Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lots of problems-Help needed

Started by burntb4 , Apr 14 2009 09:46 AM

  • Please log in to reply

#1
burntb4
Posted 14 April 2009 - 09:46 AM

burntb4

    New Member

  • Member
  • Pip
  • 2 posts
Hi all. Hope someone can help as it would be greatly appreciated.

My computer started doing all kinds of weird things -especially redirecting searchs and crashing/freezing. I have been to the Malware-Spyware cleaning guide and done the following:

Disconnected Modem and Router -rebooted-connected router and modem-rebooted.
can't REGISTER Trend Micro-(The email address you entered is invalid. Error Code: 0x90000009)


Ran ATF

Set a restore point

Ran ERUNT

Ran MALAWARE and here is the report:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

14/04/2009 10:58:48 AM
mbam-log-2009-04-14 (10-58-48).txt

Scan type: Quick Scan
Objects scanned: 80447
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------------------------------------------
Ran my Trend Micro security program.After finding the Trend Micro removal tool I deleted all instances of the program I could find and reloade it from the Trend micro Disk i have and then I updated from trend's site. Only problem is it syas my email address is not correct?? and it won't let me register for auto update??

Ran Windows Update

Set a new RESTORE POINT

Downloaded Rooter.exe to desktop and tried to run but it just opens in a small blue window with a flashing cursor in the upper left corner.

Ran OTL1 and here are the text log files:

OTListIt Extras logfile created on: 14/04/2009 12:34:15 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 74.91% Memory free
3.78 Gb Paging File | 3.48 Gb Available in Paging File | 91.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 244.76 Gb Free Space | 84.62% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32
Drive E: | 147.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.65 Gb Total Space | 433.41 Gb Free Space | 93.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAMPA
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype File not found
C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe:*:Enabled:Feeding Frenzy File not found
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD (CyberLink Corp.)
C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody (RealNetworks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44C05309-60F4-410B-BC32-31733CFF1A49}" = Microsoft Digital Image Suite Anniversary Edition Editor
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB259}" = Microsoft Digital Image Suite Anniversary Edition Library
"{50817E76-18D2-4AC5-874F-B7889062662F}" = Trend Micro Anti-Spam For Outlook Express
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}" = LightScribe Applications
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B609E018-8A33-4BA9-B3D4-C1FD5AECB88C}" = Greeting Card Factory 2.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 2006
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}" = LightScribe Template Labeler
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audacity_is1" = Audacity 1.2.6
"AwayMode160" = Microsoft Away Mode
"Belarc Advisor" = Belarc Advisor 7.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.1
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Photodex Presenter" = Photodex Presenter
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"PictureItSuite_v12" = Microsoft Digital Image Suite Anniversary Edition
"ProShow Gold" = ProShow Gold
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"TomTom HOME" = TomTom HOME 2.6.1.1549
"TweakNow PowerPack 2006 Professional_is1" = TweakNow PowerPack 2006 Professional
"TweakNow PowerPack Professional_is1" = TweakNow PowerPack Professional
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/04/2009 2:27:09 PM | Computer Name = GRAMPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 13/04/2009 2:31:06 PM | Computer Name = GRAMPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 13/04/2009 5:06:42 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 13/04/2009 5:23:49 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application ufnavi.exe, version 16.10.0.1182, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 13/04/2009 5:24:05 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application ufnavi.exe, version 16.10.0.1182, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 13/04/2009 5:24:33 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application ufnavi.exe, version 16.10.0.1182, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 13/04/2009 5:55:37 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.36.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.

Error - 13/04/2009 7:26:38 PM | Computer Name = GRAMPA | Source = MsiInstaller | ID = 1008
Description = The installation of E:\Setup\tmpcc.msi is not permitted due to an
error in software restriction policy processing. The object cannot be trusted.

Error - 13/04/2009 11:21:05 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application tmproxy.exe, version 2.0.0.1078, faulting module
unknown, version 0.0.0.0, fault address 0x10031e39.

Error - 13/04/2009 11:44:42 PM | Computer Name = GRAMPA | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.36.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.

[ System Events ]
Error - 13/04/2009 8:02:59 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 13/04/2009 8:15:53 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 13/04/2009 8:16:03 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 13/04/2009 8:21:23 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 13/04/2009 8:21:36 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 13/04/2009 11:21:20 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Proxy Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 13/04/2009 11:30:02 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 13/04/2009 11:30:05 PM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 14/04/2009 12:13:45 AM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 14/04/2009 12:13:48 AM | Computer Name = GRAMPA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >
-----------------------------------------------------

OTListIt logfile created on: 14/04/2009 11:09:25 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\geeksToGo
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 73.92% Memory free
3.78 Gb Paging File | 3.46 Gb Available in Paging File | 91.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 247.80 Gb Free Space | 85.67% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32
Drive E: | 147.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.65 Gb Total Space | 433.65 Gb Free Space | 93.13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAMPA
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 2006\PcCtlCom.exe (Trend Micro Incorporated.)
PRC - C:\Program Files\Trend Micro\Internet Security 2006\Tmntsrv.exe (Trend Micro Incorporated.)
PRC - C:\Program Files\Trend Micro\Internet Security 2006\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 2006\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe (Trend Micro Incorporated.)
PRC - C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Documents and Settings\HP_Administrator\Desktop\geeksToGo\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Capture Device Service [Disabled | Stopped]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (CCALib8 [Disabled | Stopped]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9a9a221b915c6 [Disabled | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Disabled | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PcCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2006\PcCtlCom.exe (Trend Micro Incorporated.)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RichVideo [Disabled | Stopped]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (ScsiAccess [Disabled | Stopped]) -- F:\Program Files\Photodex\ProShowGold\ScsiAccess.exe ()
SRV - (Tmntsrv [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2006\Tmntsrv.exe (Trend Micro Incorporated.)
SRV - (TmPfw [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2006\TmPfw.exe (Trend Micro Inc.)
SRV - (tmproxy [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2006\tmproxy.exe (Trend Micro Inc.)
SRV - (TomTomHOMEService [Disabled | Stopped]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (CXFALCON [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcwPP2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\system32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Tmfilter [Auto | Running]) -- C:\WINDOWS\system32\drivers\TmXPFlt.sys (Trend Micro Inc.)
DRV - (Tmpreflt [Auto | Running]) -- C:\WINDOWS\system32\drivers\Tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\System32\Drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tm_cfw [Auto | Running]) -- C:\WINDOWS\System32\Drivers\tm_cfw.sys (Trend Micro Inc.)
DRV - (Vsapint [Auto | Running]) -- C:\WINDOWS\system32\drivers\VsapiNT.sys (Trend Micro Inc.)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/05/23 13:11:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/04 12:27:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/01 18:01:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/01 18:01:48 | 00,000,000 | ---D | M]

[2009/04/01 18:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/04/01 18:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/05/13 12:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\[email protected]
[2009/02/01 16:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\[email protected]
[2009/04/01 18:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\7f0n7n2n.default\extensions
[2009/04/01 18:01:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/01 18:01:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (810 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" (Trend Micro Inc.)
O4 - HKLM..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" (Trend Micro Incorporated.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - http://www.gmcanada..../gm_bg_tile.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop Components:2 (Anfy SNOW) - C:\Program Files\AnfyTeam\Applet\ansnow\preview.html
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - E:\AUTORUN.INF () - [ CDFS ]
O32 - Autorun File - E:\Autorun.bmp () - [ CDFS ]
O32 - Autorun File - E:\Autorun.exe (Trend Micro Incorporated.) - [ CDFS ]
O32 - Autorun File - E:\Autorun.ico () - [ CDFS ]
O33 - MountPoints2\{68fac448-5bf4-11dd-aa21-0018f3ddd41f}\Shell\PlayWithPowerDVD\Command - "" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -- [2007/09/20 19:38:02 | 00,967,976 | ---- | M] (CyberLink Corp.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2005/09/28 09:05:04 | 00,999,491 | R--- | M] (Trend Micro Incorporated.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/14 11:00:05 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/14 10:59:56 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe
[2009/04/14 10:47:06 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 10:47:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/14 10:47:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/14 10:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/14 10:45:27 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009/04/13 20:00:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/04/13 19:29:11 | 20,788,55168 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 18:15:15 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/04/13 18:08:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/13 18:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/04/13 18:06:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/13 18:05:54 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/13 17:50:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/13 17:48:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/13 17:41:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\geeksToGo
[2009/04/13 14:30:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/04/13 14:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/13 13:35:13 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
[2009/04/13 10:02:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Copy of Family Pictures
[2009/04/13 10:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2009/04/13 10:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Family Pictures
[2009/04/13 10:00:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Slides
[2009/04/13 10:00:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/04/13 10:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2009/04/13 10:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Libby's Memorial
[2009/04/12 21:45:00 | 02,836,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\thank you 4 L, Mix (3).mp3
[2009/04/11 11:23:22 | 00,000,000 | ---D | C] -- C:\Program Files\LightScribe
[2009/04/11 11:22:18 | 00,000,000 | ---D | C] -- C:\Program Files\LightScribe Template Labeler
[2009/04/09 20:21:16 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/04/07 19:43:16 | 00,006,144 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\photothumb.db
[2009/04/03 14:36:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Libby's Memorial Service and Eulogy
[2009/04/03 11:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\LIB-Remembering Libby
[2009/04/03 10:53:18 | 00,264,641 | ---- | C] () -- C:\wildtangent.jar
[2009/04/03 10:53:18 | 00,167,936 | ---- | C] () -- C:\jdriver.dll
[2009/04/03 10:53:18 | 00,159,744 | ---- | C] () -- C:\rdriver.dll
[2009/04/03 10:53:17 | 00,009,168 | ---- | C] () -- C:\wcmdmgrl.exe
[2009/04/03 10:53:17 | 00,009,168 | ---- | C] () -- C:\wcmdmgr.exe
[2009/04/03 10:53:17 | 00,000,646 | ---- | C] () -- C:\wt.ini
[2009/04/03 10:53:17 | 00,000,000 | ---D | C] -- C:\wtwebdriver
[2009/04/03 10:53:17 | 00,000,000 | ---D | C] -- C:\wtupdater
[2009/04/03 10:53:17 | 00,000,000 | ---D | C] -- C:\WireControl
[2009/04/03 10:53:17 | 00,000,000 | ---D | C] -- C:\4.1.1
[2009/04/03 10:53:16 | 00,053,248 | ---- | C] () -- C:\wtvh.dll
[2009/04/03 10:53:16 | 00,000,251 | ---- | C] () -- C:\wt3d.ini
[2009/04/03 10:53:16 | 00,000,071 | ---- | C] () -- C:\wt3d.dll
[2009/04/03 10:53:16 | 00,000,020 | ---- | C] () -- C:\data.wts
[2009/04/03 10:53:16 | 00,000,000 | ---D | C] -- C:\webd
[2009/04/03 10:53:16 | 00,000,000 | ---D | C] -- C:\DRM
[2009/04/03 01:05:27 | 00,000,186 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Book (F).lnk
[2009/04/01 18:01:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/01 18:01:51 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/01 18:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/01 17:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Deployment
[2009/03/31 00:12:17 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/03/20 17:23:37 | 00,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/20 17:23:00 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/20 17:23:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/03/20 16:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads
[2009/03/20 16:18:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/01/26 00:44:37 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/30 17:22:30 | 00,000,004 | ---- | C] () -- C:\WINDOWS\DS445eeJData.dll
[2008/07/30 17:06:57 | 00,000,004 | ---- | C] () -- C:\WINDOWS\MRsdrfesa3J2.dll
[2008/05/15 15:13:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/30 16:03:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/29 00:59:28 | 00,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/11/05 18:35:31 | 00,000,010 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/19 12:35:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/25 14:24:30 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/27 01:13:16 | 00,000,336 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/26 17:24:20 | 00,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 17:22:42 | 00,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 17:22:36 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 17:22:34 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 17:22:30 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 17:22:24 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 17:22:14 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 17:22:04 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 17:21:46 | 00,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 17:21:38 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 17:21:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/21 16:32:10 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/02/12 15:21:22 | 03,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 15:21:22 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 15:21:22 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 15:21:22 | 00,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 15:21:22 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 15:21:22 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 15:21:22 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 15:21:22 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 15:21:22 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 15:21:22 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 15:21:22 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 15:21:22 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 15:21:22 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 15:21:22 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 15:21:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 15:21:22 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 15:21:22 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 15:21:22 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 15:21:22 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/16 02:12:10 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/25 19:40:21 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4FFA0F62DF.sys
[2006/12/12 21:34:38 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/11 19:43:43 | 00,002,162 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/12/11 19:22:44 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/16 16:56:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/16 16:36:46 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/11/16 16:32:00 | 00,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/11/16 16:31:55 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/11/16 16:28:49 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/16 16:17:55 | 00,000,315 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/16 16:17:18 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/11/16 16:09:18 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/11/16 16:08:01 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/16 16:08:01 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/16 16:08:01 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/16 16:08:01 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/16 16:08:01 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/16 16:08:01 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/16 16:08:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/16 16:06:48 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/16 15:45:49 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/11/16 15:45:49 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/11/16 15:45:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/07/07 11:51:02 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006/02/26 15:08:28 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/08/30 17:02:00 | 00,001,008 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 09:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 18:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 20:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/11/29 17:08:30 | 00,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2004/07/26 03:51:38 | 00,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/17 18:18:30 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/03/16 20:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[2009/04/14 11:05:00 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/14 10:59:56 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe
[2009/04/14 10:47:06 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 10:45:30 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009/04/14 10:44:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/14 10:43:02 | 00,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/14 10:42:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/14 10:42:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/14 10:42:33 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/14 09:05:11 | 00,000,223 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Yahoo!.url
[2009/04/14 08:39:47 | 00,000,521 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photobucket.url
[2009/04/13 18:38:49 | 00,001,008 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/13 18:38:49 | 00,000,279 | -HS- | M] () -- C:\boot.ini
[2009/04/13 18:38:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/13 18:15:15 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2009/04/13 18:14:35 | 00,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 13:35:13 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
[2009/04/13 10:18:58 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/04/13 10:04:38 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/12 22:13:59 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/12 21:45:00 | 02,836,446 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\thank you 4 L, Mix (3).mp3
[2009/04/11 23:48:20 | 00,082,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/10 13:44:23 | 00,006,144 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\photothumb.db
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/04 01:09:06 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PhotoScape.lnk
[2009/04/03 10:42:00 | 00,000,315 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/04/03 01:05:27 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to My Book (F).lnk
[2009/04/01 18:01:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/04/01 18:01:51 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/16 09:18:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 6598 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\Yahoo!.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\Photobucket.url:favicon
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP