Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknoqn Virus - Slow Computer/Email- virus

Started by snookers , May 04 2009 10:57 AM

  • Please log in to reply

#1
snookers
Posted 04 May 2009 - 10:57 AM

snookers

    Member

  • Member
  • PipPip
  • 47 posts
Hello, On my parents home computer, there must be some sort of virus. It randomly sends out emails to every one of their contacts, and is making their computer extremely slow. Please help as soon as possible.

Here is the OTLI2 scan result, Thank you so much for your quick reply.

OTListIt logfile created on: 04/05/2009 10:10:05 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

959.36 Mb Total Physical Memory | 329.09 Mb Available Physical Memory | 34.30% Memory free
2.26 Gb Paging File | 1.71 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.53 Gb Total Space | 130.85 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 8.76 Gb Total Space | 0.21 Gb Free Space | 2.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.EXE ()
PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Norton AntiVirus [Auto | Running]) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys (Symantec Corporation)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090501.001\IDSxpx86.sys (Symantec Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090503.022\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090503.022\NAVEX15.SYS (Symantec Corporation)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS (Symantec Corporation)
DRV - (SSFS0BB9 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSKBFD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (Webroot Software, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnime...upv2.0.0.11.cab? (Photo Upload Plugin Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\system32\WRLogonNTF.dll (Webroot Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (MuggleNet's Order of the Phoenix Movie Countdown (July 13)) - http://www.mugglenet...wn.php?o=july13
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/04 12:51:51 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/04 10:09:48 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/02 09:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\alot
[2009/04/18 11:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/16 21:04:11 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 21:04:09 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 21:04:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 21:04:07 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 21:04:06 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 21:04:06 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 21:04:04 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 21:04:03 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 21:04:03 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 21:03:03 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 21:03:02 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 21:03:01 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/07 18:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009/04/07 18:14:37 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2009/04/07 18:14:37 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2007/09/17 20:54:53 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/24 19:55:13 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/05/13 19:58:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/12/19 20:37:56 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/22 19:21:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/14 10:50:39 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/14 10:47:30 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/14 10:31:03 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/14 10:13:55 | 00,026,480 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/06/04 13:22:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/04 13:00:16 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/04 12:54:43 | 00,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/04 12:54:37 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/04 12:52:08 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/04 12:49:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/04 12:35:58 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/04 12:35:14 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/04 12:17:46 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/04 12:12:59 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/04 11:50:25 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 18:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 22:02:00 | 00,000,699 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 14:52:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 22:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 08:51:38 | 00,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 23:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 23:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/04 10:09:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/04 10:07:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/04 10:05:27 | 00,001,694 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L3EC13FACBAE945BAB30F67691F33F6DC.job
[2009/05/04 10:05:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/05/04 10:05:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 10:05:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 10:04:41 | 10,060,30848 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/04 07:53:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/04 07:53:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/03 20:00:00 | 00,001,694 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L732A7E04E07D40008FFDAAC128901DC3.job
[2009/05/03 20:00:00 | 00,001,694 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L4FBDAC4D0B84490B8DD6B145E00A0271.job
[2009/05/03 10:16:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/03 10:16:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/03 10:06:34 | 00,480,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/03 10:06:34 | 00,410,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/03 10:06:34 | 00,065,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/03 10:06:29 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2009/05/02 09:50:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/02 09:50:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/21 18:55:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/21 18:55:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/21 18:55:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/21 18:55:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/21 08:48:25 | 00,221,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/20 22:20:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/20 22:20:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/20 22:08:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/20 22:08:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/17 03:04:40 | 00,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/15 22:24:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/15 22:24:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/15 07:32:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/13 22:04:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/13 22:04:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/10 14:58:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/10 14:58:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/07 21:19:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/07 21:19:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/07 18:14:37 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2009/04/07 18:14:37 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2009/04/06 22:21:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/06 22:21:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/06 08:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 02:17:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/06 02:17:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/04 22:13:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/04 22:13:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
< End of report >

OTListIt Extras logfile created on: 04/05/2009 10:10:05 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

959.36 Mb Total Physical Memory | 329.09 Mb Available Physical Memory | 34.30% Memory free
2.26 Gb Paging File | 1.71 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.53 Gb Total Space | 130.85 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 8.76 Gb Total Space | 0.21 Gb Free Space | 2.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP (Hewlett-Packard)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP (Hewlett-Packard)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire ()
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\HP Games\Bejeweled 2 Deluxe\limewire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe (Microsoft Corporation)
C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe (Microsoft Corporation)
C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System (Digital Interactive Systems Corporation)
C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub (Digital Interactive Systems Corporation, Inc.)
C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Documents and Settings\Rebecca\My Documents\My Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Documents and Settings\Jacob\My Documents\LimeWire\Shared\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Graboid\GraboidVideo\1.4.0.0\DLManager\GraboidDLManager.exe:*:Disabled:SABnzbd-0.2.5 ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C32EA0-4A22-4919-979A-8700715865B8}" = Microsoft LifeCam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{2C4F001B-FC41-4607-B6AD-C6D54B998638}" = Instant Play Electric Guitar 2 CD-ROM
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.7
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B75A978D-A9B0-4344-871E-9145F237A237}" = Music Coach Player
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"DISCover" = HP Games 3.43.97
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.4
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 5.1.2
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ToggleEN Toolbar" = ToggleEN Toolbar
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WildTangent CDA" = WildTangent Web Driver
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT005519" = Ricochet Lost Worlds
"WT005643" = Mah Jong Quest
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/04/2009 2:46:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 10:34:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 10:39:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 10:44:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 10:49:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 10:54:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 10:59:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 11:04:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 11:09:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 26/04/2009 11:14:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

[ System Events ]
Error - 03/05/2009 11:06:16 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 03/05/2009 11:06:16 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 03/05/2009 8:09:20 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 03/05/2009 8:09:20 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 04/05/2009 9:51:02 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 04/05/2009 9:51:03 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 04/05/2009 12:06:42 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 04/05/2009 12:06:42 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 04/05/2009 12:06:42 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 04/05/2009 12:06:59 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >

Edited by snookers, 04 May 2009 - 10:59 AM.

  • 0

Advertisements

#2
emeraldnzl
Posted 07 May 2009 - 09:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi snookers,

I take it this is a different computer to the one Jimmy2012 is helping you with.

Nothing leaps out at me there.

Lets try some different things to see what comes up.

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download GMER from here

Unzip it to the desktop.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

So when you return please post
  • MBAM report
  • GMER rootkit revealer results
  • 0

#3
snookers
Posted 08 May 2009 - 02:48 PM

snookers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hey, Thankyou for your extremely fast response, I am at work right now, but as soon as i can I will post those results. Yes this is a different computer, figured it was time to fix everything at once.

Thank you again,

Christofer
  • 0

#4
emeraldnzl
Posted 08 May 2009 - 03:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP