addl logs in addl posts

3 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:17 pm

Following are results of initial scans. (Note regarding aswMBR: program did not complete, error message included below.) I will await further instructions. Thanks for your help.

Patricia

OTL LOG:

OTL logfile created on: 10/19/2011 2:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 513.49 Mb Available Physical Memory | 50.22% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 114.05 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\3129287989:3403315781.exe
PRC - [2011/10/19 14:42:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.com
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 14:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 14:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 14:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 14:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,109,568 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/27 17:24:34 | 000,471,040 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 12:54:52 | 000,364,544 | ---- | M] (Atheros Communications, Inc.) [Auto | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)

========== Driver Services (SafeList) ==========

DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 17:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 04:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 05:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 05:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 18:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 07:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 01:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 01:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 16:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 12:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 13:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|https://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=E2FCB7F1-34BC-45E8-896C-624F6D10A903&apn_ptnrs=WK&apn_sauid=A2A408A3-55EA-4D04-97E9-994A09157858&apn_dtid=YYYYYYYYUS&&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 09:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 11:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 19:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/12/11 12:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 12:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/07 11:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 20:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 19:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 11:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2011/10/14 01:03:45 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\toolbar@ask.com
[2011/10/19 13:40:35 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\askcom.xml
[2010/01/23 23:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 15:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/07/18 00:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 19:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 15:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 15:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 12:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/02/28 13:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 02:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 23:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 09:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 18:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 11:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

O1 HOSTS File: ([2010/12/04 19:28:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 05:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/18 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/18 16:29:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 13:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/19 13:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 13:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/19 13:50:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3129287989
[2011/10/19 13:50:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 23:04:52 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:33 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/10/18 23:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/18 22:55:44 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/10/18 22:55:44 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/10/18 22:51:55 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/10/18 22:41:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 22:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/10/18 20:40:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/10/18 20:39:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 20:38:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/18 20:19:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/18 16:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/17 10:48:26 | 000,022,393 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FASCISM.jpg
[2011/10/16 10:53:55 | 000,049,567 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\little sheet heads.jpg
[2011/10/16 09:47:47 | 000,008,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\original computer.jpg
[2011/10/15 11:26:19 | 000,037,335 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\love love love.jpg
[2011/10/14 12:35:57 | 000,017,087 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\strong stupidity.jpg
[2011/10/13 16:57:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/13 16:16:15 | 000,019,096 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sick bastard.jpg
[2011/10/12 21:44:00 | 000,016,341 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\compassion point of view.jpg
[2011/10/12 18:19:18 | 000,014,569 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Charlie Brown.jpg
[2011/10/12 17:56:07 | 000,025,131 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\idiot dig shit !.jpg
[2011/10/10 18:12:01 | 000,025,648 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\f*** kids !!.jpg
[2011/10/08 19:13:05 | 000,157,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Steve Jobs life.php
[2011/10/08 18:15:38 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Atheism.lnk
[2011/10/08 17:30:56 | 000,055,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\You're next.jpg
[2011/10/08 15:06:33 | 000,018,558 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\St. Peter & Steve Jobs.jpg
[2011/10/08 10:45:33 | 000,007,556 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\hope and change - socialism.jpg
[2011/10/07 15:10:44 | 000,074,276 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\never give up.jpg
[2011/10/02 13:34:52 | 000,027,801 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Atheism.jpg
[2011/09/25 14:32:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 13:45:32 | 000,015,541 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FEMINE PROTECTION.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:19 pm

Addl. log...:

========== Files Created - No Company Name ==========

[2011/10/18 16:32:21 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/18 16:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3129287989
[2011/10/17 10:48:24 | 000,022,393 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FASCISM.jpg
[2011/10/16 10:53:54 | 000,049,567 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\little sheet heads.jpg
[2011/10/16 09:47:45 | 000,008,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\original computer.jpg
[2011/10/15 11:26:17 | 000,037,335 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\love love love.jpg
[2011/10/14 12:35:55 | 000,017,087 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\strong stupidity.jpg
[2011/10/13 16:16:13 | 000,019,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sick bastard.jpg
[2011/10/12 21:44:00 | 000,016,341 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\compassion point of view.jpg
[2011/10/12 18:19:17 | 000,014,569 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Charlie Brown.jpg
[2011/10/12 17:56:06 | 000,025,131 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\idiot dig shit !.jpg
[2011/10/10 18:11:58 | 000,025,648 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\f*** kids !!.jpg
[2011/10/08 19:13:05 | 000,157,573 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Steve Jobs life.php
[2011/10/08 18:15:38 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Atheism.lnk
[2011/10/08 17:30:55 | 000,055,553 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\You're next.jpg
[2011/10/08 15:06:32 | 000,018,558 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\St. Peter & Steve Jobs.jpg
[2011/10/08 10:45:32 | 000,007,556 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\hope and change - socialism.jpg
[2011/10/07 15:10:41 | 000,074,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\never give up.jpg
[2011/10/02 13:34:50 | 000,027,801 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Atheism.jpg
[2011/09/22 13:45:31 | 000,015,541 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FEMINE PROTECTION.jpg
[2010/12/01 19:45:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/11/03 21:19:53 | 000,000,421 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2010/09/28 14:08:21 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/09 15:29:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/08 16:44:02 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/02/05 18:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/23 23:30:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vfidag.dat
[2010/01/23 23:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoneciduwaton.bin
[2009/07/08 11:58:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 10:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/21 19:11:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/24 11:27:08 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 17:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/17 14:19:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/03/28 21:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/24 14:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/02 13:17:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/30 15:20:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/17 18:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2007/05/14 11:59:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 13:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 13:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 13:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 13:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 13:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 13:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 13:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 13:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 13:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 13:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/09/01 18:38:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2006/08/12 00:57:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/12 00:56:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/12 00:56:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/13 22:20:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/13 20:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/27 22:02:50 | 000,005,717 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/04/27 22:02:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/03/14 19:14:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/02/27 23:58:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 17:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/12 17:14:13 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/12 17:14:06 | 000,003,892 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/27 12:16:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/01/27 12:12:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 05:56:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 05:40:13 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/01/13 05:39:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/13 05:39:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/13 05:24:05 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/13 05:24:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/13 05:18:40 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/13 05:18:40 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/13 05:16:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/13 05:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/13 05:15:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/13 05:12:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/13 04:59:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/12 18:39:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/12 18:39:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/12 18:39:23 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/12 18:39:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/12 18:39:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/12 18:38:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/12 18:38:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/12 18:38:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/12 18:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 18:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/08/02 18:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 18:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 18:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/07/02 16:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 16:34:10 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 16:28:10 | 000,465,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 16:28:10 | 000,080,052 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/26 15:31:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 20:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 20:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 08:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 17:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 17:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >
[2011/09/10 12:31:19 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2009/12/10 16:23:17 | 004,843,314 | ---- | M] (DVD Cloner Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\dvdcloner560.exe
[2009/12/10 16:23:26 | 006,272,566 | ---- | M] (OpenCloner Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\dvdcloner670.exe
[2010/02/23 14:19:07 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\PowerPointViewer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2009/03/27 16:06:52 | 002,730,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\SupportConsole.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/10/01 09:18:28 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/10/01 09:18:25 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/10/01 09:18:24 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
File not found Unable to obtain MD5 -- C:\WINDOWS\system32\
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/12/06 12:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/09/02 13:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\AdorageI-GfxDatas
[2007/09/02 13:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\AdorageI-SAL
[2008/05/31 09:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\ANI
[2010/12/06 12:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/10/14 01:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2006/12/02 02:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Auction Sentry Deluxe
[2010/12/05 11:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2006/02/18 10:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2008/02/24 13:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\BDHDCopyHelper
[2006/04/02 17:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin Mouse 1.0
[2010/12/06 12:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2010/01/29 14:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Toolbar
[2010/12/06 12:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/02/26 19:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2007/05/09 10:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/02/13 18:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/12/06 12:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/07/02 03:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/05/07 11:51:18 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2006/01/27 12:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2010/09/28 14:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/05/31 09:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2010/11/03 21:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\DeDup
[2007/04/09 20:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/03/08 16:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Magician
[2011/09/15 20:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dvd-cloner
[2010/02/05 18:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2010/11/28 12:14:26 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2010/12/06 13:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/02/14 21:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/02/05 18:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2010/12/09 21:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/30 14:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/01/13 05:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/08/13 21:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE
[2009/08/13 21:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE_01
[2009/08/13 21:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE_02
[2009/08/13 22:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE_03
[2006/12/31 18:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2010/09/28 14:10:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/05/31 09:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/01/13 05:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2008/03/28 21:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/08/10 17:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/06 13:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/06 13:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/05 12:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/29 21:23:18 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2010/02/06 16:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Lavalys
[2009/05/16 21:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2011/10/18 22:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\lg_fwupdate
[2011/10/19 13:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 00:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\MediaMonkey
[2010/12/04 10:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/02/27 23:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/11/30 15:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Fix it Center
[2005/07/14 19:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/02/23 14:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/07/10 15:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/02/27 23:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/13 03:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/10/14 15:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/09/29 21:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/03/08 22:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/23 14:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/07/14 19:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/07/14 19:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/18 02:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/09/20 19:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2006/01/13 05:37:09 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/02/05 21:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2008/05/31 09:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR GA311 Adapter
[2010/03/08 20:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/02/13 12:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/02/12 16:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/16 16:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/02/06 13:32:05 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2006/01/13 05:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2008/04/19 07:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/12/13 16:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2008/01/29 20:31:01 | 000,000,000 | ---D | M] -- C:\Program Files\proDAD
[2010/02/06 12:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2010/12/06 12:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/05 01:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/08 16:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/03/08 22:51:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/09/02 12:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2007/08/30 15:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/14 21:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Spy Cleaner Gold
[2008/02/07 21:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/23 22:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/12/06 12:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/12/04 15:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2006/01/13 05:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/08/05 18:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2010/02/14 14:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/02/13 13:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2005/07/02 03:00:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/02/26 19:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2010/02/13 12:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2006/01/13 05:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/03/08 23:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/01/27 21:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2006/11/08 18:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/03/08 22:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/03/08 20:03:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/07/14 19:50:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/07/02 03:00:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/12/06 12:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\WOT
[2005/07/14 19:50:34 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/02/13 18:04:22 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/11/20 01:06:09 | 000,000,000 | ---D | M] -- C:\Program Files\Zune

< MD5 for: AGP440.SYS >
[2004/08/11 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 01:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/11 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 01:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/11 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 01:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 01:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/10 01:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-04 20:25:36

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3129287989:3403315781.exe
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:21 pm

Extras log:

OTL Extras logfile created on: 10/19/2011 2:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 513.49 Mb Available Physical Memory | 50.22% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 114.05 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Ask.com\Updater\Updater.exe" = C:\Program Files\Ask.com\Updater\Updater.exe:*:Disabled:Ask Updater -- (Ask)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{69CF01AD-9E35-4BD7-9036-7B8478BEB839}" = HPTunesAddIn
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D54193B7-D2DF-4977-B546-86CA48DB214E}" = HP Tunes
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DeDup" = DeDup
"Driver Magician_is1" = Driver Magician 3.49
"DVD-CLONER IV_is1" = DVD-CLONER V4.70 Build 926
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"hp deskjet 6122 series_Driver" = hp deskjet 6122 series
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Zune" = Zune

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 10:29:20 AM | Computer Name = BOBSPC | Source = Application Hang | ID = 1001
Description = Fault bucket -1805600120.

Error - 8/10/2011 6:13:22 PM | Computer Name = BOBSPC | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/10/2011 12:30:23 PM | Computer Name = BOBSPC | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 10/13/2011 1:49:34 PM | Computer Name = BOBSPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2011 1:49:56 PM | Computer Name = BOBSPC | Source = Application Hang | ID = 1001
Description = Fault bucket -1665931649.

Error - 10/18/2011 12:38:29 AM | Computer Name = BOBSPC | Source = nview_info | ID = 11141121
Description =

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 3029
Description = The plug-in in cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

[ System Events ]
Error - 10/18/2011 11:11:18 PM | Computer Name = BOBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 10/18/2011 11:22:44 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/19/2011 1:39:46 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/19/2011 1:40:13 PM | Computer Name = BOBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 10/19/2011 1:45:07 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/19/2011 1:51:25 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/19/2011 1:52:27 PM | Computer Name = BOBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 10/19/2011 2:01:10 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/19/2011 2:04:02 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/19/2011 2:04:14 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:25 pm

Security Check log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (3.1.7) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe is disabled!
``````````End of Log````````````

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 1:05 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

TR/Kazy infection-OTL.txt/ addl logs in addl posts DDS

TR/Kazy infection-OTL.txt/ addl logs in addl posts DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 6:07 am

Per your instructions, I have removed ASK. updated Java (also latest Windows updates). I then ran DDS and copied and pasted the logs below.
I will check back for further instructions.

Thanks for your help~
Patricia

Log of DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by HP_Administrator at 1:59:08 on 2011-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.368 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\3129287989:3403315781.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\casup.lnk - c:\hp\region\CustAtStartUp.wsf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{201B7D01-482D-4862-846E-44904AD96B73} : DhcpNameServer = 10.10.5.10
TCP: Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 109568]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-13 56816]
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 364544]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 186880]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2010-3-8 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
.
=============== Created Last 30 ================
.
2011-10-19 00:37:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-19 00:37:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-18 20:29:14 -------- d-sh--w- c:\documents and settings\hp_administrator\local settings\application data\352585ba
2011-09-26 15:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
==================== Find3M ====================
.
2011-10-19 17:56:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 2:00:44.60 ===============
Log of ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2010 5:06:15 PM
System Uptime: 10/20/2011 1:37:04 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | LITHIUM
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 364 GiB total, 112.168 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 4.396 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP125: 7/22/2011 7:48:17 AM - System Checkpoint
RP126: 7/23/2011 8:14:51 AM - System Checkpoint
RP127: 7/24/2011 8:34:04 AM - System Checkpoint
RP128: 7/24/2011 2:55:22 PM - Software Distribution Service 3.0
RP129: 7/25/2011 5:22:48 PM - System Checkpoint
RP130: 7/26/2011 6:27:49 PM - System Checkpoint
RP131: 7/27/2011 6:49:02 PM - System Checkpoint
RP132: 7/28/2011 7:15:50 PM - System Checkpoint
RP133: 7/29/2011 7:39:18 PM - System Checkpoint
RP134: 7/30/2011 7:47:16 PM - System Checkpoint
RP135: 8/1/2011 12:19:08 AM - System Checkpoint
RP136: 8/2/2011 1:12:33 AM - System Checkpoint
RP137: 8/3/2011 8:22:19 AM - System Checkpoint
RP138: 8/4/2011 8:36:25 AM - System Checkpoint
RP139: 8/5/2011 8:52:43 AM - System Checkpoint
RP140: 8/6/2011 11:33:50 AM - System Checkpoint
RP141: 8/7/2011 12:33:08 PM - System Checkpoint
RP142: 8/8/2011 2:05:45 PM - System Checkpoint
RP143: 8/9/2011 4:43:11 PM - System Checkpoint
RP144: 8/10/2011 5:52:56 PM - Software Distribution Service 3.0
RP145: 8/12/2011 12:18:02 AM - System Checkpoint
RP146: 8/13/2011 9:12:45 AM - System Checkpoint
RP147: 8/14/2011 9:28:59 AM - System Checkpoint
RP148: 8/15/2011 12:11:17 PM - System Checkpoint
RP149: 8/16/2011 1:30:58 PM - System Checkpoint
RP150: 8/17/2011 5:52:51 PM - System Checkpoint
RP151: 8/18/2011 6:26:23 PM - System Checkpoint
RP152: 8/19/2011 6:44:45 PM - System Checkpoint
RP153: 8/21/2011 2:09:50 AM - System Checkpoint
RP154: 8/22/2011 7:53:17 AM - System Checkpoint
RP155: 8/28/2011 6:34:55 PM - System Checkpoint
RP156: 8/29/2011 8:16:21 PM - System Checkpoint
RP157: 8/30/2011 8:24:43 PM - System Checkpoint
RP158: 8/31/2011 3:20:41 PM - Software Distribution Service 3.0
RP159: 9/1/2011 3:22:19 PM - System Checkpoint
RP160: 9/2/2011 7:37:54 PM - System Checkpoint
RP161: 9/3/2011 10:04:59 PM - System Checkpoint
RP162: 9/4/2011 10:29:19 PM - System Checkpoint
RP163: 9/5/2011 10:31:34 PM - System Checkpoint
RP164: 9/6/2011 10:32:42 PM - System Checkpoint
RP165: 9/7/2011 11:32:40 PM - System Checkpoint
RP166: 9/9/2011 12:07:10 AM - System Checkpoint
RP167: 9/10/2011 1:48:08 AM - System Checkpoint
RP168: 9/10/2011 6:31:44 AM - Software Distribution Service 3.0
RP169: 9/11/2011 8:51:54 AM - System Checkpoint
RP170: 9/12/2011 9:59:28 AM - System Checkpoint
RP171: 9/13/2011 10:10:12 AM - System Checkpoint
RP172: 9/14/2011 11:33:27 AM - System Checkpoint
RP173: 9/15/2011 11:52:39 AM - System Checkpoint
RP174: 9/16/2011 12:07:58 PM - System Checkpoint
RP175: 9/17/2011 12:35:23 PM - System Checkpoint
RP176: 9/18/2011 12:46:24 PM - System Checkpoint
RP177: 9/19/2011 1:21:06 PM - System Checkpoint
RP178: 9/20/2011 2:54:12 PM - System Checkpoint
RP179: 9/21/2011 3:51:10 PM - System Checkpoint
RP180: 9/22/2011 6:10:53 PM - System Checkpoint
RP181: 9/23/2011 6:20:39 PM - System Checkpoint
RP182: 9/24/2011 6:51:06 PM - System Checkpoint
RP183: 9/25/2011 2:30:45 PM - Software Distribution Service 3.0
RP184: 9/26/2011 5:28:07 PM - System Checkpoint
RP185: 9/27/2011 6:15:00 PM - System Checkpoint
RP186: 9/28/2011 7:07:04 PM - System Checkpoint
RP187: 9/29/2011 7:42:21 PM - System Checkpoint
RP188: 9/30/2011 8:22:25 PM - System Checkpoint
RP189: 10/2/2011 8:02:14 AM - System Checkpoint
RP190: 10/3/2011 12:42:18 PM - System Checkpoint
RP191: 10/4/2011 4:21:31 PM - Software Distribution Service 3.0
RP192: 10/5/2011 5:54:42 PM - System Checkpoint
RP193: 10/6/2011 6:06:48 PM - System Checkpoint
RP194: 10/7/2011 6:47:52 PM - System Checkpoint
RP195: 10/8/2011 7:31:22 PM - System Checkpoint
RP196: 10/9/2011 7:32:24 PM - System Checkpoint
RP197: 10/10/2011 7:41:25 PM - System Checkpoint
RP198: 10/11/2011 8:00:21 PM - System Checkpoint
RP199: 10/12/2011 8:01:19 PM - System Checkpoint
RP200: 10/13/2011 8:20:03 PM - System Checkpoint
RP201: 10/14/2011 10:01:06 PM - System Checkpoint
RP202: 10/15/2011 10:06:02 PM - System Checkpoint
RP203: 10/16/2011 11:06:05 PM - System Checkpoint
RP204: 10/17/2011 11:18:01 PM - System Checkpoint
RP205: 10/18/2011 8:33:51 PM - Restore Operation
RP206: 10/19/2011 11:33:18 PM - Removed Ask Toolbar.
RP207: 10/19/2011 11:34:07 PM - Removed Bonjour
RP208: 10/19/2011 11:35:25 PM - Removed HP Boot Optimizer
RP209: 10/19/2011 11:38:19 PM - Removed WOT for Internet Explorer
RP210: 10/20/2011 12:51:27 AM - Installed Java(TM) 6 Update 29
RP211: 10/20/2011 12:52:48 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Blackhawk Striker 2 from HP Media Center (remove only)
BufferChm
CameraDrivers
CCleaner
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
DeDup
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Driver Magician 3.49
DVD-CLONER V4.70 Build 926
Fax
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
hp deskjet 6122 series
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPTunesAddIn
InstantShareDevices
Intel(R) PRO Network Connections Drivers
IntelliMover Data Transfer Demo
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
NewCopy
NVIDIA Drivers
OpenOffice.org 3.3
Otto
PanoStandAlone
PhotoGallery
PSPrinters08
PSTAPlugin
QFolder
QuickTime
RandMap
RangeMax Wireless-N USB Adapter WN111v2
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SolutionCenter
Sonic Encoders
Sonic_PrimoSDK
Status
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WeatherBug
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol
WN111v2
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
10/20/2011 1:17:37 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/19/2011 2:01:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/19/2011 10:32:35 PM, error: Service Control Manager [7000] - The Avira AntiVir Scheduler service failed to start due to the following error: Access is denied.
10/19/2011 10:27:42 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 10:27:42 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 10:24:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/19/2011 10:23:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/19/2011 1:45:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/18/2011 8:39:44 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/18/2011 8:39:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
10/18/2011 8:39:43 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/18/2011 8:39:28 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
10/18/2011 6:36:51 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/18/2011 4:29:19 PM, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/18/2011 4:29:19 PM, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: Access is denied.
10/18/2011 2:39:30 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
10/18/2011 11:11:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv
10/18/2011 11:10:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2011 5:00:24 PM, error: NetDDE [206] - Listen failed: 15:
10/14/2011 4:57:42 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
.
==== End Of File ===========================

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 6:38 pm

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

C:\WINDOWS\3129287989:3403315781.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
******************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*********************************************************
Please download ComboFix TR/Kazy infection-OTL.txt/ addl logs in addl posts Combofix

TR/Kazy infection-OTL.txt/ addl logs in addl posts Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
TR/Kazy infection-OTL.txt/ addl logs in addl posts Query_RC

TR/Kazy infection-OTL.txt/ addl logs in addl posts Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
TR/Kazy infection-OTL.txt/ addl logs in addl posts RC_successful

TR/Kazy infection-OTL.txt/ addl logs in addl posts RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 7:45 pm

Hi SuperDave,

I followed the initial instructions regarding Jotti's Malware, but I ran into a problem. When I click into the browse box on the site, it automatically opens a 'File Upload' box, showing files on the computer. If I then paste the code into that box (next to file open). I get an error message:"The above file name is invalid."

I tried to enter the code manually, same thing--- I get the upload box. Can
you please tell me what I have missed here, and let me know how to get this to work?

Sorry to be a bother, thanks for your patience.

Patricia

PS
I like your sign in name, my son is Sewper_Dave...

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 10:03 pm

my son is Sewper_Dave

Good one.

click once inside the window next to Browse. If you click "browse" you need to indicate where the file resides. In this case: C:\WINDOWS\3129287989:3403315781.exe You can use either method.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 10:32 pm

Believe it, or not, that is exactly what I've been doing---"click once inside the window next to Browse." No matter, each time I do, it opens up a large box, labelled "File Upload" and showing the directories on the pc. At the bottom of this 'File Upload' box, there is a small open box, next to a button labelled "Open." Since that appears to be the logical place to paste, or enter, the file name, I've done that...and then get the error message, in a box labelled 'File Upload.' The message shows the file name and says, "The above file name is invalid."

I have even tried using the drop down, at the top of the File Upload box, and opening to 'C:\WINDOWS\' and then entering the file name...and I have tried browsing that file for the file name and couldn't find it. So, I went back to square one and followed your directions, exactly, again...same sorry results. :sad:

I did check to see that the file name was copied and pasted correctly, and it was, but I still get the "invalid file" message.

I still can't figure this out-- can you?

I'll keep an eye out for further instructions.

Thanks Thank You!

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 1:22 am

Ok. Let's have a look to see if the file is actually there.

Click Start, Search, select All Files and Folders. Copy and paste

Code:

C:\WINDOWS\3129287989:3403315781.exe

and click search.

Let me know if you find it. In the meantime, please run ComboFix and we'll see if it shows up there.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 4:00 am

Well, I ran the Search for C:\WINDOWS\3129287989:3403315781.exe and it was not found. The only result in the Search box was the OTL.txt file.

I ran ComboFix and the log follows:

ComboFix 11-10-20.08 - HP_Administrator 10/20/2011 22:38:00.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.705 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\@
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\U\80000000.@
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\U\800000cb.@
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\X
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\$NtUninstallKB20320$\3848706962
c:\windows\$NtUninstallKB20320$\891651514\@
c:\windows\$NtUninstallKB20320$\891651514\L\nezyfjsm
c:\windows\$NtUninstallKB20320$\891651514\loader.tlb
c:\windows\$NtUninstallKB20320$\891651514\U\@00000001
c:\windows\$NtUninstallKB20320$\891651514\U\@000000c0
c:\windows\$NtUninstallKB20320$\891651514\U\@000000cb
c:\windows\$NtUninstallKB20320$\891651514\U\@000000cf
c:\windows\$NtUninstallKB20320$\891651514\U\@80000000
c:\windows\$NtUninstallKB20320$\891651514\U\@800000c0
c:\windows\$NtUninstallKB20320$\891651514\U\@800000cb
c:\windows\$NtUninstallKB20320$\891651514\U\@800000cf
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\kb913800.exe
c:\windows\system32\
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\$NtUninstallKB20320$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\acs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013319.exe
.
Infected copy of c:\program files\Avira\AntiVir Desktop\sched.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013320.exe
.
Infected copy of c:\program files\Avira\AntiVir Desktop\avguard.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014441.exe
.
Infected copy of c:\program files\NETGEAR\WN111v2\jswpsapi.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013324.exe
.
Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0011\DriverFiles\nvsvc32.exe
.
Infected copy of c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013327.EXE
.
Infected copy of c:\windows\system32\SearchIndexer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015445.exe
.
Infected copy of c:\windows\system32\ZuneBusEnum.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015367.exe
.
Infected copy of c:\windows\system32\acs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013319.exe
Infected copy of c:\program files\NETGEAR\WN111v2\jswpsapi.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013324.exe
Infected copy of c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013327.EXE
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_352585ba
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 02:57 . 2008-06-27 21:24 467028 ----a-w- c:\windows\system32\acs.exe
2011-10-19 00:37 . 2011-10-19 00:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-26 15:41 . 2011-09-26 15:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41 . 2011-09-26 15:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 17:56 . 2010-11-30 06:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-02-14 06:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-01-12 22:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-01-12 22:39 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-01-12 22:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-01-12 22:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-11-30 06:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-01-13 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-01-12 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-01-12 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-01-12 22:38 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-01-12 22:37 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:18 . 2011-05-07 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-06-09 23:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 22:08 . 2009-05-17 01:17 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - c:\hp\region\CustAtStartUp.wsf [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-2-26 323584]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\aswMBR.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/8/2010 5:36 PM 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 2:19 PM 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-10-21 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
2011-10-20 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1208)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\netdde.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-10-20 23:49:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-21 03:48
ComboFix2.txt 2010-12-05 01:36
.
Pre-Run: 120,524,566,528 bytes free
Post-Run: 121,933,086,720 bytes free
.
- - End Of File - - B54C6C031B57917B4C72B9929B2E8F8F

I will check back for your next instructions.
Thanks, again, for all your help~

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 5:43 pm

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 6:28 pm

Hi Super Dave~

I ran the SysProt AntiRootkit, successfully, and the log is pasted below. I will check back for the next steps. Thanks for all your help~

Patricia

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F755D000
Module End: F756C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F2398000
Module End: F23B0000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A83000
Module End: F7A85000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F78BD000
Module End: F78C5000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7A1B000
Module End: F7A1D000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7B552BE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7B552B4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7B552C3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7B552CD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7B552D2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7B552A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7B552A5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7B552DC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7B552D7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7B552C8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F7B552AF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\e396453136c5abc4579b89b0\update\update.exe
Status: Access denied

Object: C:\e396453136c5abc4579b89b0\update\updspapi.dll
Status: Access denied

Object: C:\Program Files\Avira\AntiVir Desktop\
Status: Hidden

Object: C:\Program Files\Common Files\Apple\Mobile Device Support\
Status: Hidden

Object: C:\Program Files\Common Files\LightScribe\
Status: Hidden

Object: C:\Program Files\CyberLink\Shared files\
Status: Hidden

Object: C:\Program Files\Java\jre6\bin\
Status: Hidden

Object: C:\Program Files\NETGEAR\WN111v2\
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}
Status: Access denied

Object: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
Status: Hidden

Object: C:\WINDOWS\system32\spool\drivers\w32x86\3\
Status: Hidden

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 6:36 pm

Is the computer running any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetOnline

TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetAcceptTerms

•Click the TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetStart

button.
•Accept any security warnings from your browser.
•Check TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetListThreats

TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetListThreats

•Push

TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetBack

TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetBack

button.
•Push TR/Kazy infection-OTL.txt/ addl logs in addl posts EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

TR/Kazy infection-OTL.txt/ addl logs in addl posts

descriptionTR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:17 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:19 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:21 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:25 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 1:05 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 6:07 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 6:38 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 7:45 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 10:03 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 10:32 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 1:22 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 4:00 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 5:43 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 6:28 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 6:36 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts

TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:17 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:19 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:21 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts19th October 2011, 8:25 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 1:05 am

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 6:07 am

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 6:38 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 7:45 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 10:03 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts20th October 2011, 10:32 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 1:22 am

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 4:00 am

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 5:43 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 6:28 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts21st October 2011, 6:36 pm

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts