.worldwinner.com/games/v50/chess/chess.cab (Chess Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab (H2hPool Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\A Simple A264019142001\Alarm Clock\MSDXM.OCX ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\windows\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-10-27 23:59:12 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{463fa1ac-5834-11de-9696-0018f8a6f077}\Shell - "" = AutoRun
O33 - MountPoints2\{463fa1ac-5834-11de-9696-0018f8a6f077}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{463fa1ac-5834-11de-9696-0018f8a6f077}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{73e9f891-3317-11dc-88f1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{73e9f891-3317-11dc-88f1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5ced691-50ae-11de-9691-0018f8a6f077}\Shell - "" = AutoRun
O33 - MountPoints2\{d5ced691-50ae-11de-9691-0018f8a6f077}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5ced691-50ae-11de-9691-0018f8a6f077}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d86458c0-c05d-11dc-957f-0018f8a6f077}\Shell - "" = AutoRun
O33 - MountPoints2\{d86458c0-c05d-11dc-957f-0018f8a6f077}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (PDBoot.exe) - C:\windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\HP_Administrator\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found



Last edited by iDhitz on 24th July 2010, 4:38 am; edited 1 time in total

OTL cont


MsConfig - StartUpFolder: C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: SkinClock - hkey= - key= - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: PSEXESVC - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: PSEXESVC - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\windows\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\system32\Rundll32.exe c:\windows\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E9B05189-9F29-AE9F-F582-753BD058D95B} - Vector Graphics Rendering (VML)
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EA89635A-08DC-F3C3-D4AA-C9D7DB66445A} - Java (Sun)
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\system32\rundll32.exe" "C:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\windows\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\windows\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.at3 - C:\windows\System32\atrac3.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.dvsd - C:\windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\windows\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\windows\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.mp42 - C:\windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivXNetworks)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69819404975603712)

========== Files/Folders - Created Within 30 Days ==========

[2010-07-23 17:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010-07-23 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010-07-23 00:22:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010-07-22 20:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA}
[2010-07-22 20:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\qwmgwwevi
[2010-07-22 20:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010-07-22 17:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung Electronics
[2010-07-19 20:20:21 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdmdm.sys
[2010-07-19 20:20:21 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdmdfl.sys
[2010-07-19 20:20:21 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdcmnt.sys
[2010-07-19 20:20:21 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdcm.sys
[2010-07-19 20:20:19 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdbus.sys
[2010-07-19 20:20:19 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdwhnt.sys
[2010-07-19 20:20:19 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\windows\System32\drivers\sscdwh.sys
[2010-07-19 20:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010-07-19 20:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Samsung Moment
[2010-07-18 20:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010-07-17 23:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Moccatroller PC
[2006-07-11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2010-07-23 17:24:46 | 000,766,976 | ---- | M] () -- C:\windows\System32\drivers\nnshqyy.sys
[2010-07-23 17:12:30 | 000,557,306 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010-07-23 17:12:30 | 000,467,076 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010-07-23 17:12:30 | 000,080,182 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010-07-23 17:11:26 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-23 17:08:00 | 000,000,436 | ---- | M] () -- C:\windows\tasks\Updater.job
[2010-07-23 17:07:23 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-23 17:07:20 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010-07-23 17:06:39 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010-07-23 17:06:38 | 2138,427,392 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-23 04:34:25 | 014,155,776 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010-07-23 04:34:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010-07-23 00:40:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2010-07-23 00:12:57 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2010-07-23 00:09:31 | 000,000,000 | ---- | M] () -- C:\windows\Ifolilulokuzoxu.bin
[2010-07-22 23:54:39 | 000,001,174 | ---- | M] () -- C:\windows\win.ini
[2010-07-22 23:54:39 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2010-07-22 23:54:39 | 000,000,246 | ---- | M] () -- C:\windows\SYSTEM.INI
[2010-07-22 21:24:04 | 000,002,499 | ---- | M] () -- C:\windows\lsrslt.ini
[2010-07-22 20:10:01 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010-07-22 20:08:44 | 000,219,537 | ---- | M] () -- C:\windows\szetyj67v.exe
[2010-07-22 17:54:19 | 000,001,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SWUpgrade.lnk
[2010-07-18 20:45:11 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\YouTube Downloader.lnk
[2010-07-18 00:05:56 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Moccatroller.cfg
[2010-07-16 19:22:28 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010-07-11 19:10:15 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2010-07-11 18:39:02 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010-07-23 04:10:37 | 2138,427,392 | -HS- | C] () -- C:\hiberfil.sys
[2010-07-23 00:40:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2010-07-23 00:12:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2010-07-22 21:24:04 | 000,002,499 | ---- | C] () -- C:\windows\lsrslt.ini
[2010-07-22 20:10:11 | 000,766,976 | ---- | C] () -- C:\windows\System32\drivers\nnshqyy.sys
[2010-07-22 20:08:44 | 000,219,537 | ---- | C] () -- C:\windows\szetyj67v.exe
[2010-07-22 20:08:30 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010-07-22 20:08:16 | 000,000,436 | ---- | C] () -- C:\windows\tasks\Updater.job
[2010-07-22 17:54:19 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SWUpgrade.lnk
[2010-07-18 20:45:11 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\YouTube Downloader.lnk
[2010-07-17 23:44:15 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Moccatroller.cfg
[2009-09-16 22:41:24 | 000,006,827 | ---- | C] () -- C:\windows\hpdj3600.ini
[2009-09-16 22:39:12 | 000,000,522 | ---- | C] () -- C:\windows\hpbvspst.ini
[2009-09-02 17:01:33 | 000,000,185 | ---- | C] () -- C:\windows\mdm.ini
[2009-04-06 15:50:51 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2009-03-03 12:18:04 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009-02-26 06:53:04 | 000,163,712 | ---- | C] () -- C:\windows\System32\drivers\vidstub.sys
[2008-07-13 08:29:10 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2008-07-07 15:11:32 | 002,854,912 | ---- | C] () -- C:\windows\System32\btwicons.dll
[2008-03-25 08:29:08 | 000,000,025 | ---- | C] () -- C:\windows\cdplayer.ini
[2008-03-05 10:49:02 | 000,000,051 | ---- | C] () -- C:\windows\iTouch.ini
[2008-02-03 12:06:22 | 000,094,208 | ---- | C] () -- C:\windows\System32\GTW32N50.dll
[2008-01-02 18:32:01 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007-12-29 03:15:58 | 000,000,194 | ---- | C] () -- C:\windows\System32\sam.ini
[2007-12-29 03:14:19 | 000,487,424 | ---- | C] () -- C:\windows\System32\FDRpage.dll
[2007-12-29 03:14:19 | 000,007,548 | ---- | C] () -- C:\windows\System32\drivers\Samhid.sys
[2007-12-03 07:19:43 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2007-12-03 07:19:43 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2007-09-27 10:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007-09-27 10:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007-09-27 10:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007-09-23 17:45:07 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2007-08-30 01:43:23 | 000,000,274 | ---- | C] () -- C:\windows\TheMatrix.ini
[2007-08-27 11:39:01 | 000,086,016 | ---- | C] () -- C:\windows\System32\preflib.dll
[2007-08-27 11:39:00 | 000,757,760 | ---- | C] () -- C:\windows\System32\bcm1xsup.dll
[2007-08-12 21:21:29 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2007-08-12 06:03:05 | 000,000,227 | ---- | C] () -- C:\windows\HP_CounterReport_Update_HPSU.ini
[2007-08-12 06:02:49 | 000,000,214 | ---- | C] () -- C:\windows\HP_48BitScanUpdatePatch.ini
[2007-08-12 06:01:08 | 000,000,214 | ---- | C] () -- C:\windows\HP_InstantSHareJPG.ini
[2007-08-12 06:00:52 | 000,000,217 | ---- | C] () -- C:\windows\HP_IZClosingDiscErrorPatch.ini
[2007-08-12 05:59:22 | 000,000,221 | ---- | C] () -- C:\windows\HP_RedboxHprblog_HPSU.ini
[2007-07-28 22:32:58 | 000,000,073 | ---- | C] () -- C:\windows\webica.ini
[2007-07-22 04:13:05 | 000,000,555 | ---- | C] () -- C:\windows\SysMech6.INI
[2007-07-16 00:07:21 | 000,056,056 | ---- | C] () -- C:\windows\System32\DLAAPI_W.DLL
[2006-08-15 19:47:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2006-08-09 04:19:50 | 000,520,192 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Roxio.dll
[2006-08-09 04:19:50 | 000,204,800 | ---- | C] () -- C:\windows\System32\CddbFileTaggerRoxio.dll
[2006-08-09 01:00:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\besched.dll
[2005-10-28 00:26:01 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005-10-28 00:02:06 | 000,014,317 | ---- | C] () -- C:\windows\System32\CHODDI.SYS
[2005-10-28 00:01:58 | 000,045,056 | ---- | C] () -- C:\windows\System32\hpreg.dll
[2005-10-27 23:59:55 | 000,000,180 | ---- | C] () -- C:\windows\Quicken.ini
[2005-10-27 23:55:08 | 000,000,636 | ---- | C] () -- C:\windows\ODBC.INI
[2005-10-27 23:44:11 | 000,000,265 | ---- | C] () -- C:\windows\wininit.ini
[2005-10-27 23:30:32 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2005-10-27 23:11:34 | 000,000,791 | ---- | C] () -- C:\windows\orun32.ini
[2005-10-27 23:06:14 | 000,323,584 | ---- | C] () -- C:\windows\System32\pythoncom22.dll
[2005-10-27 23:06:14 | 000,094,208 | ---- | C] () -- C:\windows\System32\pywintypes22.dll
[2005-10-27 23:05:55 | 000,016,896 | ---- | C] () -- C:\windows\System32\bcbmm.dll
[2005-08-05 14:01:54 | 000,235,008 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2005-07-15 08:35:56 | 000,696,320 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2005-07-15 08:35:56 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2005-07-15 08:35:24 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2005-05-09 20:52:32 | 000,022,396 | ---- | C] () -- C:\windows\System32\drivers\USBkey.sys
[2005-02-17 12:41:32 | 000,000,603 | ---- | C] () -- C:\windows\System32\BTNeighborhood.dll.manifest
[2005-02-17 12:41:30 | 000,000,593 | ---- | C] () -- C:\windows\System32\btcss.dll.manifest
[2004-07-26 19:51:38 | 000,000,560 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2003-10-02 01:00:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\lockout.dll
[2003-10-02 01:00:00 | 000,045,056 | ---- | C] () -- C:\windows\System32\lockres.dll
[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2001-07-06 19:30:00 | 000,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini
[1999-07-05 00:00:00 | 000,075,334 | ---- | C] () -- C:\windows\System32\mfc45.dll
[1998-06-10 00:00:00 | 000,015,120 | ---- | C] () -- C:\windows\System32\REPUTIL.DLL
[1998-05-18 00:00:00 | 000,014,017 | ---- | C] () -- C:\windows\JAUTOEXP.INI
[1998-04-24 00:00:00 | 000,000,218 | ---- | C] () -- C:\windows\FRONTPG.INI
[1996-04-03 09:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010-07-23 17:26:02 | 000,766,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nnshqyy.sys

< %systemroot%\System32\config\*.sav >
[2004-11-16 17:20:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-11-16 17:20:24 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-11-16 17:20:24 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004-08-10 09:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006-10-12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmwl5.sys
[2005-10-28 00:02:06 | 000,014,317 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004-08-10 09:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[1996-04-03 09:33:26 | 000,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys
[2003-09-25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys
[2004-08-10 09:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004-08-10 09:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004-08-10 09:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004-08-10 09:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004-08-10 09:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004-08-10 09:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004-08-10 09:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004-08-10 09:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004-08-10 09:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004-08-10 09:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004-08-10 09:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004-08-10 09:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004-08-10 09:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2006-09-24 03:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys
[2008-04-13 08:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009-08-14 03:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008-04-13 14:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008-04-13 14:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008-04-13 14:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008-04-13 14:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008-04-13 14:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008-04-13 14:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008-04-13 14:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008-04-13 14:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008-04-13 14:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008-04-13 14:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008-04-13 14:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008-04-13 14:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008-04-13 14:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008-04-13 14:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008-04-13 14:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010-04-26 18:44:40 | 000,001,024 | ---- | M] () -- C:\.rnd
[2005-10-27 23:59:12 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-07-15 11:14:06 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010-07-22 23:54:39 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2004-08-10 05:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004-11-17 01:32:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-03-01 18:46:39 | 000,013,940 | ---- | M] () -- C:\DTLog.txt
[2010-07-23 17:06:38 | 2138,427,392 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-06 21:00:30 | 000,004,198 | ---- | M] () -- C:\hpfr3600.log
[2004-11-17 01:32:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-03-11 10:08:04 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2010-05-09 10:08:17 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004-11-17 01:32:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008-09-13 18:33:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-07-23 17:06:36 | 2621,440,000 | -HS- | M] () -- C:\pagefile.sys
[2010-07-22 20:10:01 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %PROGRAMFILES%\*. >
[2009-08-22 11:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010-04-27 21:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\a-squared Free
[2009-11-17 12:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009-11-17 12:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009-08-03 19:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Agnitum
[2002-01-01 00:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010-01-27 07:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Atomic Alarm Clock
[2009-02-23 12:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\AVSMedia
[2009-02-28 16:38:00 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2007-07-15 19:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009-12-13 11:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2009-08-16 17:19:03 | 000,000,000 | ---D | M] -- C:\Program Files\BVRP Software
[2010-05-18 21:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2007-09-02 21:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010-07-19 20:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009-09-02 17:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010-02-19 09:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007-07-15 19:46:23 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010-06-14 21:34:05 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2007-07-15 23:57:17 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007-12-30 04:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab Platinum 4
[2009-07-31 23:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Cleaner 2.0
[2007-07-15 19:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2010-01-12 15:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009-12-28 16:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\Exact Audio Copy
[2008-12-18 02:32:15 | 000,000,000 | ---D | M] -- C:\Program Files\Exact Audio Copy PSP Edition
[2007-11-30 00:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\FreshDevices
[2010-05-18 22:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire
[2008-05-18 00:48:02 | 000,000,000 | ---D | M] -- C:\Program Files\Game Elements
[2009-02-15 08:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\GameHouse
[2010-03-12 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008-06-04 21:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Guild Wars
[2009-09-30 17:18:04 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009-09-16 22:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009-08-22 11:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010-05-18 21:31:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallJammer Registry
[2010-07-22 17:54:22 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007-07-15 19:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2010-02-06 18:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007-07-15 19:47:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009-11-09 18:04:10 | 000,000,000 | ---D | M] -- C:\Program Files\JADMaker
[2009-09-25 20:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010-06-03 21:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2007-09-23 03:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\KSAW
[2009-08-03 18:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010-07-23 00:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2010-02-17 20:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2007-07-15 23:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010-05-09 10:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008-09-13 18:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009-09-03 01:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009-08-28 09:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007-07-27 01:26:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2007-07-15 19:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007-07-15 19:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2005
[2009-03-23 07:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009-09-03 01:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010-02-06 18:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009-07-31 22:29:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009-09-02 16:56:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009-03-23 07:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009-07-22 10:47:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009-03-23 07:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010-05-09 09:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mind Quiz
[2009-08-03 18:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\Minilyrics
[2008-11-25 23:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\MKVTOAVI
[2010-07-17 23:54:35 | 000,000,000 | ---D | M] -- C:\Program Files\Moccatroller PC
[2008-09-13 18:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010-07-23 00:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009-03-23 07:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009-09-30 17:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2007-07-15 19:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007-07-15 19:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2007-07-15 19:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007-07-27 01:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007-08-11 18:04:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007-07-15 19:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009-08-24 22:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mystery Case Files - Ravenhearst
[2007-12-31 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009-09-03 03:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009-08-12 22:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007-07-15 19:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2007-07-15 19:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2010-03-07 09:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\POP Peeper
[2007-07-15 21:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2007-07-15 19:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010-01-12 19:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009-02-22 20:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Raxco
[2009-07-04 19:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007-08-11 17:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008-10-15 23:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2007-07-16 00:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009-02-17 14:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\Runtime Software
[2010-07-22 17:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung Electronics
[2009-09-27 21:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2007-07-16 00:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2007-07-15 19:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010-07-23 17:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2010-05-18 21:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2010-07-23 00:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009-02-26 06:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2009-12-02 04:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010-01-09 22:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\The GodFather
[2010-04-27 21:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\Trillian
[2007-07-15 19:48:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009-12-24 12:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2007-07-15 19:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2007-11-28 21:04:23 | 000,000,000 | ---D | M] -- C:\Program Files\utorrent
[2007-07-15 20:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009-09-03 02:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2009-04-25 12:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2007-07-23 09:22:55 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009-09-02 16:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2010-05-20 07:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2007-07-15 19:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009-07-22 11:09:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009-09-30 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009-09-03 01:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009-09-28 20:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009-07-31 22:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010-07-17 23:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007-07-19 11:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008-09-13 18:34:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007-07-15 19:48:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2007-07-15 19:48:34 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007-09-22 14:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007-08-30 01:09:20 | 000,000,000 | ---D | M] -- C:\Program Files\Wordster
[2007-11-28 22:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\WordWeb
[2007-07-15 19:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009-02-22 21:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2007-12-30 21:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2007-11-28 09:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\YourWare Solutions
[2010-07-18 20:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2010-03-09 18:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Zynga

< %appdata%\*.* >
[2010-07-23 00:12:57 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2004-11-16 17:21:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004-08-10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004-08-10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 08:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 08:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004-08-10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 08:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 08:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-10 09:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004-08-10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004-08-10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004-08-10 09:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008-04-13 08:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008-04-13 08:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-13 14:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 14:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-13 14:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-10 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005-03-09 15:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\hp\drivers\Intel_Emery_RAID_v5.0.0.1032\RAID\iaStor.sys
[2005-03-09 15:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: LOGEVENT.DLL >
[2008-04-13 14:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2008-04-13 14:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 14:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-10 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004-08-10 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-13 14:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 14:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004-08-10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004-08-10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008-09-13 18:27:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004-08-04 03:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008-04-13 08:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008-04-13 08:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-03 00:23:26

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
< End of report >

Hi, Welcome to GeekPolice.net!

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  PRC - [2010-07-22 20:08:44 | 000,219,537 | ---- | M] () -- C:\WINDOWS\szetyj67v.exe
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
  
  :services
  SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\P.exe -- (P)
  SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\E.exe -- (E)
  SRV - [2010-07-22 20:08:44 | 000,219,537 | ---- | M] () [Auto | Running] -- C:\WINDOWS\szetyj67v.exe -- (NetLog)
  
  :Files
  C:\WINDOWS\szetyj67v.exe
  C:\WINDOWS\system32\drivers\nnshqyy.sys
  C:\windows\lsrslt.ini
  C:\zrpt.xml
  
  :commands
  [emptytemp]
  [resethosts]
  [reboot]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive please move on to ComboFix.

=========

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

OTL kept freezing up, so I did the scan with Combofix. It found the rootkit and tried to remove it but I received a pop-up from advast! as it was turned back on. Here is the log from Combofix


ComboFix 10-07-23.02 - HP_Administrator 2010-07-23 23:34:33.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1443 [GMT -10:00]
Running from: c:\documents and settings\HP_Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: avast! antivirus 4.8.1368 [VPS 100722-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA}
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan\n.gif
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan\t.gif
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan\y.gif
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{BBF2A085-5D02-4E75-8960-8312166AE2CA}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Install.txt
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\uxeqobycep.scr

Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
-------\Legacy_E
-------\Legacy_NETLOG
-------\Service_E
-------\Service_NetLog


((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-24 08:58 . 2010-07-24 08:58 -------- d-----w- C:\_OTL
2010-07-24 04:25 . 2010-05-26 20:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-07-24 03:08 . 2010-07-24 03:08 -------- d-----w- c:\program files\Sophos
2010-07-23 10:40 . 2010-07-23 10:40 -------- d-----w- c:\program files\SpywareBlaster
2010-07-23 06:10 . 2010-07-24 09:45 766976 ----a-w- c:\windows\system32\drivers\nnshqyy.sys
2010-07-23 06:08 . 2010-07-23 06:08 219537 ----a-w- c:\windows\szetyj67v.exe
2010-07-23 06:08 . 2010-07-23 07:34 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\qwmgwwevi
2010-07-23 06:08 . 2010-07-23 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-23 03:54 . 2010-07-23 03:54 -------- d-----w- c:\program files\Samsung Electronics
2010-07-20 06:20 . 2010-01-14 07:02 14848 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-07-20 06:20 . 2010-01-14 07:02 12416 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-07-20 06:20 . 2010-01-14 07:02 12416 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-07-20 06:20 . 2010-01-14 07:02 123648 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-07-20 06:20 . 2010-01-14 07:02 12288 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-07-20 06:20 . 2010-01-14 07:02 12288 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-07-20 06:20 . 2010-01-14 07:02 98560 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-07-20 06:20 . 2010-07-20 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2010-07-19 06:45 . 2010-07-19 06:45 -------- d-----w- c:\program files\YouTube Downloader
2010-07-18 09:44 . 2010-07-18 09:54 -------- d-----w- c:\program files\Moccatroller PC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 06:25 . 2009-02-15 18:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-23 14:34 . 2008-03-11 19:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-23 10:09 . 2010-04-27 04:44 -------- d-----w- c:\program files\LogMeIn
2010-07-23 10:09 . 2009-09-20 18:20 0 ----a-w- c:\windows\Ifolilulokuzoxu.bin
2010-07-23 03:54 . 2007-07-16 05:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 06:19 . 2010-07-20 06:19 53248 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{64C85B95-E971-4705-B3ED-D4A0153C0D5B}\ARPPRODUCTICON.exe
2010-07-20 06:18 . 2009-08-01 09:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2010-07-18 09:56 . 2007-07-17 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-17 06:55 . 2007-07-16 06:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2010-07-12 06:26 . 2007-07-16 09:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso
2010-06-22 05:27 . 2007-09-23 05:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dvdcss
2010-06-20 15:27 . 2009-03-10 15:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2010-06-15 07:34 . 2010-01-12 13:50 -------- d-----w- c:\program files\Defraggler
2010-06-10 03:46 . 2010-04-27 04:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 03:46 . 2010-04-27 04:44 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 03:46 . 2010-04-27 04:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-04 07:45 . 2009-02-27 19:10 -------- d-----w- c:\program files\JetAudio
2010-05-22 05:23 . 2009-10-07 00:33 1055744 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\bigmoney\BigMoney.dll
2010-04-30 01:39 . 2002-01-01 10:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 01:39 . 2002-01-01 10:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 08:44 . 2009-09-20 08:44 19937 ----a-w- c:\program files\Common Files\topihafek.dl
2009-09-20 08:44 . 2009-09-20 08:44 17581 ----a-w- c:\program files\Common Files\dutidoj.db
2009-09-20 08:44 . 2009-09-20 08:44 17308 ----a-w- c:\program files\Common Files\exirutuj.exe
2009-09-20 08:35 . 2009-09-20 08:35 15910 ----a-w- c:\program files\Common Files\pefo.lib
2006-03-10 05:59 . 2007-07-15 21:07 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 22:05 2353176 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-27 160592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\fcde06e5-0683-4925-ae4c-1efce00e4c5d.exe" [2009-12-02 2001648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-27 270336]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 03:46 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\HP_Administrator\Application Data\iolo\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 23:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
2008-09-30 10:29 1739776 ----a-w- c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"c:\\Program Files\\Roxio\\Audio Master 9\\DVDMusicAssistant9.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\Downloads\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-08-03 7:11 PM 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-08-03 7:44 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 4:17 PM 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-07-23 6:25 PM 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-08-03 7:11 PM 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-08-03 7:42 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-08-03 7:44 PM 257432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 4:17 PM 7408]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-08-03 7:42 PM 1195008]
S2 gupdate1c9ac7991adc6b8;Google Update Service (gupdate1c9ac7991adc6b8);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 2:10 AM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-08-11 12856]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-08-28 1:50 PM 42112]
S3 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 1:49 PM 693512]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 1:49 PM 906504]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 7:02 AM 287232]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2007-12-29 3:14 AM 7548]
S4 P;P;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\P.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\P.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - nnshqyy
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 12:10]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 12:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://tmq.bingstart.com/?cfg=2-168-0-14y04
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: live.com\onecare
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://tmq.bingstart.com/?cfg=2-168-0-14y04
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=.ZqatOVHZw2NkMiVVsTJ0A&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c861&searchfor=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 23:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nnshqyy]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,11,d8,5c,97,93,32,4b,ba,33,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,11,d8,5c,97,93,32,4b,ba,33,6f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\igfxsrvc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-07-23 23:52:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 09:51

Pre-Run: 118,085,271,552 bytes free
Post-Run: 117,975,003,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\windows="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - AB0B617EC4F94E2045E647E99508C534

Hi,

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Killall::
   
   File::
   c:\windows\system32\drivers\nnshqyy.sys
   c:\windows\szetyj67v.exe
   c:\windows\Ifolilulokuzoxu.bin
   c:\program files\Common Files\topihafek.dl
   c:\program files\Common Files\dutidoj.db
   c:\program files\Common Files\exirutuj.exe
   c:\program files\Common Files\pefo.lib
   c:\windows\system32\3.tmp
   c:\docume~1\HP_ADM~1\LOCALS~1\Temp\P.exe
   
   Folder::
   c:\documents and settings\HP_Administrator\Local Settings\Application Data\qwmgwwevi
   c:\program files\Zynga
   
   Registry::
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
   "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
   [-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
   "{7B13EC3E-999A-4B70-B9CB-2617B8323822}"=-
   [-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
   [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
   [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nnshqyy]
   
   DDS::
   uInternet Settings,ProxyServer = http=127.0.0.1:5643
   uInternet Settings,ProxyOverride =
   
   Driver::
   MEMSWEEP2
   P
   
   Reboot::
   
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

ComboFix 10-07-23.02 - HP_Administrator 2010-07-24 7:48.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1560 [GMT -10:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\commy.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100722-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

FILE ::
"c:\docume~1\HP_ADM~1\LOCALS~1\Temp\P.exe"
"c:\program files\Common Files\dutidoj.db"
"c:\program files\Common Files\exirutuj.exe"
"c:\program files\Common Files\pefo.lib"
"c:\program files\Common Files\topihafek.dl"
"c:\windows\Ifolilulokuzoxu.bin"
"c:\windows\system32\3.tmp"
"c:\windows\system32\drivers\nnshqyy.sys"
"c:\windows\szetyj67v.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Local Settings\Application Data\qwmgwwevi
c:\program files\Common Files\dutidoj.db
c:\program files\Common Files\exirutuj.exe
c:\program files\Common Files\pefo.lib
c:\program files\Common Files\topihafek.dl
c:\program files\Zynga
c:\program files\Zynga\INSTALL.LOG
c:\program files\Zynga\tbZyng.dll
c:\program files\Zynga\toolbar.cfg
c:\program files\Zynga\UNWISE.EXE
c:\program files\Zynga\ZyngaToolbarHelper.exe
c:\windows\Ifolilulokuzoxu.bin
c:\windows\system32\drivers\nnshqyy.sys
c:\windows\szetyj67v.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Legacy_P
-------\Service_P
-------\Legacy_nnshqyy
-------\Service_nnshqyy


((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-24 08:58 . 2010-07-24 08:58 -------- d-----w- C:\_OTL
2010-07-24 04:25 . 2010-05-26 20:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-07-24 03:08 . 2010-07-24 03:08 -------- d-----w- c:\program files\Sophos
2010-07-23 10:40 . 2010-07-23 10:40 -------- d-----w- c:\program files\SpywareBlaster
2010-07-23 06:08 . 2010-07-23 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-23 03:54 . 2010-07-23 03:54 -------- d-----w- c:\program files\Samsung Electronics
2010-07-20 06:20 . 2010-01-14 07:02 14848 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-07-20 06:20 . 2010-01-14 07:02 12416 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-07-20 06:20 . 2010-01-14 07:02 12416 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-07-20 06:20 . 2010-01-14 07:02 123648 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-07-20 06:20 . 2010-01-14 07:02 12288 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-07-20 06:20 . 2010-01-14 07:02 12288 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-07-20 06:20 . 2010-01-14 07:02 98560 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-07-20 06:20 . 2010-07-20 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2010-07-20 06:19 . 2010-07-20 06:19 53248 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{64C85B95-E971-4705-B3ED-D4A0153C0D5B}\ARPPRODUCTICON.exe
2010-07-19 06:45 . 2010-07-19 06:45 -------- d-----w- c:\program files\YouTube Downloader
2010-07-18 09:44 . 2010-07-18 09:54 -------- d-----w- c:\program files\Moccatroller PC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 10:29 . 2010-04-27 04:44 -------- d-----w- c:\program files\LogMeIn
2010-07-24 06:25 . 2009-02-15 18:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-23 14:34 . 2008-03-11 19:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-23 03:54 . 2007-07-16 05:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 06:18 . 2009-08-01 09:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2010-07-18 09:56 . 2007-07-17 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-17 06:55 . 2007-07-16 06:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2010-07-12 06:26 . 2007-07-16 09:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso
2010-06-22 05:27 . 2007-09-23 05:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dvdcss
2010-06-20 15:27 . 2009-03-10 15:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2010-06-15 07:34 . 2010-01-12 13:50 -------- d-----w- c:\program files\Defraggler
2010-06-10 03:46 . 2010-04-27 04:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 03:46 . 2010-04-27 04:44 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 03:46 . 2010-04-27 04:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-04 07:45 . 2009-02-27 19:10 -------- d-----w- c:\program files\JetAudio
2010-05-22 05:23 . 2009-10-07 00:33 1055744 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\bigmoney\BigMoney.dll
2010-04-30 01:39 . 2002-01-01 10:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 01:39 . 2002-01-01 10:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-03-10 05:59 . 2007-07-15 21:07 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2010-07-24_09.44.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-24 17:43 . 2010-07-24 17:43 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
+ 2010-07-24 17:57 . 2010-07-24 17:57 16384 c:\windows\temp\Perflib_Perfdata_764.dat
+ 2005-06-07 06:55 . 2010-07-24 09:54 80182 c:\windows\system32\perfc009.dat
- 2005-06-07 06:55 . 2010-07-24 09:29 80182 c:\windows\system32\perfc009.dat
+ 2005-06-07 06:55 . 2010-07-24 09:54 467076 c:\windows\system32\perfh009.dat
- 2005-06-07 06:55 . 2010-07-24 09:29 467076 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-27 160592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\fcde06e5-0683-4925-ae4c-1efce00e4c5d.exe" [2009-12-02 2001648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-27 270336]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 03:46 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\HP_Administrator\Application Data\iolo\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 23:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
2008-09-30 10:29 1739776 ----a-w- c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"c:\\Program Files\\Roxio\\Audio Master 9\\DVDMusicAssistant9.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\Downloads\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-08-03 7:11 PM 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-08-03 7:44 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 4:17 PM 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-07-23 6:25 PM 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-08-03 7:11 PM 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-08-11 12856]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-08-03 7:42 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-08-03 7:44 PM 257432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 4:17 PM 7408]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-08-03 7:42 PM 1195008]
S2 gupdate1c9ac7991adc6b8;Google Update Service (gupdate1c9ac7991adc6b8);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 2:10 AM 133104]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-08-28 1:50 PM 42112]
S3 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 1:49 PM 693512]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 1:49 PM 906504]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 7:02 AM 287232]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2007-12-29 3:14 AM 7548]
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 12:10]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 12:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://tmq.bingstart.com/?cfg=2-168-0-14y04
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: live.com\onecare
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://tmq.bingstart.com/?cfg=2-168-0-14y04
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=.ZqatOVHZw2NkMiVVsTJ0A&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c861&searchfor=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eo6tdafs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Zynga Toolbar - c:\progra~1\Zynga\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 07:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,11,d8,5c,97,93,32,4b,ba,33,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,11,d8,5c,97,93,32,4b,ba,33,6f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-24 08:03:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 18:02
ComboFix2.txt 2010-07-24 09:52

Pre-Run: 117,982,007,296 bytes free
Post-Run: 117,944,659,968 bytes free

- - End Of File - - 3ECB4BDE8980BECC534E865024545168

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Here is mbam log. While scanning avast! found rootkit again.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4375

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2010 9:45:39 AM
mbam-log-2010-07-31 (09-45-39).txt

Scan type: Quick scan
Objects scanned: 162522
Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

After accepting terms and clicking start a second IE opens and tries to load. But I get an Application Error. With the message,
"The instruction at "0x06960068" referenced memory at"0x06960068" .The memory could not be "written".

Click OK to terminate program
click CANCEL to debug the program

What should I do?

Hi.

Please do this instead.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.

Kaspersky Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 31, 2010 23:31:19
Records in database: 4178720
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 139561
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:52:44


File name / Threat / Threats count
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\vnc-4_1_3-x86_win32\vnc-4_1_3-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1

Selected area has been scanned.

Hi.

What is your use for this?

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\vnc-4_1_3-x86_win32\vnc-4_1_3-x86_win32.exe

If you have no use for it, please delete it.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

============

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit Here

Thank you very much for all your help. Could you please recommend a good antivirus and firewall. Looking for freeware.

Hi.

You're welcome, glad to help.

Please only choose one from each:
AV:
1. Microsoft Security Essentials
2. AVG Free
3. Avast!
FW:
1. Tallemu Online Armor
2. Comodo Firewall