Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google links are hijacked/programs attempt to download

Started by gopostal , Jun 14 2009 09:51 PM

  • Please log in to reply

#1
gopostal
Posted 14 June 2009 - 09:51 PM

gopostal

    Member

  • Member
  • PipPip
  • 11 posts
Guys I've run a multitude of scanners trying to rid this infection. I have found and removed multiple items but I cannot get this one whipped. My google links all redirect via hijack and I notice my connection speed is suffering greatly.

OTL:

OTL logfile created on: 6/14/2009 8:43:50 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.78% Memory free
3.85 Gb Paging File | 2.90 Gb Available in Paging File | 75.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 147.96 Gb Free Space | 63.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298.09 Gb Total Space | 270.09 Gb Free Space | 90.61% Space Free | Partition Type: NTFS

Computer Name: THETIMEWASTER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2005/08/02 17:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2009/05/19 08:32:50 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/02 17:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2005/07/19 18:32:18 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/10/31 11:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2009/06/14 17:20:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/19 08:32:51 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/06/14 17:20:46 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/26 10:05:52 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/05/19 08:32:52 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/02/26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/26 10:17:42 | 01,143,808 | ---- | M] (medium) -- C:\Documents and Settings\HP_Administrator\Desktop\Kelly's stuff\utServerMonitor271\utServerMonitor.exe
PRC - [2008/08/12 10:54:52 | 02,482,176 | ---- | M] (GlobalSCAPE Texas, LP.) -- C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
PRC - [2008/05/30 23:09:46 | 00,731,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\avenger.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/26 10:17:42 | 01,143,808 | ---- | M] (medium) -- C:\Documents and Settings\HP_Administrator\Desktop\Kelly's stuff\utServerMonitor271\utServerMonitor.exe
PRC - [2009/06/14 20:43:41 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/18 19:47:26 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/08/02 17:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/19 08:32:50 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - File not found -- -- (ESHLQX [Disabled | Stopped])
SRV - [2007/06/02 13:55:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/14 17:20:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/03/23 19:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [On_Demand | Stopped])
SRV - [2004/08/09 20:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/03/14 19:19:10 | 00,779,824 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/10/20 22:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Disabled | Stopped])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [Disabled | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - [2005/08/02 14:18:50 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2007/03/26 13:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [Disabled | Stopped])
SRV - File not found -- -- (Viewpoint Manager Service [Disabled | Stopped])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/01/25 17:24:30 | 01,149,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/11/01 15:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
DRV - [2004/08/03 22:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Running])
DRV - [2006/11/10 06:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ATITool.sys -- (ATITool [System | Stopped])
DRV - [2007/11/10 08:06:39 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/05/19 08:32:52 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/19 08:32:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2003/11/05 00:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - [2005/01/10 11:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [1998/07/10 05:31:00 | 00,007,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D [Auto | Stopped])
DRV - [2005/06/29 10:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2006/11/22 11:01:48 | 00,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/12/23 07:29:58 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])
DRV - [2005/06/16 23:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/10/25 07:29:00 | 04,623,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2007/11/10 08:06:38 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2005/05/27 02:31:28 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2003/07/22 00:44:18 | 00,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\system32\MLPTDR_Q.sys -- (MLPTDR_Q [Auto | Stopped])
DRV - [2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/07/29 09:11:02 | 00,034,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/07/29 09:11:04 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2005/01/10 11:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2007/06/15 03:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2007/02/06 20:13:06 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2005/05/27 02:38:00 | 00,007,136 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2005/05/27 02:46:22 | 00,913,280 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302AV.SYS -- (PID_08A0 [On_Demand | Stopped])
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2005/12/12 09:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/09 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/07/26 16:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 07:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/05/26 10:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/05/26 10:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/05/26 10:05:52 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/02/13 16:35:26 | 00,025,896 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\scramby.sys -- (scramby [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2001/06/21 22:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2001/06/21 22:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2007/09/02 20:24:02 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 35 73 C4 D5 EC C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/23 04:51:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/06/14 17:20:46 | 00,000,000 | ---D | M]

[2007/08/05 09:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\lt7zv7ua.default\extensions
[2007/08/05 09:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\lt7zv7ua.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/05 09:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\lt7zv7ua.default\extensions\staged-xpis

O1 HOSTS File: (306444 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper File not found
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta File not found
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1229300305734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229300295765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0349568e-a3ff-11db-86bc-00173136163d}\Shell - "" = AutoRun
O33 - MountPoints2\{0349568e-a3ff-11db-86bc-00173136163d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0349568e-a3ff-11db-86bc-00173136163d}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{b870b54d-acd4-11db-86d3-00173136163d}\Shell - "" = AutoRun
O33 - MountPoints2\{b870b54d-acd4-11db-86d3-00173136163d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b870b54d-acd4-11db-86d3-00173136163d}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\{dfc19c7f-a2b9-11db-86b4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dfc19c7f-a2b9-11db-86b4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea263ac4-59ce-11dc-8e64-0012175944b3}\Shell - "" = AutoRun
O33 - MountPoints2\{ea263ac4-59ce-11dc-8e64-0012175944b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea263ac4-59ce-11dc-8e64-0012175944b3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Setup.exe -- [2008/04/13 17:12:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/14 20:43:38 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[8 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[33 C:\WINDOWS\*.tmp files]
[2009/06/14 20:43:38 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/14 20:41:29 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/14 20:41:14 | 00,170,029 | ---- | C] (Eric_71) -- C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe
[2009/06/14 20:27:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/14 20:19:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/14 20:19:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/14 20:19:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/14 20:19:57 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/06/14 20:19:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/14 20:19:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/14 20:19:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/14 20:19:57 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/14 20:19:29 | 00,000,000 | ---D | C] -- C:\ComboFiqwef
[2009/06/14 20:19:27 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF8420.exe
[2009/06/14 20:17:23 | 00,000,000 | ---D | C] -- C:\ComboFix1
[2009/06/14 20:15:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpbh.sys
[2009/06/14 20:14:42 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\avenger.zip
[2009/06/14 20:06:26 | 00,992,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fsbl.exe
[2009/06/14 19:51:09 | 03,969,392 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\swordani.mpg
[2009/06/14 17:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/06/14 17:16:45 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/14 17:16:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/06/14 17:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/06/14 17:16:35 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/06/14 17:15:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/06/14 17:13:11 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/14 17:13:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/14 17:04:12 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2009/06/14 12:57:32 | 00,429,784 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\nukeiran.jpg
[2009/06/14 05:44:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\to the server
[2009/06/14 03:21:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\MappersDream
[2009/06/13 20:26:31 | 00,284,610 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\mappersdream.zip
[2009/06/13 19:37:23 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/13 19:37:23 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/13 19:37:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/13 19:37:02 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/13 19:35:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/13 11:14:11 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/06/13 11:08:35 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/06/13 11:08:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/12 13:12:42 | 02,208,164 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-IslandInvasion-lava.unr
[2009/06/12 05:03:36 | 00,007,704 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HermMod.zip
[2009/06/11 20:35:29 | 00,616,366 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-ATAA2-V3{fix}.unr
[2009/06/11 20:18:24 | 06,844,501 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-AsteroidComplex{fix}.unr
[2009/06/11 13:21:57 | 21,459,64032 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/11 09:12:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\97358746.ini
[2009/06/11 05:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
[2009/06/11 03:02:52 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/10 21:38:24 | 06,888,053 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-IndianaJones{hamp}.unr
[2009/06/09 21:24:32 | 00,000,000 | ---D | C] -- C:\Program Files\Fwink
[2009/06/09 18:48:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
[2009/06/09 11:48:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009/06/09 11:45:25 | 00,211,189 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/06/04 18:39:17 | 01,079,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\revosetup.exe
[2009/06/02 05:26:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\a1a
[2009/05/31 17:46:28 | 10,073,5560 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AssaultAddons.zip
[2009/05/27 14:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\serverlogos
[2009/05/25 19:05:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\working
[2009/05/25 11:25:00 | 00,079,752 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\slides-try-not-to-[bleep]-your-pants-demotivational-poster.jpg
[2009/05/24 10:50:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\junk
[2009/05/24 05:23:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\evo
[2009/05/24 05:14:02 | 13,948,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nuke_Evolution_Basic_v2.0.7.zip
[2009/05/24 05:09:17 | 00,344,299 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\blackened original.zip
[2009/05/20 04:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\UMH
[2009/05/17 09:44:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Server Backups
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 22:33:48 | 00,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/04/12 04:32:29 | 00,000,153 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/23 07:29:58 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/12/23 07:29:37 | 00,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/04 21:11:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2008/09/04 17:54:00 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2008/09/04 08:40:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/19 18:37:15 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2008/02/16 15:14:14 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/02/16 15:14:14 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/02/06 06:16:18 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C4C449644A.sys
[2008/02/06 06:16:17 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/12 09:16:09 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/09 04:18:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/09 04:16:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/09 04:16:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/12/27 08:26:41 | 00,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/25 12:37:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/12/11 12:43:44 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/10 08:16:29 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/11/10 08:06:39 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/11/10 08:06:38 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/11/04 17:02:50 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/11/01 17:23:36 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\data.dll
[2007/10/31 17:25:13 | 00,001,025 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007/10/30 17:08:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/17 19:56:31 | 00,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini
[2007/09/27 17:54:16 | 00,000,023 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/09/13 04:55:43 | 00,014,340 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2007/09/13 04:55:43 | 00,005,394 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2007/09/13 04:55:43 | 00,002,164 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2007/09/13 04:55:43 | 00,001,554 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2007/09/13 04:55:42 | 00,157,916 | ---- | C] () -- C:\WINDOWS\System32\pxyfil.dll
[2007/09/13 04:55:42 | 00,012,114 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2007/09/13 04:55:42 | 00,006,830 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2007/09/13 04:55:42 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2007/09/13 04:55:42 | 00,000,540 | ---- | C] () -- C:\WINDOWS\System32\srchfrgn.dll
[2007/09/13 04:55:41 | 00,022,384 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2007/09/13 04:55:41 | 00,017,488 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2007/09/13 04:55:41 | 00,016,732 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2007/09/13 04:55:41 | 00,012,486 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2007/09/13 04:55:41 | 00,007,036 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2007/09/13 04:55:41 | 00,000,670 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2007/09/13 04:55:41 | 00,000,116 | ---- | C] () -- C:\WINDOWS\System32\nfil.dll
[2007/09/13 04:55:40 | 00,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2007/09/13 04:55:40 | 00,007,582 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2007/09/13 04:55:40 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\igefil.dll
[2007/09/13 04:55:40 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\macfil.dll
[2007/09/13 04:55:40 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\lastupdate.dll
[2007/09/13 04:55:39 | 00,013,112 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2007/09/13 04:55:39 | 00,012,350 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2007/09/13 04:55:39 | 00,011,164 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2007/09/13 04:55:39 | 00,009,636 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2007/09/13 04:55:39 | 00,001,816 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2007/09/13 04:55:38 | 00,007,504 | ---- | C] () -- C:\WINDOWS\System32\auctfil.dll
[2007/09/13 04:55:38 | 00,001,790 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2007/09/13 04:55:38 | 00,000,400 | ---- | C] () -- C:\WINDOWS\System32\bsnlst.dll
[2007/09/13 04:55:38 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\bnrfil.dll
[2007/09/13 04:52:11 | 00,013,034 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2007/09/13 04:52:11 | 00,010,862 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2007/09/13 04:52:11 | 00,005,490 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2007/09/13 04:52:11 | 00,005,180 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2007/09/13 04:52:11 | 00,004,826 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2007/09/13 04:52:11 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2007/09/13 04:52:11 | 00,003,818 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2007/09/13 04:52:11 | 00,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2007/09/13 04:52:11 | 00,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2007/09/13 04:52:11 | 00,001,352 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2007/09/13 04:52:11 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\snetfil.dll
[2007/09/13 04:52:11 | 00,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2007/09/13 04:52:11 | 00,000,306 | ---- | C] () -- C:\WINDOWS\System32\picsfil.dll
[2007/09/13 04:52:11 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\srchout.dll
[2007/09/13 04:52:10 | 00,085,664 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2007/09/13 04:52:10 | 00,003,236 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2007/09/13 04:52:10 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2007/09/13 04:52:07 | 00,334,174 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2007/09/13 04:10:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2007/08/07 20:22:22 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/06/10 19:21:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/05/07 19:58:35 | 00,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/04/08 18:00:57 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\apache.dll
[2007/02/28 18:40:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2007/01/14 17:18:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/14 11:29:10 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/11/10 06:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/03/28 17:50:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/28 17:28:08 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/28 17:23:13 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/28 17:23:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/28 17:21:06 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/28 17:18:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/28 17:08:10 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/28 16:54:09 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/28 16:51:01 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/28 16:51:01 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/28 16:49:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/28 16:32:09 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/28 16:32:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/28 16:31:53 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 07:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 14:02:00 | 00,000,836 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 06:52:36 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/05/03 04:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/07/26 00:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/02 03:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/10/15 15:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/13 02:16:19 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/04/10 18:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[8 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[33 C:\WINDOWS\*.tmp files]
[2009/06/14 20:43:41 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/14 20:41:14 | 00,170,029 | ---- | M] (Eric_71) -- C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe
[2009/06/14 20:27:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/14 20:22:24 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/14 20:19:04 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF8420.exe
[2009/06/14 20:15:59 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\fpbh.sys
[2009/06/14 20:14:53 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\avenger.zip
[2009/06/14 20:07:21 | 00,992,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fsbl.exe
[2009/06/14 19:55:36 | 03,969,392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\swordani.mpg
[2009/06/14 17:32:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/14 17:32:27 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/06/14 17:31:50 | 00,205,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/14 17:31:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/06/14 17:31:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/14 17:31:20 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/14 17:16:45 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/14 17:13:11 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/14 17:04:12 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2009/06/14 13:37:22 | 37,117,043 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/14 13:37:22 | 00,077,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/14 12:57:35 | 00,429,784 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\nukeiran.jpg
[2009/06/14 12:18:45 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Redirect Server Checker.lnk
[2009/06/14 05:24:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/14 02:45:58 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/13 20:26:37 | 00,284,610 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\mappersdream.zip
[2009/06/13 19:43:11 | 00,306,444 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/13 19:39:47 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2009/06/13 17:57:08 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/06/13 11:14:11 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/06/13 11:11:20 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090613-194311.backup
[2009/06/13 11:08:35 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/06/12 13:12:42 | 02,208,164 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-IslandInvasion-lava.unr
[2009/06/12 05:03:36 | 00,007,704 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HermMod.zip
[2009/06/11 20:35:30 | 00,616,366 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-ATAA2-V3{fix}.unr
[2009/06/11 20:18:24 | 06,844,501 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-AsteroidComplex{fix}.unr
[2009/06/11 20:10:26 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/06/11 09:12:02 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\97358746.ini
[2009/06/11 03:11:38 | 01,735,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 03:02:52 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/10 22:11:30 | 06,888,053 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MH-IndianaJones{hamp}.unr
[2009/06/09 20:30:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/04 18:39:17 | 01,079,272 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\revosetup.exe
[2009/06/01 09:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/31 17:50:14 | 10,073,5560 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AssaultAddons.zip
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 11:25:00 | 00,079,752 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\slides-try-not-to-[bleep]-your-pants-demotivational-poster.jpg
[2009/05/24 05:14:12 | 13,948,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nuke_Evolution_Basic_v2.0.7.zip
[2009/05/24 05:09:17 | 00,344,299 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\blackened original.zip
[2009/05/19 08:32:52 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/19 08:32:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/19 08:32:52 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >



Extras:
OTL Extras logfile created on: 6/14/2009 8:43:50 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.78% Memory free
3.85 Gb Paging File | 2.90 Gb Available in Paging File | 75.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 147.96 Gb Free Space | 63.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298.09 Gb Total Space | 270.09 Gb Free Space | 90.61% Space Free | Partition Type: NTFS

Computer Name: THETIMEWASTER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"enablefirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/09/16 01:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/02/21 05:47:07 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/07/29 21:36:39 | 06,677,792 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5
[2008/04/26 10:17:42 | 01,143,808 | ---- | M] (medium) -- C:\Documents and Settings\HP_Administrator\Desktop\Kelly's stuff\utServerMonitor271\utServerMonitor.exe:*:Enabled:ut server monitor
[2008/07/22 06:08:55 | 00,241,664 | ---- | M] () -- C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2004/08/09 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp
[2009/01/01 13:21:27 | 00,241,664 | ---- | M] () -- K:\test UT install\System\UnrealTournament.exe:*:Enabled:UnrealTournament
[2008/10/19 07:55:48 | 00,241,664 | ---- | M] () -- K:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
[2008/08/12 10:54:52 | 01,549,824 | ---- | M] (GlobalSCAPE Texas, LP.) -- C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3895671-E56D-495E-AC28-25506C4419CC}" = RSC
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F432F2AE-F463-4491-A5FE-844849992F6E}" = Fwink
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AVG8Uninstall" = AVG Free 8.5
"AwayMode160" = Microsoft Away Mode
"CCleaner" = CCleaner (remove only)
"ConTEXTEditor_is1" = ConTEXT
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Defraggler" = Defraggler (remove only)
"DVDFab Platinum_is1" = DVDFab Platinum 3.1.5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0, build 24
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"GoldWave v5.25" = GoldWave v5.25
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"HijackThis" = HijackThis 2.0.2
"Home Ftp Server_is1" = Home Ftp Server 1.5.1.97
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"IsoBuster_is1" = IsoBuster 2.2
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marble Blast Gold" = Marble Blast Gold
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"PIXresizer_is1" = PIXresizer 1.0.9
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QcDrv" = Logitech® Camera Driver
"QuicktimeAlt_is1" = QuickTime Alternative 1.78
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealAlt_is1" = Real Alternative 1.51
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"ResumeMaker Professional" = ResumeMaker Professional
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SmartFTP Client_is1" = SmartFTP Client 2.5.1006.16
"Sound Editor Deluxe_is1" = Sound Editor Deluxe v3.9
"ST5UNST #1" = Unreal Editor
"SWF Opener" = SWF Opener
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.8.7
"Unreal Gold" = Unreal Gold
"UnrealTournament" = Unreal Tournament
"UT2003" = Unreal Tournament 2003
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"Video Converter 3" = Video Converter 3
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WebReaper_is1" = WebReaper v10
"WIC" = Windows Imaging Component
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2009 2:05:38 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 5/1/2009 2:06:05 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 5/1/2009 2:08:22 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application viewpointservice.exe, version 2.0.0.54, faulting
module viewpointservice.exe, version 2.0.0.54, fault address 0x00002250.

Error - 5/29/2009 10:15:00 AM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 5/29/2009 1:42:23 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.63.10476.0, faulting module
jvm.dll, version 5.0.50.5, fault address 0x0004089d.

Error - 6/9/2009 2:49:06 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application nvcplui.exe, version 2.2.390.0, faulting module
nvcpl.dll, version 6.14.10.8205, fault address 0x00191dfe.

Error - 6/9/2009 9:48:51 PM | Computer Name = THETIMEWASTER | Source = MsiInstaller | ID = 1013
Description = Product: NVIDIA PhysX -- Installation terminated

Error - 6/12/2009 1:30:33 AM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.63.10476.0, faulting module
opera.dll, version 9.63.10476.0, fault address 0x000b6813.

Error - 6/14/2009 11:22:27 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application vfind.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x00002338.

Error - 6/14/2009 11:22:39 PM | Computer Name = THETIMEWASTER | Source = Application Error | ID = 1000
Description = Faulting application pev.cfexe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x00002338.

[ System Events ]
Error - 6/13/2009 10:40:10 PM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7001
Description = The MLPTDR_Q service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 6/13/2009 10:40:10 PM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20

Error - 6/13/2009 10:40:10 PM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 6/14/2009 10:48:04 AM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/14/2009 10:48:04 AM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7001
Description = The MLPTDR_Q service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 6/14/2009 10:48:04 AM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20

Error - 6/14/2009 8:32:27 PM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/14/2009 8:32:27 PM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7001
Description = The MLPTDR_Q service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 6/14/2009 8:32:27 PM | Computer Name = THETIMEWASTER | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20

Error - 6/14/2009 8:51:56 PM | Computer Name = THETIMEWASTER | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{FABBA944-DA30-4DC9-A885-276AD12CA7E9}. The
backup browser is stopping.


< End of report >


Thank you for peeking at this.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP