Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Shaheedan.jpg virus on C: Drive

Started by Pete677 , Jul 10 2010 07:22 PM

  • Please log in to reply

#1
Pete677
Posted 10 July 2010 - 07:22 PM

Pete677

    Member

  • Member
  • PipPip
  • 77 posts
Hello again,
Having slow computer issues with my wifes computer now that mine was able to be fixed by Ralphie (Thanks Dude!)

I have the logs attached of Kaspersky, OTL and Extras.txt

Thanks GTG folks!

Attached Files


  • 0

Advertisements

#2
Pete677
Posted 10 July 2010 - 07:59 PM

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 10, 2010 14:18:52
Records in database: 4242417
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 150115
Threats found: 21
Infected objects found: 49
Suspicious objects found: 0
Scan duration: 05:34:18


File name / Threat / Threats count
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\actalert.exe.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.dp 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\istsvc.exe.bac_a05452 Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\lime wire pro 4.10.zip.bac_a05452 Infected: Trojan-Downloader.Win32.IstBar.us 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\nem220.dll.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\optimize.exe.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.ei 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\SAcc.exe.bac_a05452 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.m 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\wsem303.dll.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.dt 1
C:\Documents and Settings\HP_Administrator\.housecall\Quarantine\ysb.dll.bac_a05452 Infected: Trojan-Downloader.Win32.IstBar.ms 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.Beginto.f 2
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\4-efb7bab6499fc415ee93f4097033deae.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.Beginto.f 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\4F1.tmp.bac_a02000 Infected: Trojan-Downloader.Win32.PurityScan.eg 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0003764.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0003765.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0003766.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0003767.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0003768.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0003769.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0004878.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0004879.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\A0005895.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\actalert.exe.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.dp 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\catchme2007-12-24_170241.84.zip.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.clz 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\catchme2007-12-24_170241.84.zip.bac_a01784 Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\D3E.tmp.bac_a02000 Infected: Trojan-Downloader.Win32.PurityScan.eg 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\istsvc.exe.bac_a05452 Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\lime wire pro 4.10.zip.bac_a05452 Infected: Trojan-Downloader.Win32.IstBar.us 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\mirar_distro_876088.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.SaveNow.bj 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\nem220.dll.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\optimize.exe.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.ei 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\SAcc.exe.bac_a05452 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.m 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\SAcc.new.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.t 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\SAcc.prod.v1186.17jan2007.exe.15a56742d952e8b077a4327010c31784.bac_a03192 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.r 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\SAcc.prod.v1188.13fev2007.exe.b9c36c12ddec6d118174faf18c4d94dd.bac_a03192 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.t 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\SAccU.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.n 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\SmartShopper0.dll.bac_a03192 Infected: not-a-virus:AdWare.Win32.Beginto.f 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\TMP44C.tmp.bac_a02000 Infected: Virus.Win32.Trats.c 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\TMP470.tmp.bac_a02000 Infected: Trojan-Downloader.Win32.PurityScan.fe 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\TMP59.tmp.bac_a02000 Infected: Trojan-Downloader.Win32.PurityScan.fe 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\TMP66.tmp.bac_a02000 Infected: Trojan-Downloader.Win32.PurityScan.fe 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\udqtinlm.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\ujfaxdhw.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\updater.exe.bac_a03192 Infected: Trojan-Downloader.Win32.IstBar.oz 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\updater.prod.V101168.04avr2007.exe.065faba332214522c7e10197726c0106.bac_a03
192 Infected: Trojan-Downloader.Win32.IstBar.oz 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\updater.prod.V101168.05fev2007.exe.065faba332214522c7e10197726c0106.bac_a03
192 Infected: Trojan-Downloader.Win32.IstBar.oz 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\WapCHK.dll.bac_a03192 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\wsem303.dll.bac_a05452 Infected: Trojan-Downloader.Win32.Dyfuca.dt 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\wyxcahei.dll.bac_a01784 Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\ysb.dll.bac_a05452 Infected: Trojan-Downloader.Win32.IstBar.ms 1

Selected area has been scanned.
  • 0

#3
Pete677
Posted 10 July 2010 - 08:00 PM

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
OTL log:

OTL logfile created on: 7/10/2010 8:07:25 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 160.81 Gb Free Space | 71.52% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.42 Gb Free Space | 17.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANITAPATEL
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 20:06:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/07/06 18:25:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/27 20:18:20 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/27 20:18:18 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/28 12:01:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0220Mon.exe
PRC - [2006/06/09 01:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2004/09/29 21:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 20:06:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2004/09/29 21:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/07/06 18:25:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/06 18:25:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/06 18:25:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/06/29 00:58:28 | 000,146,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev)
DRV - [2006/06/08 03:00:52 | 000,006,272 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx)
DRV - [2005/04/15 20:05:42 | 002,564,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/11 19:22:14 | 000,085,248 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2005/01/19 19:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/07 11:26:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 18:29:13 | 000,000,000 | ---D | M]

[2009/01/10 19:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/07/10 10:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4rla564q.Anita\extensions
[2009/09/02 07:54:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4rla564q.Anita\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 18:24:01 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4rla564q.Anita\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/04/26 21:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4rla564q.Anita\extensions\[email protected]
[2010/06/02 07:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4yhbr3zt.default\extensions
[2009/03/06 16:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4yhbr3zt.default\extensions\ChoiceGuard@Microsoft
[2010/06/02 07:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4yhbr3zt.default\extensions\[email protected]
[2010/07/10 10:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/09/24 12:01:00 | 002,650,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/08/06 12:07:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/07/18 14:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260634846750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260634842312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/31 04:46:09 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{53d5d856-d0e0-11de-a3e0-002127f1c3d7}\Shell - "" = AutoRun
O33 - MountPoints2\{53d5d856-d0e0-11de-a3e0-002127f1c3d7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 10:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/09 23:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/09 23:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/09 23:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\xsahkcmys
[2010/07/03 22:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Temp
[2010/06/22 20:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/06/18 16:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\DAZZLER2010-2011
[2010/06/15 23:01:52 | 018,784,440 | ---- | C] (ooVoo LLC) -- C:\Documents and Settings\HP_Administrator\Desktop\ooVoo.exe
[2010/06/15 22:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ooVoo Details
[2010/06/15 22:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\oovooinstaller
[2010/06/11 08:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\SightSpeed
[2010/06/11 08:35:35 | 000,006,272 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\System32\drivers\V0220Vfx.sys
[2010/06/11 08:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Live! Cam Center
[2010/06/02 07:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\PlaySushi
[2010/05/10 20:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/05/09 19:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/05/09 19:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\WorldWinner.com, Inc
[2010/05/09 19:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Worldwinner

========== Files - Modified Within 90 Days ==========

[2010/07/10 20:08:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/07/10 20:01:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 20:01:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 20:01:40 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 20:00:09 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/10 20:00:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/10 19:38:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/07/10 19:18:04 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3981632477-2560148220-4024616735-1008UA.job
[2010/07/10 15:50:09 | 418,480,128 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\outlook.pst
[2010/07/10 15:10:24 | 379,600,896 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\archive.pst
[2010/07/10 10:38:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 22:18:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3981632477-2560148220-4024616735-1008Core.job
[2010/07/09 19:42:42 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/09 08:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/07 05:00:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/07/06 18:23:34 | 000,000,948 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/06 18:23:34 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/06 18:23:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 12:40:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\qbwcd.ini
[2010/07/03 14:10:04 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anjaliwork.doc
[2010/06/28 18:33:20 | 000,018,663 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\activiacoupon
[2010/06/28 18:29:16 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/06/25 12:45:00 | 002,983,342 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ALCvelapayment
[2010/06/25 06:53:59 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mozilla Firefox.lnk
[2010/06/25 06:49:58 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/25 06:49:58 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/22 11:47:32 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\medicalexpenses2010.xls
[2010/06/11 09:07:30 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 08:56:41 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2010/06/11 08:43:43 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SightSpeed.lnk
[2010/06/11 08:42:39 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative Photo Calendar.lnk
[2010/06/11 08:41:56 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative Photo Manager.lnk
[2010/06/11 07:44:25 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 07:28:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 14:21:03 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\referenceletterbanks042210.doc
[2010/06/07 12:00:39 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\yogiimmigrationletterjuly72010.doc
[2010/06/01 20:52:20 | 001,387,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\dazzler directory.doc
[2010/05/24 21:11:21 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 08:30:53 | 000,015,282 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\michaels.gif
[2010/05/20 07:13:47 | 000,851,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ANJALICHEETAH051710.ppt
[2010/05/19 08:32:54 | 000,040,119 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\anjalicheetah1.jpg
[2010/05/19 08:30:20 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView Thumbnails.lnk
[2010/05/19 08:30:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView.lnk
[2010/05/19 08:24:40 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to anjalicheetah.lnk
[2010/05/18 15:01:00 | 000,122,866 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\house1
[2010/05/18 15:01:00 | 000,102,308 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\house
[2010/05/18 14:48:00 | 002,869,668 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\house3
[2010/05/16 20:19:56 | 000,039,971 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\cheetah-mom-and-cub.jpg
[2010/05/16 16:46:04 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\anitaresume042110a.doc
[2010/05/13 21:20:21 | 000,016,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Cover letter for Anita.rtf
[2010/05/10 20:10:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/05/10 20:10:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/05/09 12:52:29 | 000,240,791 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\050110 pics 002.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 10:15:31 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\dbctransactions.doc
[2010/04/25 16:29:04 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\adoption essay.doc
[2010/04/24 16:27:31 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\referencelettersandy042310.doc
[2010/04/21 13:35:02 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anitaresume042110.doc
[2010/04/21 13:30:41 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\anitaresume.doc
[2010/04/21 12:52:33 | 000,179,965 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anitadegree.jpg
[2010/04/21 12:45:42 | 000,439,421 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\anitadiploma.JPG
[2010/04/21 12:44:42 | 000,181,418 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\danceclinic 002.jpg
[2010/04/14 20:21:21 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\honduras.doc
[2010/04/13 08:53:06 | 001,752,822 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sponsorlist0910.bmp

========== Files Created - No Company Name ==========

[2010/07/10 11:26:32 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 10:38:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/03 22:13:55 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3981632477-2560148220-4024616735-1008UA.job
[2010/07/03 22:13:54 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3981632477-2560148220-4024616735-1008Core.job
[2010/06/28 18:33:20 | 000,018,663 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\activiacoupon
[2010/06/25 12:45:00 | 002,983,342 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ALCvelapayment
[2010/06/25 06:53:59 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mozilla Firefox.lnk
[2010/06/25 06:49:58 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/25 06:49:58 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/23 19:25:41 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anjaliwork.doc
[2010/06/11 08:57:10 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2010/06/11 08:56:41 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2010/06/11 08:43:43 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SightSpeed.lnk
[2010/06/11 08:42:39 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Photo Calendar.lnk
[2010/06/11 08:41:56 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Photo Manager.lnk
[2010/06/11 08:35:36 | 000,006,132 | ---- | C] () -- C:\WINDOWS\VF0220.uns
[2010/06/11 08:35:34 | 000,130,304 | ---- | C] () -- C:\WINDOWS\System32\V0220Cvw.bff
[2010/06/07 12:00:21 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\yogiimmigrationletterjuly72010.doc
[2010/05/31 19:10:22 | 001,387,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\dazzler directory.doc
[2010/05/20 08:30:52 | 000,015,282 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\michaels.gif
[2010/05/19 08:31:52 | 000,040,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\anjalicheetah1.jpg
[2010/05/19 08:30:20 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView Thumbnails.lnk
[2010/05/19 08:30:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView.lnk
[2010/05/19 08:24:40 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to anjalicheetah.lnk
[2010/05/18 15:01:00 | 000,122,866 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\house1
[2010/05/18 15:01:00 | 000,102,308 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\house
[2010/05/18 14:48:00 | 002,869,668 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\house3
[2010/05/16 20:19:56 | 000,039,971 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\cheetah-mom-and-cub.jpg
[2010/05/16 18:20:35 | 000,851,456 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ANJALICHEETAH051710.ppt
[2010/05/13 16:46:40 | 000,016,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Cover letter for Anita.rtf
[2010/05/10 20:10:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/05/10 20:10:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/09 12:51:56 | 000,240,791 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\050110 pics 002.jpg
[2010/04/29 10:15:31 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\dbctransactions.doc
[2010/04/25 16:29:04 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\adoption essay.doc
[2010/04/24 16:27:30 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\referencelettersandy042310.doc
[2010/04/22 15:03:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\referenceletterbanks042210.doc
[2010/04/21 13:51:59 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\anitaresume042110a.doc
[2010/04/21 13:22:54 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anitaresume042110.doc
[2010/04/21 12:52:15 | 000,179,965 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anitadegree.jpg
[2010/04/21 12:45:42 | 000,439,421 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\anitadiploma.JPG
[2010/04/21 12:44:13 | 000,181,418 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\danceclinic 002.jpg
[2010/04/13 21:16:21 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\honduras.doc
[2010/04/13 08:53:04 | 001,752,822 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sponsorlist0910.bmp
[2009/11/12 19:48:09 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/11/09 20:21:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/11/09 20:21:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/04/27 20:32:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\qbwcd.ini
[2009/04/27 20:29:36 | 000,001,412 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2009/04/27 20:29:29 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2009/04/27 20:29:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2009/04/27 20:29:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2008/02/21 20:51:20 | 000,000,054 | ---- | C] () -- C:\WINDOWS\NetViewer16ch.INI
[2008/02/19 22:17:41 | 000,000,168 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/17 22:39:37 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/09/06 07:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/14 21:58:32 | 000,000,334 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/10 17:26:47 | 000,000,117 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/04/14 21:30:49 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2006/03/16 01:06:01 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/09 18:43:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/14 22:47:41 | 000,000,087 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/23 12:09:03 | 000,000,106 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/05/31 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 04:45:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/31 04:45:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/31 04:45:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/31 04:45:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/31 04:45:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/31 04:45:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/31 04:14:43 | 000,015,329 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/31 04:14:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/31 04:11:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 03:46:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/31 03:38:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/31 03:26:12 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/31 03:24:12 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/31 03:24:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/31 03:23:50 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 12:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/20 00:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/20 00:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 16:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 00:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[1999/03/21 20:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/05/30 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/08/20 15:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/12/06 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/14 18:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/09 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2008/12/06 07:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/12/30 19:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/10 19:38:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/06 12:26:12 | 000,001,864 | ---- | M] () -- C:\ASLog.txt
[2005/05/31 04:46:09 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/08 21:12:15 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/06 18:23:34 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/10 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/01/28 04:41:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/09/04 14:37:06 | 000,230,424 | ---- | M] () -- C:\DC6810xp-001.raw
[2007/07/11 21:30:23 | 000,026,950 | ---- | M] () -- C:\DF.Log
[2006/08/13 19:21:43 | 000,000,079 | ---- | M] () -- C:\dxerror.ini
[2010/07/10 20:01:40 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2007/07/11 21:30:22 | 000,002,512 | ---- | M] () -- C:\history.txt
[2005/01/28 04:41:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/17 16:38:21 | 000,001,817 | -H-- | M] () -- C:\IPH.PH
[2007/07/11 21:29:03 | 000,000,333 | ---- | M] () -- C:\iptest.txt
[2005/01/28 04:41:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/12 11:41:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 20:01:36 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 10:05:11 | 000,000,409 | ---- | M] () -- C:\rkill.log
[2009/11/17 19:43:57 | 000,008,885 | ---- | M] () -- C:\shaheedan.jpg
[2009/02/23 11:11:48 | 4084,658,176 | ---- | M] () -- C:\SlumDog.ISO
[2007/04/04 03:06:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/09/30 20:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/04/04 03:06:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/09/30 20:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/03/27 18:40:33 | 000,001,272 | ---- | M] () -- C:\tcpip.txt
[2009/11/08 16:39:46 | 000,000,743 | ---- | M] () -- C:\updatedatfix.log
[2006/03/31 14:34:49 | 000,000,000 | ---- | M] () -- C:\VETlog.dmp
[2006/03/31 14:34:49 | 000,009,243 | ---- | M] () -- C:\VETlog.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/01/28 04:40:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/06/19 02:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2009/02/06 20:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/27 20:28:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/27 20:28:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/27 20:28:56 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 12:28:28

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\Nick Games.mht:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
  • 0

#4
Pete677
Posted 10 July 2010 - 08:00 PM

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Extras.txt log:

OTL Extras logfile created on: 7/10/2010 8:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 160.81 Gb Free Space | 71.52% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.42 Gb Free Space | 17.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANITAPATEL
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Video FX Engine" = Advanced Video FX Engine
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Video IM User's Guide English" = Creative Live! Cam Video IM User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0220" = Creative Live! Cam Video IM Driver (1.01.01.00)
"HijackThis" = HijackThis 2.0.2
"hp officejet v series 1258073637" = hp officejet v series
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Playsushi" = Playsushi
"SightSpeed" = SightSpeed (remove only)
"SysInfo" = Creative System Information
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2010 2:48:09 PM | Computer Name = ANITAPATEL | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....7D652D3431.crt>
with error: This network connection does not exist.

Error - 7/10/2010 2:48:09 PM | Computer Name = ANITAPATEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 3:11:09 PM | Computer Name = ANITAPATEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 7/10/2010 3:11:28 PM | Computer Name = ANITAPATEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 7/10/2010 3:11:46 PM | Computer Name = ANITAPATEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 7/10/2010 3:17:05 PM | Computer Name = ANITAPATEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/10/2010 3:17:05 PM | Computer Name = ANITAPATEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 5:48:33 PM | Computer Name = ANITAPATEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 7/10/2010 5:51:31 PM | Computer Name = ANITAPATEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 7/10/2010 5:52:50 PM | Computer Name = ANITAPATEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 1/29/2010 9:35:16 PM | Computer Name = ANITAPATEL | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/30/2010 2:31:48 PM | Computer Name = ANITAPATEL | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2010 12:44:04 PM | Computer Name = ANITAPATEL | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 2/3/2010 7:00:38 AM | Computer Name = ANITAPATEL | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 2/3/2010 3:51:06 PM | Computer Name = ANITAPATEL | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP