A Real Nasty

Question

meksikatsi 16 Posting Whiz

14 Years Ago

Hello folks,

System:

HP a1649n computer, O/S XP Pro, SP3, BIOS 3.08. Processor Intel Core 2 @1.86GHz, Fam6, Mod15, Stepping6, 4GB RAM, connected to TWC through WRT54G

Running Avast! and Windows firewall - this and other 6 computers on network have shown no issues in over a year with this setup.

Initial issues:

1. First noticed this problem with repeated error messages here and there:

Generic Host Process for Win32 Service has encountered a problem and needs to close. We are sorry for this inconvenience.

Ran MBAM and Spybot Search & Destroy and cleaned up system but issues continued.

On looking at what the system wants to send to Microsoft, there's an error signature (sz App and Mod names and versions, plus offset:00023845) and two files, names end in svchost.exe.mdmp and appcompat.txt - I can include those files if needed.

2. Avast! keeps giving me on-access messages (maybe a few times per hour) which don't appear long enough to copy - they are malicious attacks from: X - I was able to copy one that repeats 2Og7yailO.com and there's a long string after but not enough time to copy. this is not the only url to come through though.

3. Cannot print - whatever this is erased all my printers/drivers from the printer folder - I tried to add a printer and get:

Operation cannot be completed - Print Spooler Service not running.

I checked Services and it IS running.

4. Something is scanning all open windows periodically. I notice a flicker on each window in sequence. It seems to happen with the Avast! on-access messages.

5. Monitoring Task Mgr, I've noticed extremely high CPU usage with no applications running on the system. That's not happening presently though.

6. Finally, as I am typing this, something has caused some strange changes to my desktop - everything flashed - some colors changed...this has happened before and when I restarted, I had to restore the desktop.

7. As I chose Preview Post, I got another window (new tab) that popped up offering to check my system with registry scanner - this thing checks the system but will not fix anything unless you pay. could be a symptom so I'm including it...I've had that happen a couple of times over the last few days.

Fixes:

Ran MS Malicious Software removal tool - nothing detected

Ran ATF Cleaner on Main and Firefox - all removed except Firefox passwords

Logs/files:

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5105

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/13/2010 6:23:34 AM
mbam-log-2010-11-13 (06-23-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 381763
Time elapsed: 1 hour(s), 23 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER One

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-13 07:32:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.VT10
Running: rnkmnfee.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\afloypog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 8B3E0292
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 8B3E0292

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_SP2504C_________________________VT100-49#4&8c8daba&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

GMER Two

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-13 07:54:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.VT10
Running: rnkmnfee.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\afloypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8E8D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8E8D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8E8DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8E8D14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8E8D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8E8D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8E8D0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8E8D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8E8D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8E8D8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 8B3E0292
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 8B3E0292

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_SP2504C_________________________VT100-49#4&8c8daba&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

DDS

DDS (Ver_10-11-10.01) - NTFSx86
Run by HP_Administrator at 6:46:47.09 on Sat 11/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2718 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 101112-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221364816500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\izkwi3ur.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-12 138680]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NetProbe;NetProbe Packet Driver;c:\windows\system32\drivers\NetProbe.sys [2009-3-24 5365]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-12 352920]
S2 gupdate1c98572486c5d2f;Google Update Service (gupdate1c98572486c5d2f);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S3 USBBULK;USB Bulk device driver;c:\windows\system32\drivers\USBBulk.sys [2008-12-24 20992]

=============== Created Last 30 ================

2010-11-12 21:04:49 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{7BC48736-44DE-4E73-A789-B700D1778AE5}
2010-11-12 21:04:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\PackageAware
2010-11-12 15:28:05 -------- d-----w- C:\Bookmarks Backup 11.12.10
2010-10-29 17:06:03 -------- d-----w- C:\BofA
2010-10-27 13:32:42 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\hideip_firefox_plugin
2010-10-27 13:32:41 -------- d-----w- c:\program files\Hide IP NG
2010-10-27 13:32:41 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Hide IP NG

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_ rev.VT10 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B3E0446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b3e6504]; MOV EAX, [0x8b3e6580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B4087D0]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AA73320]
\Driver\iaStor[0x8B404990] -> IRP_MJ_CREATE -> 0x8B3E0446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_SP2504C_________________________VT100-49#4&8c8daba&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x8B3E0292
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 6:48:13.50 ===============

Attach

Daniweb instruction say post txt - Attach says post zipped file - I have both but following Daniweb instruction here.

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2008 8:48:57 PM
System Uptime: 11/13/2010 4:51:01 AM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Buckeye
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1866/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 170.071 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.385 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP726: 8/14/2010 3:46:22 AM - System Checkpoint
RP727: 8/15/2010 3:00:15 AM - Software Distribution Service 3.0
RP728: 8/16/2010 3:00:14 AM - Software Distribution Service 3.0
RP729: 8/17/2010 3:00:15 AM - Software Distribution Service 3.0
RP730: 8/18/2010 3:00:17 AM - Software Distribution Service 3.0
RP731: 8/19/2010 3:00:13 AM - Software Distribution Service 3.0
RP732: 8/19/2010 12:44:33 PM - Installed Windows Internet Explorer 8.
RP733: 8/20/2010 3:00:16 AM - Software Distribution Service 3.0
RP734: 8/21/2010 3:00:15 AM - Software Distribution Service 3.0
RP735: 8/22/2010 3:00:20 AM - Software Distribution Service 3.0
RP736: 8/23/2010 3:00:24 AM - Software Distribution Service 3.0
RP737: 8/23/2010 10:34:34 AM - Software Distribution Service 3.0
RP738: 8/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP739: 8/25/2010 3:00:16 AM - Software Distribution Service 3.0
RP740: 8/26/2010 3:00:16 AM - Software Distribution Service 3.0
RP741: 8/27/2010 3:00:17 AM - Software Distribution Service 3.0
RP742: 8/28/2010 3:00:15 AM - Software Distribution Service 3.0
RP743: 8/29/2010 3:00:15 AM - Software Distribution Service 3.0
RP744: 8/30/2010 3:00:16 AM - Software Distribution Service 3.0
RP745: 8/31/2010 3:00:17 AM - Software Distribution Service 3.0
RP746: 9/1/2010 3:00:17 AM - Software Distribution Service 3.0
RP747: 9/2/2010 3:00:16 AM - Software Distribution Service 3.0
RP748: 9/3/2010 3:00:15 AM - Software Distribution Service 3.0
RP749: 9/4/2010 3:00:15 AM - Software Distribution Service 3.0
RP750: 9/5/2010 3:00:15 AM - Software Distribution Service 3.0
RP751: 9/6/2010 3:00:14 AM - Software Distribution Service 3.0
RP752: 9/7/2010 3:00:14 AM - Software Distribution Service 3.0
RP753: 9/8/2010 3:00:15 AM - Software Distribution Service 3.0
RP754: 9/9/2010 3:00:14 AM - Software Distribution Service 3.0
RP755: 9/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP756: 9/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP757: 9/12/2010 3:00:15 AM - Software Distribution Service 3.0
RP758: 9/13/2010 3:00:15 AM - Software Distribution Service 3.0
RP759: 9/14/2010 3:00:17 AM - Software Distribution Service 3.0
RP760: 9/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP761: 9/16/2010 3:00:16 AM - Software Distribution Service 3.0
RP762: 9/17/2010 3:39:18 AM - System Checkpoint
RP763: 9/18/2010 3:00:15 AM - Software Distribution Service 3.0
RP764: 9/19/2010 3:00:18 AM - Software Distribution Service 3.0
RP765: 9/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP766: 9/21/2010 3:00:35 AM - Software Distribution Service 3.0
RP767: 9/22/2010 3:00:15 AM - Software Distribution Service 3.0
RP768: 9/23/2010 3:00:16 AM - Software Distribution Service 3.0
RP769: 9/24/2010 3:00:24 AM - Software Distribution Service 3.0
RP770: 9/25/2010 3:00:28 AM - Software Distribution Service 3.0
RP771: 9/26/2010 3:00:28 AM - Software Distribution Service 3.0
RP772: 9/27/2010 3:00:18 AM - Software Distribution Service 3.0
RP773: 9/28/2010 3:00:22 AM - Software Distribution Service 3.0
RP774: 9/29/2010 3:00:25 AM - Software Distribution Service 3.0
RP775: 9/30/2010 3:00:14 AM - Software Distribution Service 3.0
RP776: 10/1/2010 3:00:14 AM - Software Distribution Service 3.0
RP777: 10/2/2010 3:00:15 AM - Software Distribution Service 3.0
RP778: 10/3/2010 3:00:15 AM - Software Distribution Service 3.0
RP779: 10/4/2010 3:00:14 AM - Software Distribution Service 3.0
RP780: 10/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP781: 10/6/2010 3:00:14 AM - Software Distribution Service 3.0
RP782: 10/7/2010 3:00:15 AM - Software Distribution Service 3.0
RP783: 10/8/2010 3:00:15 AM - Software Distribution Service 3.0
RP784: 10/9/2010 3:00:22 AM - Software Distribution Service 3.0
RP785: 10/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP786: 10/11/2010 3:00:24 AM - Software Distribution Service 3.0
RP787: 10/12/2010 3:00:28 AM - Software Distribution Service 3.0
RP788: 10/13/2010 3:00:27 AM - Software Distribution Service 3.0
RP789: 10/14/2010 3:00:19 AM - Software Distribution Service 3.0
RP790: 10/15/2010 3:29:05 AM - System Checkpoint
RP791: 10/16/2010 3:41:16 AM - System Checkpoint
RP792: 10/17/2010 3:41:26 AM - System Checkpoint
RP793: 10/17/2010 7:14:07 AM - Software Distribution Service 3.0
RP794: 10/17/2010 6:37:39 PM - Software Distribution Service 3.0
RP795: 10/17/2010 8:07:30 PM - Software Distribution Service 3.0
RP796: 10/18/2010 3:00:15 AM - Software Distribution Service 3.0
RP797: 10/19/2010 3:00:15 AM - Software Distribution Service 3.0
RP798: 10/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP799: 10/21/2010 3:29:26 AM - System Checkpoint
RP800: 10/22/2010 4:29:28 AM - System Checkpoint
RP801: 10/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP802: 10/24/2010 3:00:39 AM - Software Distribution Service 3.0
RP803: 10/25/2010 3:00:23 AM - Software Distribution Service 3.0
RP804: 10/26/2010 3:00:15 AM - Software Distribution Service 3.0
RP805: 10/27/2010 3:00:15 AM - Software Distribution Service 3.0
RP806: 10/28/2010 3:00:16 AM - Software Distribution Service 3.0
RP807: 10/29/2010 3:00:19 AM - Software Distribution Service 3.0
RP808: 10/30/2010 3:00:21 AM - Software Distribution Service 3.0
RP809: 10/31/2010 3:00:29 AM - Software Distribution Service 3.0
RP810: 11/1/2010 3:00:14 AM - Software Distribution Service 3.0
RP811: 11/2/2010 3:00:15 AM - Software Distribution Service 3.0
RP812: 11/3/2010 3:00:18 AM - Software Distribution Service 3.0
RP813: 11/4/2010 3:00:29 AM - Software Distribution Service 3.0
RP814: 11/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP815: 11/6/2010 3:00:15 AM - Software Distribution Service 3.0
RP816: 11/7/2010 2:00:16 AM - Software Distribution Service 3.0
RP817: 11/7/2010 3:00:14 AM - Software Distribution Service 3.0
RP818: 11/8/2010 3:00:15 AM - Software Distribution Service 3.0
RP819: 11/9/2010 3:00:15 AM - Software Distribution Service 3.0
RP820: 11/10/2010 3:00:20 AM - Software Distribution Service 3.0
RP821: 11/11/2010 3:00:17 AM - Software Distribution Service 3.0
RP822: 11/12/2010 6:57:39 AM - Software Distribution Service 3.0
RP823: 11/12/2010 7:42:39 AM - Software Distribution Service 3.0
RP824: 11/12/2010 7:46:57 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
AutoUpdate
Avanquest update
avast! Antivirus
Belarc Advisor 7.2
Beta Brite Prism Messaging Software
BlackBerry Desktop Software 4.3
BufferChm
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
DBPix20
Destinations
DeviceManagementQFolder
DISCover
DivX
EA SPORTS online 2006
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
EZ A&D Firearms Records
FullDPAppQFolder
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GemMaster Mystic
GIMP 2.6.3
GnuCash 2.2.9
Google Earth
Google Update Helper
Google Updater
Hide IP NG 1.58
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
LightScribe 1.4.105.1
LizardTech DjVu Control
Load From A Disk Version 5.0
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access Runtime (English) 2007
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Netscape Browser (remove only)
Octoshape add-in for Adobe Flash Player
OptionalContentQFolder
Otto
Password Unmask 2.0
PC-Doctor 5 for Windows
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickDESIGN
QuickDESIGN (C:\Program Files\QuickDESIGN\)
Quicken 2006
QuickLOAD
RandMap
RealPlayer
Realtek High Definition Audio Driver
Reloaders Reference v9.3x74r
Remove WeatherBug Installer
Rhapsody
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Skype web features
Skype™ 4.2
SlideShow
SlideShowMusic
SmartDraw 2008
SmartDraw 2009
SmartDraw PDF Filter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Tiger Woods PGA TOUR 06
TOPO! Explorer
Uniblue RegistryBooster
Unity Web Player
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Web Easy Professional
Web Easy Professional 7
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== Event Viewer Messages From Past Week ========

11/8/2010 3:00:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007 Service Pack 2 (SP2).
11/7/2010 11:33:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi ftsata2 IntelIde PCIIde ViaIde
11/7/2010 1:32:30 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/13/2010 6:32:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error
11/13/2010 6:29:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
11/13/2010 5:32:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error
11/13/2010 5:29:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
11/13/2010 4:32:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error
11/13/2010 4:29:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
11/13/2010 3:32:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147943850
11/13/2010 2:32:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147943850
11/13/2010 2:29:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147943850
11/12/2010 9:22:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/12/2010 7:42:56 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Microsoft Office Access Runtime and Data Connectivity 2007 Service Pack 2 (SP2).
11/12/2010 6:56:06 AM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 6:31:51 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
11/12/2010 2:42:13 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
11/12/2010 2:30:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/12/2010 12:45:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP BANTExt Fips ftsata2 intelppm
11/12/2010 12:43:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/12/2010 12:39:27 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/11/2010 9:32:07 PM, information: Windows File Protection [64004] - The protected system file spoolsv.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x000006ba [The RPC server is unavailable. ].
11/11/2010 4:32:13 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
11/11/2010 3:23:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

==== End Of File ===========================

Many thanks for taking a look!!

meksikatsi

windows-virus

Edited 14 Years Ago by meksikatsi because: n/a

3 Contributors
14 Replies
608 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by crunchie

crunchie 990 Most Valuable Poster

14 Years Ago

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

crunchie 990 Most Valuable Poster

14 Years Ago

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

===========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

crunchie 990 Most Valuable Poster

14 Years Ago

Do yourself a favour and get rid of that registry booster crap. At best they are a gimmick and at worst they will wreck your operating system.

Why Registry cleaners should not be used.

==

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
:Commands
[purity]
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=============

Let me know how things are now.

zeroth 171 Nearly a Posting Virtuoso

14 Years Ago

I didn't use the registry booster, it just got downloaded as part of this issue, automatically I might add.

Unless you're working with an online service, when you click on the Scan Button, the software will probably be downloaded at that time, so it's not exactly automatic. Suggest you refrain from trying any program like this that just pops up.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

meksikatsi 16 Posting Whiz · Answer 1 · 2010-11-13T22:21:42+00:00

Thanks, crunchie,

TDSSKILLER REPORT

2010/11/13 11:03:44.0406 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 11:03:44.0406 ================================================================================
2010/11/13 11:03:44.0406 SystemInfo:
2010/11/13 11:03:44.0406
2010/11/13 11:03:44.0406 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 11:03:44.0406 Product type: Workstation
2010/11/13 11:03:44.0406 ComputerName: MEKSIKATSI
2010/11/13 11:03:44.0406 UserName: HP_Administrator
2010/11/13 11:03:44.0406 Windows directory: C:\WINDOWS
2010/11/13 11:03:44.0406 System windows directory: C:\WINDOWS
2010/11/13 11:03:44.0406 Processor architecture: Intel x86
2010/11/13 11:03:44.0406 Number of processors: 2
2010/11/13 11:03:44.0406 Page size: 0x1000
2010/11/13 11:03:44.0406 Boot type: Normal boot
2010/11/13 11:03:44.0406 ================================================================================
2010/11/13 11:03:44.0578 Initialize success
2010/11/13 11:04:12.0625 ================================================================================
2010/11/13 11:04:12.0625 Scan started
2010/11/13 11:04:12.0625 Mode: Manual;
2010/11/13 11:04:12.0625 ================================================================================
2010/11/13 11:04:13.0438 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/11/13 11:04:13.0469 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/13 11:04:13.0563 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 11:04:13.0594 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/13 11:04:13.0641 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 11:04:13.0703 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 11:04:13.0813 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/13 11:04:13.0907 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2010/11/13 11:04:13.0938 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/13 11:04:13.0969 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/13 11:04:13.0985 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/13 11:04:14.0016 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/13 11:04:14.0063 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 11:04:14.0078 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 11:04:14.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 11:04:14.0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 11:04:14.0219 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/11/13 11:04:14.0235 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/11/13 11:04:14.0282 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 11:04:14.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 11:04:14.0344 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/13 11:04:14.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 11:04:14.0391 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 11:04:14.0407 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 11:04:14.0532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 11:04:14.0547 dmboot (e8bd266c43cd750cad9a0f503523ff48) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 11:04:14.0578 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmboot.sys. Real md5: e8bd266c43cd750cad9a0f503523ff48, Fake md5: d992fe1274bde0f84ad826acae022a41
2010/11/13 11:04:14.0578 dmboot - detected Forged file (1)
2010/11/13 11:04:14.0610 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 11:04:14.0657 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 11:04:14.0688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 11:04:14.0719 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 11:04:14.0750 e1express (b0ababbbe2e61fc916a21182ac2ceff1) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/13 11:04:14.0782 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
2010/11/13 11:04:14.0797 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
2010/11/13 11:04:14.0828 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
2010/11/13 11:04:14.0891 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
2010/11/13 11:04:14.0891 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
2010/11/13 11:04:14.0922 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 11:04:14.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/13 11:04:14.0985 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 11:04:15.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/13 11:04:15.0016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/13 11:04:15.0032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 11:04:15.0047 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 11:04:15.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 11:04:15.0157 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/13 11:04:15.0172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 11:04:15.0219 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2010/11/13 11:04:15.0250 HSX_DP (22602c681a022f53892d743cd8c6a0e1) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
2010/11/13 11:04:15.0266 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\HSX_DP.sys. Real md5: 22602c681a022f53892d743cd8c6a0e1, Fake md5: a7f8c9228898a1e871d2ae7082f50ac3
2010/11/13 11:04:15.0282 HSX_DP - detected Forged file (1)
2010/11/13 11:04:15.0344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 11:04:15.0391 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 11:04:15.0422 ialm (8a00633bf6c7726022c5fef2f5bf4a2e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/13 11:04:15.0453 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\igxpmp32.sys. Real md5: 8a00633bf6c7726022c5fef2f5bf4a2e, Fake md5: 88164ba0e3fc4172ff3a1bd82b756454
2010/11/13 11:04:15.0453 ialm - detected Forged file (1)
2010/11/13 11:04:15.0516 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iastor.sys
2010/11/13 11:04:15.0547 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 11:04:15.0641 IntcAzAudAddService (1ac611002df1cf68b026677eed567cb3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/13 11:04:15.0782 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: 1ac611002df1cf68b026677eed567cb3, Fake md5: 14b48553be78472d2bd3a518658a1710
2010/11/13 11:04:15.0797 IntcAzAudAddService - detected Forged file (1)
2010/11/13 11:04:15.0985 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/13 11:04:16.0047 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/13 11:04:16.0078 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/13 11:04:16.0110 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 11:04:16.0141 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 11:04:16.0157 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 11:04:16.0172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 11:04:16.0188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 11:04:16.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 11:04:16.0250 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 11:04:16.0266 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/13 11:04:16.0297 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 11:04:16.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 11:04:16.0407 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/13 11:04:16.0453 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/13 11:04:16.0469 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 11:04:16.0485 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 11:04:16.0532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 11:04:16.0578 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 11:04:16.0594 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 11:04:16.0641 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 11:04:16.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 11:04:16.0766 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/11/13 11:04:16.0782 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 11:04:16.0813 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 11:04:16.0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 11:04:16.0844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 11:04:16.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 11:04:16.0938 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/13 11:04:16.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 11:04:16.0985 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/13 11:04:17.0000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 11:04:17.0016 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/13 11:04:17.0063 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 11:04:17.0078 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 11:04:17.0094 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 11:04:17.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 11:04:17.0141 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 11:04:17.0172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 11:04:17.0219 NetProbe (44831972666e9989b375c05f010944b2) C:\WINDOWS\system32\DRIVERS\netprobe.sys
2010/11/13 11:04:17.0266 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 11:04:17.0282 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 11:04:17.0313 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 11:04:17.0360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 11:04:17.0391 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 11:04:17.0407 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 11:04:17.0422 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 11:04:17.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/13 11:04:17.0469 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 11:04:17.0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 11:04:17.0516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 11:04:17.0547 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 11:04:17.0578 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/13 11:04:17.0719 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 11:04:17.0766 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2010/11/13 11:04:17.0782 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 11:04:17.0797 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 11:04:17.0828 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/13 11:04:17.0938 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 11:04:17.0969 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 11:04:17.0985 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 11:04:18.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 11:04:18.0032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 11:04:18.0047 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 11:04:18.0063 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/13 11:04:18.0110 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 11:04:18.0125 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 11:04:18.0172 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/13 11:04:18.0188 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/13 11:04:18.0203 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/13 11:04:18.0266 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/13 11:04:18.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 11:04:18.0375 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/13 11:04:18.0407 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 11:04:18.0453 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/13 11:04:18.0516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 11:04:18.0563 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 11:04:18.0625 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 11:04:18.0672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/13 11:04:18.0703 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 11:04:18.0719 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 11:04:18.0782 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/11/13 11:04:18.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 11:04:18.0907 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 11:04:18.0953 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 11:04:18.0969 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 11:04:19.0000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 11:04:19.0063 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 11:04:19.0125 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 11:04:19.0188 USBBULK (219967585c77cf22e557841be8d30661) C:\WINDOWS\system32\Drivers\USBBULK.sys
2010/11/13 11:04:19.0219 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 11:04:19.0235 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 11:04:19.0250 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 11:04:19.0266 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 11:04:19.0282 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 11:04:19.0313 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 11:04:19.0328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/13 11:04:19.0344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 11:04:19.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 11:04:19.0407 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 11:04:19.0453 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/11/13 11:04:19.0532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/13 11:04:19.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 11:04:19.0594 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 11:04:19.0641 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/13 11:04:19.0657 ================================================================================
2010/11/13 11:04:19.0657 Scan finished
2010/11/13 11:04:19.0657 ================================================================================
2010/11/13 11:04:19.0657 Detected object count: 5
2010/11/13 11:05:19.0485 Forged file(dmboot) - User select action: Skip
2010/11/13 11:05:19.0485 Forged file(HSX_DP) - User select action: Skip
2010/11/13 11:05:19.0485 Forged file(ialm) - User select action: Skip
2010/11/13 11:05:19.0485 Forged file(IntcAzAudAddService) - User select action: Skip
2010/11/13 11:05:19.0501 \HardDisk0 - will be cured after reboot
2010/11/13 11:05:19.0501 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/13 11:05:46.0579 Deinitialize success

MBRCheck Report

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9E6C000 iastor.sys
0xB9E54000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E34000 fltmgr.sys
0xB9E22000 sr.sys
0xBA118000 PxHelp20.sys
0xB9E0B000 KSecDD.sys
0xB9D7E000 Ntfs.sys
0xB9D51000 NDIS.sys
0xB9D37000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ELacpi.sys
0xB9370000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB935C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9324000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9300000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB92D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9293000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xB9270000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9179000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xB90C3000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5F6000 \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA75B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5F8000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB90AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA408000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB909B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA420000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB906B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA188000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB900D000 \SystemRoot\system32\DRIVERS\update.sys
0xB949C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA600000 \??\C:\WINDOWS\System32\Drivers\Elmon.sys
0xA8865000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA62C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA6CF3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA6CCF000 \SystemRoot\system32\drivers\portcls.sys
0xA8855000 \SystemRoot\system32\drivers\drmk.sys
0xBA656000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA764000 \SystemRoot\System32\Drivers\Null.SYS
0xBA658000 \SystemRoot\System32\Drivers\Beep.SYS
0xA59F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA59EB000 \SystemRoot\System32\drivers\vga.sys
0xBA65A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA65C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA4ADB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA4AD3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6A83000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA299E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2945000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA405D000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA291F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA28F7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA404D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA28D5000 \SystemRoot\System32\drivers\afd.sys
0xA6909000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA38A6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA28AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA283A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3896000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA65E000 \??\C:\WINDOWS\System32\Drivers\Elmou.sys
0xA548F000 \??\C:\WINDOWS\System32\Drivers\Elhid.sys
0xBA79F000 \SystemRoot\System32\Drivers\BANTExt.sys
0xA2719000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA4ACB000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA4AC3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA5A1B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9FC32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA56E4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9FC2A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9F594000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9C4F5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9C43E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9D4D1000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D460000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6EC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF022000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF049000 \SystemRoot\System32\igxpdv32.DLL
0xBF186000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9D448000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xB9D07000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D2D5000 \SystemRoot\system32\DRIVERS\netprobe.sys
0x9C428000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9C2FB000 \SystemRoot\system32\drivers\wdmaud.sys
0xA36CD000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C166000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9C0AD000 \SystemRoot\System32\Drivers\HTTP.sys
0x9C005000 \SystemRoot\system32\DRIVERS\srv.sys
0x9C09D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA388000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0x9BB55000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9BBC1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
704 C:\WINDOWS\system32\smss.exe
772 csrss.exe
796 C:\WINDOWS\system32\winlogon.exe
840 C:\WINDOWS\system32\services.exe
852 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1192 C:\WINDOWS\system32\svchost.exe
1308 svchost.exe
1392 svchost.exe
1436 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1488 C:\Program Files\Alwil Software\Avast4\ashServ.exe
228 C:\WINDOWS\explorer.exe
332 svchost.exe
452 C:\WINDOWS\ehome\ehrecvr.exe
488 C:\WINDOWS\ehome\ehSched.exe
604 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
700 C:\Program Files\Java\jre6\bin\jqs.exe
736 C:\Program Files\Google\Update\GoogleUpdate.exe
776 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1276 sqlservr.exe
2156 sqlbrowser.exe
2184 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2228 svchost.exe
2240 C:\WINDOWS\system32\svchost.exe
2336 C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
2376 C:\WINDOWS\system32\searchindexer.exe
2580 C:\WINDOWS\system32\wuauclt.exe
2712 mcrdsvc.exe
3084 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
3276 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3352 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
3424 C:\WINDOWS\system32\dllhost.exe
3776 alg.exe
1084 C:\WINDOWS\system32\svchost.exe
1352 C:\Program Files\Mozilla Firefox\firefox.exe
3048 C:\WINDOWS\system32\wuauclt.exe
3212 C:\Program Files\Mozilla Firefox\plugin-container.exe
2816 C:\WINDOWS\system32\searchprotocolhost.exe
1984 searchfilterhost.exe
2620 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`0f863200 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-49

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

meksikatsi 16 Posting Whiz · Answer 2 · 2010-11-13T23:59:04+00:00

I got a message: Access violation at address 0040295B in module 'OTL.exe'. Read of address 0021D000.

OTL is stuck "Creating restore point. DO NOT INTERRUPT..."

I thought I'd check back before shutting it down (with that message) and trying again...but it's been running a while now...more than 30 minutes

MBRCheck Log:

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9E6C000 iastor.sys
0xB9E54000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E34000 fltmgr.sys
0xB9E22000 sr.sys
0xBA118000 PxHelp20.sys
0xB9E0B000 KSecDD.sys
0xB9D7E000 Ntfs.sys
0xB9D51000 NDIS.sys
0xB9D37000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ELacpi.sys
0xB937C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9368000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9330000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB930C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB92E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB929F000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xB927C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9185000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xB90CF000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA2F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5EE000 \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
0xBA308000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA318000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA766000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5F0000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA168000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CD7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB90B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA178000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA188000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA408000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB90A7000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA198000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA420000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB9077000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9019000 \SystemRoot\system32\DRIVERS\update.sys
0xB94A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA658000 \??\C:\WINDOWS\System32\Drivers\Elmon.sys
0xB5104000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA65A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA3E83000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA3E5F000 \SystemRoot\system32\drivers\portcls.sys
0xB50F4000 \SystemRoot\system32\drivers\drmk.sys
0xBA62E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9F616000 \SystemRoot\System32\Drivers\Null.SYS
0xBA630000 \SystemRoot\System32\Drivers\Beep.SYS
0x9FA55000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9FA4D000 \SystemRoot\System32\drivers\vga.sys
0xBA632000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9FA45000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9FA3D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA1C23000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9E845000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9E7EC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB68AC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x9E7C6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9E79E000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9E77C000 \SystemRoot\System32\drivers\afd.sys
0xB689C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9E751000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB688C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E6E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB687C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB686C000 \SystemRoot\System32\Drivers\Fips.SYS
0x9FA35000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9FA2D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA10CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9F6CC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA10C7000 \??\C:\WINDOWS\System32\Drivers\Elhid.sys
0xBA636000 \??\C:\WINDOWS\System32\Drivers\Elmou.sys
0x9EFF8000 \SystemRoot\System32\Drivers\BANTExt.sys
0x9E6C0000 \SystemRoot\System32\Drivers\aswSP.SYS
0x9FA25000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA10BF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA10B7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9E69C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9E5E5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9F3E7000 \SystemRoot\System32\drivers\Dxapi.sys
0x9ECA3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6C8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF022000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF049000 \SystemRoot\System32\igxpdv32.DLL
0xBF186000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9EC7B000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA64E000 \SystemRoot\system32\DRIVERS\netprobe.sys
0x9E5CF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9E4B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9E421000 \SystemRoot\System32\Drivers\HTTP.sys
0x9E351000 \SystemRoot\system32\DRIVERS\srv.sys
0x9E41D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB81B8000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0x9DE49000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9DCAC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB87BF000 \SystemRoot\system32\drivers\sysaudio.sys
0x9D94E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
704 C:\WINDOWS\system32\smss.exe
768 csrss.exe
792 C:\WINDOWS\system32\winlogon.exe
840 C:\WINDOWS\system32\services.exe
852 C:\WINDOWS\system32\lsass.exe
1024 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1388 svchost.exe
1432 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1484 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1956 svchost.exe
2000 C:\WINDOWS\ehome\ehrecvr.exe
2012 C:\WINDOWS\ehome\ehSched.exe
300 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
356 C:\Program Files\Java\jre6\bin\jqs.exe
468 C:\Program Files\Google\Update\GoogleUpdate.exe
496 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
584 sqlservr.exe
2096 sqlbrowser.exe
2108 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2152 svchost.exe
2176 C:\WINDOWS\system32\svchost.exe
2288 C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
2340 C:\WINDOWS\system32\searchindexer.exe
2440 mcrdsvc.exe
2756 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
2824 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2860 C:\WINDOWS\system32\dllhost.exe
3196 alg.exe
3956 C:\WINDOWS\explorer.exe
1304 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
1832 C:\WINDOWS\system32\svchost.exe
2772 C:\WINDOWS\system32\wuauclt.exe
1916 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`0f863200 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-49

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

meksikatsi 16 Posting Whiz · Answer 3 · 2010-11-14T04:53:57+00:00

OTL was restarted and completed...having issues posting the files though...will attempt to post one at a time

OTL logfile created on: 11/13/2010 3:54:49 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

========== Processes (SafeList) ==========

PRC - [2010/11/13 12:05:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/10/27 01:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 16:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/02 01:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe

========== Modules (SafeList) ==========

MOD - [2010/11/13 12:05:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006/07/06 16:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/06/02 01:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2005/05/25 09:20:04 | 003,592,192 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySoftware\Small Business Pro\mysql\bin\mysqld-nt.exe -- (MysqlInventime)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/04/04 03:24:50 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iastor.sys -- (iaStor)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/24 09:13:26 | 000,005,365 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NetProbe.sys -- (NetProbe)
DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/09/01 10:48:33 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/23 16:02:02 | 001,095,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/05/16 13:37:50 | 000,229,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/05/10 00:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/10 00:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/10 00:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/10 00:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/10 00:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2004/09/07 10:16:04 | 000,020,992 | ---- | M] (MICRIUM TECHNOLOGIES CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBBulk.sys -- (USBBULK)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 10:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/12 10:56:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/11/10 08:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/10/17 18:12:21 | 000,000,000 | ---D | M]

[2008/09/12 05:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/07/07 10:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\izkwi3ur.default\extensions
[2010/11/12 10:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2010/04/09 03:42:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221364816500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 10:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 12:05:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/11/13 11:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD
[2010/11/12 21:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Scans for Daniweb
[2010/11/12 16:04:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7BC48736-44DE-4E73-A789-B700D1778AE5}
[2010/11/12 16:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
[2010/11/12 10:28:05 | 000,000,000 | ---D | C] -- C:\Bookmarks Backup 11.12.10
[2010/11/10 08:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
[2010/11/01 11:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Writing
[2010/10/29 12:06:03 | 000,000,000 | ---D | C] -- C:\BofA
[2010/10/27 08:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\hideip_firefox_plugin
[2010/10/27 08:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hide IP NG
[2010/10/27 08:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Hide IP NG
[2010/10/17 18:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 15:41:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/13 15:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/11/13 15:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/13 15:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 14:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/11/13 14:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/13 13:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/13 13:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/13 13:02:29 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/11/13 12:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/13 12:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/13 12:05:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/11/13 11:58:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 11:58:47 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SD).job
[2010/11/13 11:58:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2010/11/13 11:57:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 11:57:29 | 3748,085,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/13 11:40:44 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/11/13 11:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/11/13 11:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/13 11:12:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/11/13 10:54:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/13 10:30:20 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller(2).zip
[2010/11/13 10:03:45 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/13 07:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/11/13 07:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/13 06:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/13 06:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/13 05:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/11/13 05:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/13 04:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/11/13 04:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/13 03:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/11/13 02:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/13 02:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/12 16:34:54 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rnkmnfee.exe
[2010/11/12 16:33:45 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/11/12 16:27:01 | 000,012,554 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jonson 2010 Worksheet.xlsx
[2010/11/12 16:04:49 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2010/11/12 16:04:49 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uniblue RegistryBooster.lnk
[2010/11/12 10:56:06 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/12 10:56:06 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/12 10:34:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/12 10:34:55 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/12 10:24:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/11/12 10:24:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/12 10:20:13 | 000,012,627 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Instructions.docx
[2010/11/12 09:48:12 | 001,706,296 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\feast.JPG
[2010/11/12 09:14:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/12 08:56:42 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/12 08:56:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/12 01:32:01 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/10 14:06:04 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\.recently-used.xbel
[2010/11/09 14:12:10 | 000,010,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\REDLINE SC MAIL LIST.docx
[2010/11/09 10:34:00 | 000,253,440 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jonson 5300.11
[2010/11/09 10:23:05 | 000,440,871 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\atf-f-5300-11 filed 11.9.2010 Jonson Ammo.pdf
[2010/11/09 05:30:36 | 000,412,044 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\13 points.JPG
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/11/08 05:34:17 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Next.URL
[2010/11/07 11:37:56 | 000,531,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 11:37:56 | 000,105,136 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 09:47:19 | 000,011,748 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Providence Emergency Visit Oct 2010.docx
[2010/11/05 07:37:28 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/01 18:02:24 | 000,193,238 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AT&T Mobile Navigation voice mail.docx
[2010/11/01 08:37:36 | 000,027,914 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\NC bid.pdf
[2010/10/31 08:03:00 | 000,283,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\10 points.jpg
[2010/10/28 09:34:26 | 000,231,971 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\6PPC.pdf
[2010/10/27 08:32:42 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP NG.lnk
[2010/10/27 08:32:42 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Hide IP NG.lnk
[2010/10/27 03:26:41 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\The case was Jamison v.doc
[2010/10/27 03:15:35 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\lazzeroni ad in rec.guns.doc
[2010/10/24 12:50:55 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/21 19:51:24 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Hello rzap.doc
[2010/10/21 19:22:47 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\6.5 Jonson wikipedia entry copied before deleted 10.21.2010.doc
[2010/10/20 07:47:40 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WIKI Article 6.5 Jonson.doc
[2010/10/17 18:12:22 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/17 18:11:05 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jamison.doc
[2010/10/16 11:35:46 | 002,033,808 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chimeneas.pdf
[2010/10/16 01:02:02 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\shooting_range_guidance.doc
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/13 11:40:43 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/11/13 11:12:37 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/11/13 10:30:36 | 001,215,581 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller(2).zip
[2010/11/12 16:35:00 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rnkmnfee.exe
[2010/11/12 16:33:47 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/11/12 16:04:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2010/11/12 16:04:49 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2010/11/12 16:04:49 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uniblue RegistryBooster.lnk
[2010/11/12 14:39:41 | 3748,085,760 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/12 10:56:06 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/12 10:56:06 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/12 10:20:13 | 000,012,627 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Instructions.docx
[2010/11/12 09:44:53 | 001,706,296 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\feast.JPG
[2010/11/10 14:06:04 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\.recently-used.xbel
[2010/11/09 14:12:10 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\REDLINE SC MAIL LIST.docx
[2010/11/09 10:35:25 | 000,253,440 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jonson 5300.11
[2010/11/09 10:20:20 | 000,440,871 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\atf-f-5300-11 filed 11.9.2010 Jonson Ammo.pdf
[2010/11/09 05:30:35 | 000,412,044 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\13 points.JPG
[2010/11/08 05:34:17 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Next.URL
[2010/11/05 09:47:19 | 000,011,748 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Providence Emergency Visit Oct 2010.docx
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/11/04 07:06:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/11/04 07:06:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/11/01 18:02:24 | 000,193,238 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AT&T Mobile Navigation voice mail.docx
[2010/11/01 08:37:36 | 000,027,914 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\NC bid.pdf
[2010/10/31 08:03:00 | 000,283,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\10 points.jpg
[2010/10/28 09:34:26 | 000,231,971 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\6PPC.pdf
[2010/10/27 08:32:42 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP NG.lnk
[2010/10/27 08:32:42 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Hide IP NG.lnk
[2010/10/27 03:26:40 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\The case was Jamison v.doc
[2010/10/27 03:15:34 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\lazzeroni ad in rec.guns.doc
[2010/10/24 13:28:39 | 000,639,595 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\P1000022.JPG
[2010/10/21 19:51:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Hello rzap.doc
[2010/10/21 19:22:47 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\6.5 Jonson wikipedia entry copied before deleted 10.21.2010.doc
[2010/10/20 07:47:40 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WIKI Article 6.5 Jonson.doc
[2010/10/17 18:12:22 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/17 18:11:05 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jamison.doc
[2010/10/16 11:35:25 | 002,033,808 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chimeneas.pdf
[2010/10/16 01:02:02 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\shooting_range_guidance.doc
[2010/03/16 08:47:55 | 000,013,820 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\EAvy
[2010/03/16 08:47:55 | 000,013,820 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\EAvy
[2009/04/20 15:02:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\WebEasy.INI
[2009/03/24 09:13:26 | 000,005,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\NetProbe.sys
[2009/01/05 10:36:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/11/22 23:50:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/10/22 10:44:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/09/28 18:40:29 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/12 06:52:48 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/09/11 20:23:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/11 19:49:51 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/01 11:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 10:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 10:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 10:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 10:29:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 10:19:13 | 000,000,228 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 10:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 10:14:28 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/01 10:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 10:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 10:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 10:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 09:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 09:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 09:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/16 22:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/09 23:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mwigacc32.dll
[2004/07/26 09:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1999/01/22 09:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/11/18 15:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2008/09/28 18:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/09/01 10:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/09/01 10:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/12 16:04:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7BC48736-44DE-4E73-A789-B700D1778AE5}
[2010/11/13 02:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/12 10:24:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/12 10:34:55 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/13 12:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/13 11:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/13 14:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/13 13:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/13 15:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/11/13 03:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/11/13 05:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/11/13 04:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/13 02:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/11/13 06:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/11/13 07:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/11/12 08:56:42 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/11/12 10:24:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/11/12 10:34:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/11/13 12:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/11/13 11:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/11/13 14:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/11/13 13:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/11/13 04:51:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/11/13 15:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/11/13 04:51:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/11/13 04:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/13 06:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/13 05:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/13 07:29:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/12 08:56:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/13 11:58:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2010/11/13 11:58:47 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SD).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/04/07 16:45:42 | 000,077,312 | ---- | M] () -- C:\mbr.exe

< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/12 06:59:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/12 06:59:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/12 06:59:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/12 06:59:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 08:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\cmdcons\iastor.sys
[2006/07/06 08:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\HP\drivers\Intel_raid\iastor.sys
[2006/07/06 15:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2010/04/04 03:24:50 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iastor.sys
[2006/05/11 13:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\HP\drivers\Intel_6.0.0.1022_WHQL\iaStor.sys
[2006/05/11 13:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys
[2006/07/06 16:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\HP\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/08/30 15:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 15:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 15:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 7400 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\P1000022.JPG:Q30lsldxJoudresxAaaqpcawXc

< End of report >

meksikatsi 16 Posting Whiz · Answer 4 · 2010-11-14T04:56:50+00:00

I guess it wouldn't take that much info as that post worked...here's the extras file

OTL Extras logfile created on: 11/13/2010 3:54:49 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\TOPO! Explorer\te.exe" = C:\Program Files\TOPO! Explorer\te.exe:*:Enabled:TOPO! Explorer -- (National Geographic Maps)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\gnucash\bin\gnucash-bin.exe" = C:\Program Files\gnucash\bin\gnucash-bin.exe:*:Enabled:GnuCash Free Finance Manager -- ()
"C:\Program Files\gnucash\bin\gconfd-2.exe" = C:\Program Files\gnucash\bin\gconfd-2.exe:*:Enabled:GConf Settings Manager -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1646C815-9599-44FE-9AC2-062F9DC36919}" = TOPO! Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE59656-4104-44AA-00BF-D2546C7EA497}" = Tiger Woods PGA TOUR 06
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{887BD893-0EEF-46B4-9CEA-2691A6A45D92}" = Beta Brite Prism Messaging Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Belarc Advisor" = Belarc Advisor 7.2
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DBPix" = DBPix20
"DISCover" = DISCover
"EL" = Intel(R) Quick Resume Technology Drivers
"EZ A&D Firearms Records" = EZ A&D Firearms Records
"GnuCash_is1" = GnuCash 2.2.9
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hide IP NG_is1" = Hide IP NG 1.58
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Load From A Disk Version 5.0" = Load From A Disk Version 5.0
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"Password Unmask 2.0" = Password Unmask 2.0
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel(R) PRO Network Connections Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Reloaders Reference v9.3x74r" = Reloaders Reference v9.3x74r
"Rhapsody" = Rhapsody
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SmartDraw 2008" = SmartDraw 2008
"SmartDraw PDF Filter" = SmartDraw PDF Filter
"ST5UNST #1" = QuickDESIGN
"ST5UNST #2" = QuickLOAD
"ST5UNST #3" = QuickDESIGN (C:\Program Files\QuickDESIGN\)
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SmartDraw 2009" = SmartDraw 2009
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/23/2008 8:20:42 PM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\JONSONARMS\HPR65 failed, 00000005.

Error - 12/23/2008 9:58:06 PM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\JONSONARMS\HPR65 failed, 00000005.

Error - 12/23/2008 9:59:00 PM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\JONSONARMS\HPR65 failed, 00000005.

Error - 12/23/2008 9:59:31 PM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\JONSONARMS\HPR65 failed, 00000005.

Error - 12/24/2008 12:33:13 PM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\JONSONARMS\HPR65 failed, 00000005.

Error - 12/29/2008 9:23:58 AM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Rossanaoffice\bj\JonsonArms\images\Thumbs.db failed, 00000035.

Error - 12/29/2008 9:23:58 AM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Rossanaoffice\bj\JonsonArms\Jonson Home Page\Thumbs.db failed, 00000035.

Error - 12/29/2008 9:23:58 AM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Rossanaoffice\bj\JonsonArms\JonsonHPRiver 1.27\Thumbs.db failed, 00000035.

Error - 3/27/2010 6:36:03 AM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Rossanaoffice\Meksikatsi\Avanquest\Web Easy Professional 7\Clipart\Spheres\Ring_res.png
failed, 00000034.

Error - 11/13/2010 5:41:37 AM | Computer Name = MEKSIKATSI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: DriverScanListenThread: DeviceIoControl [IOCTL_AAVM_START_REQUEST_AND_SET_RESULTS/2]
failed, 000005AA.

[ Application Events ]
Error - 11/13/2010 8:06:37 AM | Computer Name = MEKSIKATSI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/13/2010 8:06:37 AM | Computer Name = MEKSIKATSI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/13/2010 9:36:30 AM | Computer Name = MEKSIKATSI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 11/13/2010 9:37:09 AM | Computer Name = MEKSIKATSI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 11/13/2010 10:19:24 AM | Computer Name = MEKSIKATSI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/13/2010 10:19:24 AM | Computer Name = MEKSIKATSI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/13/2010 10:19:24 AM | Computer Name = MEKSIKATSI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/13/2010 10:19:24 AM | Computer Name = MEKSIKATSI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/13/2010 11:18:38 AM | Computer Name = MEKSIKATSI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

[ OSession Events ]
Error - 12/21/2009 9:01:43 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5789
seconds with 4560 seconds of active time. This session ended with a crash.

Error - 12/21/2009 6:11:30 PM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32724
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 1/5/2010 9:47:17 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 871689
seconds with 7980 seconds of active time. This session ended with a crash.

Error - 1/30/2010 7:52:00 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72283
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 1/31/2010 11:53:25 PM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52472
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 3/28/2010 9:33:54 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39838
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 4/1/2010 6:56:15 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5805
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 4/1/2010 12:59:03 PM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21757
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 4/26/2010 9:00:53 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 425754
seconds with 3360 seconds of active time. This session ended with a crash.

Error - 9/13/2010 9:29:03 AM | Computer Name = MEKSIKATSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 433982
seconds with 11100 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/13/2010 12:57:46 PM | Computer Name = MEKSIKATSI | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/13/2010 12:57:50 PM | Computer Name = MEKSIKATSI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 11/13/2010 1:29:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 1:32:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At36.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 2:29:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 2:32:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At39.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 3:29:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 3:32:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At38.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 4:29:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942405

Error - 11/13/2010 4:32:00 PM | Computer Name = MEKSIKATSI | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error: %%2147942405

< End of report >

meksikatsi 16 Posting Whiz · Answer 5 · 2010-11-14T18:17:47+00:00

Thanks crunchie, I didn't use the registry booster, it just got downloaded as part of this issue, automatically I might add. It's gone now.

RunFix Log

All processes killed
========== FILES ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41 bytes

User: HP_Administrator
->Flash cache emptied: 1931747 bytes

User: LocalService
->Flash cache emptied: 19686 bytes

User: NetworkService
->Flash cache emptied: 14501 bytes

Total Flash Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3869997 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 83704845 bytes
->Temporary Internet Files folder emptied: 423867837 bytes
->Java cache emptied: 167055996 bytes
->FireFox cache emptied: 47818738 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 98335726 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 89366521 bytes
->Java cache emptied: 27 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5852177 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102421 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67279278 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 947.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11142010_065750

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_2b0.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat not found!

Registry entries deleted on Reboot...

Last OTL Quick Scan

All processes killed
========== FILES ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41 bytes

User: HP_Administrator
->Flash cache emptied: 1931747 bytes

User: LocalService
->Flash cache emptied: 19686 bytes

User: NetworkService
->Flash cache emptied: 14501 bytes

Total Flash Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3869997 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 83704845 bytes
->Temporary Internet Files folder emptied: 423867837 bytes
->Java cache emptied: 167055996 bytes
->FireFox cache emptied: 47818738 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 98335726 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 89366521 bytes
->Java cache emptied: 27 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5852177 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102421 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67279278 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 947.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11142010_065750

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_2b0.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat not found!

Registry entries deleted on Reboot...

The system seems to be stable...I'll be using it today and will post remarks this evening. Many thanks for the help. meksikatsi

meksikatsi 16 Posting Whiz · Answer 6 · 2010-11-15T02:45:15+00:00

Thanks for that tip.

crunchie, everything seems stable but the printers all got wiped earlier and they are still not functioning, in fact, there are no icons for my printers at all anymore. When I try to add a printer, it tells me the Print Spooler is not running.

Checking services, the print spooler IS running and set to automatic. When I try to "start" I get a message:

"Could not start the Print Spooler service on local computer. Error 2: The system cannot find the file specified."

I suppose the file is on D: since this is an HP machine and I don't have any system disks but I don't know how to find it or get it loaded.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 7 · 2010-11-15T02:50:16+00:00

Do you have the printer disc? I would try uninstalling the printer and installing again. Try getting the latest drivers from the printer manufacturers website.

meksikatsi 16 Posting Whiz · Answer 8 · 2010-11-15T03:17:04+00:00

Right. I don't have the printer disk, it's a very old printer plus it's installed on another older computer on my network that acts as my print server. I have other printers local to other network computers as well. All of them disappeared from the Printers and Faxes folder.

I can't uninstall the printer because it's not there. And I can't add a printer because services says the print spooler is "stopped". But when I click "Start" it gives me that message..."Cannot find the file specified.

After going to "services" I've found in Print Spooler Properties a Recovery Tab, but I'm not certain what I'm doing. It offers to select the computer's response if the service fails. You can "Run a Program" and I suppose I could specify D:/I386/SYSTEM32/spoolsv.exe but I'm thinking I should just copy this program into my system files instead. Again, I'm uncertain about this action so I'm refraining until I can get some solid advice. Thanks, m

ps. now that I've had a look at the C:/I386/SYSTEM32 folder, there is indeed no spoolsv.exe file there and, in fact, there's only two files in that folder (NTDLL.DLL and SMSS.EXE)...which is scaring me at this point. Since the D: recovery has a lot of I386 files, I'm wondering if the C:/I386 shouldn't have all those files too.

meksikatsi 16 Posting Whiz · Answer 9 · 2010-11-15T05:41:09+00:00

so nobody works on this printer issue, I copied the file from the recovery disk into the C:/I386 folder and was then able to restart the print spooler service - that did it and all my printers miraculously re-appeared.

Evidently, this nasty just erased the spooler.exe file and didn't affect anything else.

Thanks again, crunchie, this was the last issue and I'm marking this thread "solved"

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2010-11-15T07:25:57+00:00

crunchie 990 Most Valuable Poster

14 Years Ago

Cool. Glad to hear you got it sorted :)