WiredWX Hobby Weather ToolsLog in

 


descriptionwill not load windows updater  Emptywill not load windows updater

more_horiz
had anti malware doctor virus was removed and still can not up date windows also the browsers will not let me post on the fourms here but i can go to google

OTL logfile created on: 7/25/2010 7:06:55 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 282.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 136.97 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.42 Gb Free Space | 17.69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 495.97 Mb Total Space | 483.17 Mb Free Space | 97.42% Space Free | Partition Type: FAT32

Computer Name: LANDYS_SHIT
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 19:03:56 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/25 15:33:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/25 15:33:13 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/25 15:33:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/25 15:33:07 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/25 15:32:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/25 15:32:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/24 10:55:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/24 23:17:46 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/31 05:15:20 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2005/04/12 04:10:22 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/14 16:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 10:55:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/05/31 05:15:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/25 15:32:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/25 15:34:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/25 15:34:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/25 15:34:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/06 18:08:12 | 000,020,480 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/10/19 11:21:41 | 000,005,120 | ---- | M] (F.Y.N. Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver)
DRV - [2009/08/27 10:31:59 | 000,016,384 | ---- | M] (AdwareAway.net) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DiagnosticScan.SYS -- (DiagnosticScan)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/04/15 21:05:42 | 002,564,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/11 20:22:14 | 000,085,248 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.1.7

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/25 16:46:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 19:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 19:04:02 | 000,000,000 | ---D | M]

[2009/10/30 14:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/07/25 17:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\yq8ouv6a.default\extensions
[2010/07/25 17:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\yq8ouv6a.default\extensions\djziggy@gmail.com
[2009/10/30 14:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/25 18:14:24 | 000,414,692 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/31 05:46:09 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{52c96c20-e8cf-11de-8d5b-0013d42007a9}\Shell - "" = AutoRun
O33 - MountPoints2\{52c96c20-e8cf-11de-8d5b-0013d42007a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52c96c20-e8cf-11de-8d5b-0013d42007a9}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{52c96c21-e8cf-11de-8d5b-0013d42007a9}\Shell - "" = AutoRun
O33 - MountPoints2\{52c96c21-e8cf-11de-8d5b-0013d42007a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c8e5c64-c113-11de-8d0f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7c8e5c64-c113-11de-8d0f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c8e5c64-c113-11de-8d0f-806d6172696f}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c8e5c65-c113-11de-8d0f-806d6172696f}\Shell\AutoRun\command - "" = L:\LSSRVC.EXE -- File not found
O33 - MountPoints2\{e20e2997-ddf4-11de-8d4a-0013d42007a9}\Shell - "" = AutoRun
O33 - MountPoints2\{e20e2997-ddf4-11de-8d4a-0013d42007a9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 19:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/25 19:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/25 17:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 17:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/25 16:58:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/25 15:34:23 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/25 15:34:19 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/25 15:34:12 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/25 15:34:09 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/25 15:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/25 15:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/25 15:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/25 13:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/07/25 13:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Threat Expert
[2010/07/25 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/25 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/25 12:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 12:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 12:55:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 12:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 12:55:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 12:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 12:39:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010/07/25 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/25 12:37:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/07/25 12:37:33 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/07/25 12:36:55 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/07/06 18:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/06 18:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/06 18:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/06 18:08:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/06 18:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jaubyaicw
[2010/07/06 18:08:12 | 000,020,480 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2010/07/06 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\FFDDAC535622F8DCEBF1DD82F3A74BCF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 19:12:34 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\wrzcfeu.sys
[2010/07/25 19:09:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/25 19:04:29 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/25 19:03:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 19:02:08 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/07/25 18:14:24 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/25 17:57:39 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/25 17:57:39 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 17:25:29 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2E7E9014-A5E0-4DB8-ADEF-40F7FBC902B9}.job
[2010/07/25 16:48:27 | 062,495,418 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/25 15:34:25 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/25 15:34:25 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/25 15:34:22 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/25 15:34:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/25 15:34:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/25 15:34:09 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/25 15:26:54 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 13:38:28 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/25 13:37:16 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\88212794.job
[2010/07/25 13:37:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 13:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 13:37:02 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/25 13:35:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/25 12:39:38 | 000,118,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100725_123936.reg
[2010/07/25 12:38:06 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2010/07/25 12:29:08 | 004,289,092 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/07/25 12:27:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/24 14:16:12 | 003,742,760 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\commy.exe
[2010/07/24 10:55:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/07/06 20:22:27 | 000,002,723 | ---- | M] () -- C:\WINDOWS\oyuzoweq.dll
[2010/07/06 18:20:37 | 000,002,723 | ---- | M] () -- C:\WINDOWS\uyidukeqodadujo.dll
[2010/07/06 18:11:38 | 000,002,723 | ---- | M] () -- C:\WINDOWS\uceciqusoletunux.dll
[2010/07/06 18:08:12 | 000,020,480 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2010/07/06 18:01:07 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/04 15:19:25 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/30 08:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 19:09:55 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/25 19:04:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/25 17:57:39 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/25 17:57:39 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 15:34:25 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/25 15:34:09 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/25 15:34:03 | 062,495,418 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/25 12:55:04 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 12:39:37 | 000,118,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100725_123936.reg
[2010/07/25 12:38:06 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2010/07/25 12:37:40 | 003,742,760 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\commy.exe
[2010/07/06 20:22:27 | 000,002,723 | ---- | C] () -- C:\WINDOWS\oyuzoweq.dll
[2010/07/06 18:20:37 | 000,002,723 | ---- | C] () -- C:\WINDOWS\uyidukeqodadujo.dll
[2010/07/06 18:11:38 | 000,002,723 | ---- | C] () -- C:\WINDOWS\uceciqusoletunux.dll
[2010/07/06 18:08:28 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\wrzcfeu.sys
[2010/07/06 18:08:20 | 000,000,302 | -H-- | C] () -- C:\WINDOWS\tasks\88212794.job
[2009/10/29 22:38:00 | 000,000,413 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/05/31 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 05:45:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/31 05:45:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/31 05:45:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/31 05:45:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/31 05:45:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/31 05:45:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/31 05:14:43 | 000,015,329 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/31 05:14:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/31 05:14:17 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/31 05:11:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 04:46:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/31 04:38:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/31 04:26:12 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/31 04:24:12 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/31 04:24:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/31 04:23:50 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 13:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/26 17:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/25 19:15:34 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wrzcfeu.sys

< %systemroot%\System32\config\*.sav >
[2005/01/27 21:28:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/27 21:28:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/27 21:28:56 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2005/05/31 05:14:43 | 000,015,329 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/10 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/10 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/05/31 05:46:09 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/24 23:12:24 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/12/28 11:26:06 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/10 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/01/28 05:41:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/25 13:37:02 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/25 14:35:52 | 000,031,412 | ---- | M] () -- C:\hpfr3840.log
[2005/01/28 05:41:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/01/28 05:41:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/25 00:03:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/25 13:36:55 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/25 13:12:44 | 000,000,391 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2009/10/25 01:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\AA
[2010/04/11 15:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/25 01:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/10/25 00:44:57 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/25 15:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2005/05/31 05:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\BackWeb
[2009/10/25 00:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/25 12:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/25 12:59:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/01/27 17:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/10/24 23:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2005/05/31 05:03:53 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/10/24 23:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/05/31 05:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/05/31 04:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2005/05/31 05:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2005/05/31 05:45:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/05/31 05:07:43 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2005/05/31 05:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2010/06/10 22:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/05/31 05:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/10/25 00:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/10/25 00:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/24 23:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/19 17:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2010/07/25 13:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/25 00:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/01/27 21:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/10/25 01:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/05/31 05:08:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Dancer LE
[2005/05/31 05:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/05/31 05:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/07/25 19:04:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2005/05/31 05:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/25 01:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/10/25 01:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/04/03 03:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/25 19:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/10/25 01:13:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2005/01/27 21:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/05/31 05:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/01/27 21:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/10/25 00:19:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/05/31 05:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009/10/25 00:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/05/31 05:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/11 23:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/05/31 05:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2009/10/24 23:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2009/10/25 00:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/05/31 05:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2005/05/31 05:05:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/07/25 18:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 15:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/10/24 23:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2005/01/27 17:38:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/05/31 05:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2009/11/19 17:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2005/05/31 05:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/10/24 22:55:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/25 00:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/01/27 21:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/01/27 17:38:56 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/04/11 15:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2005/01/27 21:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2005/01/27 21:30:22 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2010/04/27 12:25:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/10 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/10 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2009/10/24 23:59:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/10 08:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 02:32:15

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

descriptionwill not load windows updater  EmptyRe: will not load windows updater

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





We need to do some diagnostics to get started.

1. Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

2. Download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • MBRCheck log (2)
  • Cheetah log (3)


Thanks! Smile...
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum