I am here with an issue that has been driving me insane over the last week or so. My XP computer is popping up a message stating that my pc is infected. when I click the x to close that message (weary of hitting OK) it loads another page that resembles a virus scanner. It has also opened popups to different websites (such as Nationwide Insurance). I have taken steps to rid my machine of this and it seems to have slowed the monster. However, I am not sure it is completely gone.
I haven't gotten the virus message today. But this morning I had a series of blank popups. Since then I emptied the Java temp files as another website had instructed (No popups since).
The reason I think it (or another) is still present is the fact that I cannot update my operating system. After my last attempt at ridding this thing, I decided to check for updates. When I got to the Microsoft site where it normally checks for possible updates, it tells me that it cannot perform the operation because one of 3 services is not on. The one in question is Automatic Updates. I can open the services and set it to Automatic and start it. But when I close the services dialog screen it reverts back to Disabled and Stopped. I might add that I am logged in as administrator.
What I have done thusfar... (logs to follow)
Previously ....
--Ran Comodo Antivirus
--Ran TrendMicro Online scan
--Ran Kasperski Online Scan (This morning. Will add info in logs)
--Ran MalwareBytes
--Ran Spybot Search and Destroy
--Ran VirtumundoBeGone (as directed by another "self-help" site)
Just now ......
--Ran the ATF Cleaner.
--Created a restore point.
--Ran Erunt
--Ran MalwareBytes (again)(Seems to have found nearly the same ones as before)
--Ran Rooter Root Kit
--Ran OTListIt2
--Tried to update Windows again. No luck.
Here are the log files ....
MalwareBytes Log (first run)
Malwarebytes' Anti-Malware 1.36 Database version: 1970 Windows 5.1.2600 Service Pack 3 4/11/2009 7:22:44 PM mbam-log-2009-04-11 (19-22-44).txt Scan type: Quick Scan Objects scanned: 92412 Time elapsed: 8 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 5 Registry Keys Infected: 7 Registry Values Infected: 5 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\zidewomi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vufayire.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kufefele.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\juyodufu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\savohofu.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88c75238 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8bf461a4 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zigovomaja (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zidewomi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zidewomi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\juyodufu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\savohofu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\savohofu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\vufayire.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\eriyafuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\juyodufu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hakaduki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kufefele.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\zidewomi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\pihuhiru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\savohofu.dll (Trojan.Vundo) -> Delete on reboot.MalwareBytes Today Part 1
Malwarebytes' Anti-Malware 1.36 Database version: 1970 Windows 5.1.2600 Service Pack 3 4/15/2009 5:43:10 PM mbam-log-2009-04-15 (17-43-06).txt Scan type: Quick Scan Objects scanned: 87972 Time elapsed: 11 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 5 Registry Keys Infected: 7 Registry Values Infected: 5 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\vubulaku.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\nahugoki.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\megafale.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\sewinuja.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\dujiyera.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88c75238 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zigovomaja (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8bf461a4 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vubulaku.dll -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vubulaku.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dujiyera.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\nahugoki.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\ikoguhan.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\rugifuye.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\eyufigur.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\sewinuja.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\dujiyera.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\megafale.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\vubulaku.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yaruleji.dll (Trojan.Vundo.H) -> No action taken.Malwarebytes Today Part 2
Malwarebytes' Anti-Malware 1.36 Database version: 1970 Windows 5.1.2600 Service Pack 3 4/15/2009 5:43:21 PM mbam-log-2009-04-15 (17-43-21).txt Scan type: Quick Scan Objects scanned: 87972 Time elapsed: 11 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 5 Registry Keys Infected: 7 Registry Values Infected: 5 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\vubulaku.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nahugoki.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\megafale.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sewinuja.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\dujiyera.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db377cba-1eae-4e59-a520-0cbf69ce7bd0} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88c75238 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zigovomaja (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8bf461a4 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vubulaku.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vubulaku.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dujiyera.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\nahugoki.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ikoguhan.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rugifuye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eyufigur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sewinuja.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\dujiyera.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\megafale.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vubulaku.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yaruleji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.Another scan found nothing.
Rooter Log
Microsoft Windows XP Professional (5.1.2600) Service Pack 3 C:\ [Fixed] - NTFS - (Total:277105 Mo/Free:3854 Mo) D:\ [Fixed] - FAT32 - (Total:9042 Mo/Free:943 Mo) E:\ [CD-Rom] (Total:1350 Mo/Free:0 Mo) F:\ [Removable] (Total:0 Mo/Free:0 Mo) G:\ [Removable] (Total:0 Mo/Free:0 Mo) H:\ [Removable] (Total:60 Mo/Free:34 Mo) I:\ [Removable] (Total:0 Mo/Free:0 Mo) Wed 04/15/2009|18:05 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe --Locked-- cmdagent.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe --Locked-- vsmon.exe ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\WINDOWS\arservice.exe ---------- C:\WINDOWS\eHome\ehRecvr.exe ---------- C:\WINDOWS\eHome\ehSched.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\nvsvc32.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\ehome\mcrdsvc.exe ---------- C:\WINDOWS\system32\SearchIndexer.exe ---------- C:\WINDOWS\system32\dllhost.exe ---------- C:\WINDOWS\System32\alg.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\WINDOWS\ehome\ehtray.exe ---------- C:\WINDOWS\ARPWRMSG.EXE ---------- C:\WINDOWS\eHome\ehmsas.exe ---------- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe --Locked-- cfp.exe --Locked-- zlclient.exe ---------- C:\WINDOWS\RTHDCPL.EXE ---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe ---------- C:\HP\KBD\KBD.EXE ---------- c:\windows\system\hpsysdrv.exe ---------- C:\WINDOWS\system32\NOTEPAD.EXE ---------- C:\Program Files\Internet Explorer\iexplore.exe ---------- C:\Program Files\Internet Explorer\iexplore.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! ----------------------\\ Cracks & Keygens.. C:\DOCUME~1\HP_ADM~1\Local Settings\Temporary Internet Files\Content.IE5\R1JA07MR\th_cracker[1].jpg C:\DOCUME~1\HP_ADM~1\Local Settings\Temporary Internet Files\Content.IE5\RDXF6TNE\crackman[1].gif 1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/15/2009|17:14 2 - "C:\Rooter$\Rooter_2.txt" - Wed 04/15/2009|18:06 ----------------------\\ Scan completed at 18:06OTListIt2 Log
OTListIt logfile created on: 4/15/2009 6:08:51 PM - Run 1 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.39% Memory free 3.78 Gb Paging File | 3.14 Gb Available in Paging File | 82.88% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 270.61 Gb Total Space | 251.76 Gb Free Space | 93.04% Space Free | Partition Type: NTFS Drive D: | 8.83 Gb Total Space | 0.92 Gb Free Space | 10.43% Space Free | Partition Type: FAT32 Drive E: | 1.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 60.58 Mb Total Space | 34.06 Mb Free Space | 56.23% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: MCKIN Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\WINDOWS\arservice.exe (Microsoft) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ARPWRMSG.EXE (Microsoft) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company) PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe (OldTimer Tools) [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard) SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices) DRV - (bb-run [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.) DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO) DRV - (ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.) DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider) DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP) DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation) DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (PRISM_USB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys (GlobespanVirata, Inc.) DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD) DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/22 20:28:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/15 16:20:42 | 00,000,000 | ---D | M] O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Reg Error: Key error. File not found O2 - BHO: (no name) - {db377cba-1eae-4e59-a520-0cbf69ce7bd0} - Reg Error: Key error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft) O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h () O4 - HKLM..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" (Sonic Solutions) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode (Promise Technology, Inc.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install () O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE () O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237755435146 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239827421515 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\sakiduru.dll) - c:\windows\system32\sakiduru.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ] O32 - Autorun File - D:\Autoexec.bat () - [ FAT32 ] O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2 C:\WINDOWS\System32\drivers\*.tmp files] [18 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2009/04/15 18:08:03 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe [2009/04/15 17:12:02 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/04/15 17:11:57 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe [2009/04/15 17:10:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/04/15 17:10:05 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk [2009/04/15 17:10:05 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk [2009/04/15 17:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/04/15 17:09:45 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt_setup.exe [2009/04/15 17:08:36 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\HP_Administrator\Desktop\SysRestorePoint.exe [2009/04/15 14:55:43 | 00,003,176 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\kasp_report.html [2009/04/15 09:31:35 | 20,788,55168 | -HS- | C] () -- C:\hiberfil.sys [2009/04/15 01:44:00 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe [2009/04/15 01:30:34 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009/04/15 01:29:18 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/04/15 01:29:18 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009/04/15 01:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/04/15 01:29:07 | 00,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/04/15 01:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009/04/15 01:29:04 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2009/04/15 01:28:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2009/04/15 01:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools [2009/04/15 01:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2009/04/14 10:44:46 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk [2009/04/14 10:44:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/04/14 10:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/04/08 17:07:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun [2009/04/06 13:27:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HP [2009/04/06 13:27:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Albums [2009/04/06 13:27:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage [2009/04/06 13:25:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP [2009/04/01 13:23:22 | 00,003,619 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\resume4-1-09.rtf [2009/04/01 11:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR [2009/04/01 11:22:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR [2009/04/01 11:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Downloads [2009/03/29 13:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes [2009/03/29 13:05:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/03/29 13:05:32 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/03/29 13:05:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/03/29 13:03:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/03/29 13:03:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/03/25 13:29:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/03/25 01:29:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM [2009/03/24 15:49:41 | 00,000,000 | ---D | C] -- C:\Net Share [2009/03/24 13:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2009/03/24 13:21:46 | 00,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk [2009/03/24 13:19:45 | 00,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/03/24 13:18:59 | 00,000,995 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/03/24 13:18:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2009/03/24 13:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP [2009/03/24 13:17:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2009/03/24 13:16:27 | 00,018,747 | ---- | C] () -- C:\WINDOWS\System32\HPCEAC06.HPI [2009/03/24 13:16:01 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2009/03/24 13:16:01 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys [2009/03/24 13:16:01 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2009/03/24 13:14:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2009/03/24 13:12:55 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys [2009/03/24 13:12:55 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys [2009/03/24 13:12:32 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys [2009/03/24 13:12:32 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys [2009/03/24 13:12:28 | 00,000,000 | -H-D | C] -- C:\Config.Msi [2009/03/24 13:08:18 | 00,147,613 | ---- | C] () -- C:\WINDOWS\hpoins21.dat [2009/03/24 13:08:18 | 00,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat [2009/03/23 14:50:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Search [2009/03/23 14:40:12 | 03,140,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB967715-x86-ENU.exe [2009/03/23 14:29:33 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/03/22 22:38:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/03/22 22:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2009/03/22 22:23:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2009/03/22 22:22:04 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/22 22:18:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2009/03/22 22:13:59 | 00,000,540 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\explorer.exe.lnk [2009/03/22 22:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe [2009/03/22 22:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe [2009/03/22 21:20:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/03/22 21:20:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! [2009/03/22 21:16:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo! [2009/03/22 21:16:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2009/03/22 21:15:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/03/22 21:14:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp [2009/03/22 21:14:01 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/03/22 20:38:03 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat [2009/03/22 20:27:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009/03/22 20:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009/03/22 20:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009/03/22 20:26:34 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009/03/22 20:26:34 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009/03/22 20:26:34 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009/03/22 20:26:33 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009/03/22 20:26:33 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009/03/22 20:26:33 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll [2009/03/22 20:26:33 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009/03/22 20:26:33 | 00,000,000 | ---D | C] -- C:\bdbeb58592501f8c2e8c361759e4 [2009/03/22 20:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities [2009/03/22 20:22:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search [2009/03/22 20:22:00 | 00,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/03/22 20:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2009/03/22 20:21:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2009/03/22 20:21:02 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll [2009/03/22 20:21:02 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll [2009/03/22 20:21:02 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll [2009/03/22 20:20:53 | 00,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009/03/22 20:20:32 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2009/03/22 20:10:51 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/03/22 20:10:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2009/03/22 20:10:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2009/03/22 19:19:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2009/03/22 19:18:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo [2009/03/22 19:18:22 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll [2009/03/22 19:18:22 | 00,110,992 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2009/03/22 19:18:22 | 00,080,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2009/03/22 19:18:22 | 00,024,336 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2009/03/22 19:18:20 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO [2009/03/22 19:13:38 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\RegScrubXP.lnk [2009/03/22 19:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\RegScrubXP [2009/03/22 19:06:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us [2009/03/22 19:06:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2009/03/22 19:06:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2009/03/22 19:06:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2009/03/22 19:06:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2009/03/22 19:04:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2009/03/22 19:04:02 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/03/22 19:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia [2009/03/22 19:02:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2009/03/22 18:58:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2009/03/22 18:58:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2009/03/22 18:50:17 | 00,666,624 | ---- | C] (GlobespanVirata, Inc.) -- C:\WINDOWS\System32\drivers\PRISMUSB.sys [2009/03/22 18:49:56 | 00,000,211 | RHS- | C] () -- C:\BOOT.BAK [2009/03/22 18:49:53 | 00,260,272 | RHS- | C] () -- C:\cmldr [2009/03/22 18:49:33 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/03/22 18:49:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss [2009/03/22 18:48:30 | 00,001,895 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RK551AA-ABA a1648x_YC_0Pavi_QMXF638_E64NAemMPA4_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.06_T060714_WXP2_L409_M1983_J300_7AMD_8Athlon 64 X2 Dual Core_92.2_#090322_N_Z14F12F20_G10DE0241.MRK [2009/03/22 18:45:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini [2009/03/22 18:45:13 | 04,307,956 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2009/03/22 18:45:13 | 00,048,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/03/22 18:45:13 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat [2009/03/22 18:45:12 | 00,000,087 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini [2009/03/22 18:45:10 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini [2009/03/22 18:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit [2009/03/22 18:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities [2009/03/22 18:45:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft [2009/03/22 18:45:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos [2009/03/22 18:45:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures [2009/03/22 18:45:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music [2009/03/22 18:45:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft [2009/03/22 18:45:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory [2009/03/22 18:45:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} [2009/03/22 18:45:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real [2009/03/22 18:41:43 | 00,000,183 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT [2009/03/22 18:40:06 | 00,000,000 | -HSD | C] -- C:\System Volume Information [2009/03/22 18:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Received Files [2009/03/22 18:36:47 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2009/03/22 18:36:47 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2009/03/22 18:36:47 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2009/03/22 18:36:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2009/03/22 18:36:47 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2009/03/22 18:36:46 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll [2009/03/22 18:36:46 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2009/03/22 18:36:46 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2009/03/22 18:36:46 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2009/03/22 18:36:44 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2009/03/22 18:36:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2009/03/22 18:36:39 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2009/03/22 18:36:39 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2009/03/22 18:36:38 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2009/03/22 18:36:38 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2009/03/22 18:36:33 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll [2009/03/22 18:36:33 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2009/03/22 18:36:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2009/03/22 18:36:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2009/03/22 18:36:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2009/03/22 18:36:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2009/03/22 18:36:29 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll [2009/03/22 18:36:28 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll [2009/03/22 18:36:28 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2009/03/22 18:36:26 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys [2009/03/22 18:36:26 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe [2009/03/22 18:36:23 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys [2009/03/22 18:36:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys [2009/03/22 18:36:21 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe [2009/03/22 18:36:20 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2009/03/22 18:36:20 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2009/03/22 18:36:20 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2009/03/22 18:36:20 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2009/03/22 18:36:20 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2009/03/22 18:36:20 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2009/03/22 18:36:20 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll [2009/03/22 18:36:20 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2009/03/22 18:36:19 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2009/03/22 18:36:19 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll [2009/03/22 18:36:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2009/03/22 18:36:19 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2009/03/22 18:36:19 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2009/03/22 18:36:19 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2009/03/22 18:36:19 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2009/03/22 18:36:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2009/03/22 18:36:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll [2009/03/22 18:36:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2009/03/22 18:36:18 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2009/03/22 18:36:18 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll [2009/03/22 18:36:16 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys [2009/03/22 18:36:16 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys [2009/03/22 18:36:16 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2009/03/22 18:36:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys [2009/03/22 18:36:16 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys [2009/03/22 18:36:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2009/03/22 18:36:07 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2009/03/22 18:36:06 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2009/03/22 18:36:05 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2009/03/22 18:36:05 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys [2009/03/22 18:36:05 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys [2009/03/22 18:36:05 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys [2009/03/22 18:07:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2009/03/22 18:07:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures [2009/03/22 18:07:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2009/03/22 18:05:52 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009/03/22 18:05:47 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2009/03/22 18:03:34 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2009/03/22 18:03:18 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2009/03/22 18:03:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2009/03/22 18:03:04 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2009/03/22 18:03:00 | 00,348,371 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2009/03/22 17:35:20 | 00,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk [2009/03/22 17:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2009/03/22 17:17:01 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2009/03/22 17:15:52 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2009/03/22 17:15:52 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2009/03/22 17:15:51 | 01,499,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2009/03/22 17:15:50 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/03/22 17:15:08 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2009/03/22 17:14:32 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2009/03/22 17:14:25 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2009/03/22 17:14:24 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2009/03/22 17:14:24 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2009/03/22 17:14:24 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2009/03/22 17:13:47 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2009/03/22 17:12:55 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys [2009/03/22 17:12:55 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2009/03/22 17:12:40 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2009/03/22 17:04:36 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\kb913800.exe [2009/03/22 17:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/03/22 17:01:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2009/03/22 16:58:12 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2009/03/22 16:58:12 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2009/03/22 16:58:11 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2009/03/22 16:58:11 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2009/03/22 16:58:11 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2009/03/22 16:58:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2009/03/22 16:56:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/09/08 07:40:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/09/08 07:20:26 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2006/09/08 07:14:30 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2006/09/08 07:14:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2006/09/08 07:11:13 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/09/08 06:59:31 | 00,000,249 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/09/08 06:58:51 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2006/09/08 06:53:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/09/08 06:50:05 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/09/08 06:50:05 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/09/08 06:50:05 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/09/08 06:50:05 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/09/08 06:50:05 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/09/08 06:50:05 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/09/08 06:50:04 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/09/08 06:48:36 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/09/08 06:26:29 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2006/06/16 14:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/31 00:02:00 | 00,000,542 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/30 16:52:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll [2004/09/16 23:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004/07/26 10:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [2 C:\WINDOWS\System32\drivers\*.tmp files] [18 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2009/04/15 18:08:08 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe [2009/04/15 17:50:06 | 00,000,183 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2009/04/15 17:49:10 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/04/15 17:46:07 | 00,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2009/04/15 17:46:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/04/15 17:45:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/04/15 17:45:48 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys [2009/04/15 17:44:54 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\hihetite [2009/04/15 17:44:24 | 04,307,956 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2009/04/15 17:12:01 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe [2009/04/15 17:10:05 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk [2009/04/15 17:10:05 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk [2009/04/15 17:09:51 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt_setup.exe [2009/04/15 17:08:39 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\HP_Administrator\Desktop\SysRestorePoint.exe [2009/04/15 16:37:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/04/15 14:55:43 | 00,003,176 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\kasp_report.html [2009/04/15 01:44:01 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe [2009/04/15 01:29:07 | 00,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/04/14 22:10:55 | 00,109,056 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\woyobopo.dll [2009/04/14 11:58:54 | 00,000,249 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2009/04/14 10:44:46 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk [2009/04/11 19:04:28 | 00,062,976 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\duyojaye.exe [2009/04/07 09:23:10 | 02,079,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/04/06 13:27:24 | 00,000,139 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat [2009/04/01 13:23:22 | 00,003,619 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\resume4-1-09.rtf [2009/03/29 13:05:32 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/03/24 13:22:41 | 00,147,613 | ---- | M] () -- C:\WINDOWS\hpoins21.dat [2009/03/24 13:22:15 | 00,000,542 | ---- | M] () -- C:\WINDOWS\win.ini [2009/03/24 13:21:46 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk [2009/03/24 13:19:45 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/03/24 13:18:59 | 00,000,995 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/03/23 14:40:25 | 03,140,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB967715-x86-ENU.exe [2009/03/22 22:22:05 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/22 22:14:23 | 00,000,540 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\explorer.exe.lnk [2009/03/22 21:26:13 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini [2009/03/22 21:16:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/03/22 20:34:52 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/03/22 20:34:52 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/03/22 20:30:04 | 00,533,140 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/03/22 20:30:04 | 00,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/03/22 20:30:04 | 00,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/03/22 20:22:00 | 00,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/03/22 20:10:51 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/03/22 19:21:57 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2009/03/22 19:18:20 | 00,155,384 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll [2009/03/22 19:18:20 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2009/03/22 19:18:20 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2009/03/22 19:18:20 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2009/03/22 19:13:38 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RegScrubXP.lnk [2009/03/22 19:07:13 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2009/03/22 19:02:07 | 00,250,048 | RHS- | M] () -- C:\ntldr [2009/03/22 18:49:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/03/22 18:48:32 | 00,001,895 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RK551AA-ABA a1648x_YC_0Pavi_QMXF638_E64NAemMPA4_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.06_T060714_WXP2_L409_M1983_J300_7AMD_8Athlon 64 X2 Dual Core_92.2_#090322_N_Z14F12F20_G10DE0241.MRK [2009/03/22 18:43:59 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2009/03/22 18:43:22 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK [2009/03/22 18:41:11 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini [2009/03/22 18:03:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2009/03/22 17:35:20 | 00,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >
OTListIt2 Extras Log
OTListIt Extras logfile created on: 4/15/2009 6:08:51 PM - Run 1 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.39% Memory free 3.78 Gb Paging File | 3.14 Gb Available in Paging File | 82.88% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 270.61 Gb Total Space | 251.76 Gb Free Space | 93.04% Space Free | Partition Type: NTFS Drive D: | 8.83 Gb Total Space | 0.92 Gb Free Space | 10.43% Space Free | Partition Type: FAT32 Drive E: | 1.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 60.58 Mb Total Space | 34.06 Mb Free Space | 56.23% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: MCKIN Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 0 "DisableNotifications" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe () C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( ) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Co.) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 (Adobe Systems Incorporated) C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation) [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3 "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2 "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1 "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0 "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F73459A3-36B8-42e4-A982-AAF06A44D508}" = C6200_doccd "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "AwayMode160" = Microsoft Away Mode "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "COMODO Internet Security" = COMODO Internet Security "ERUNT_is1" = ERUNT 1.1j "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPOCR" = HP OCR Software 9.0 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "RegScrubXP_is1" = RegScrubXP 3.25 "Spyware Doctor" = Spyware Doctor 6.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZoneAlarm" = ZoneAlarm [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 3/22/2009 8:35:29 PM | Computer Name = MCKIN | Source = Windows Search Service | ID = 3024 Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error - 3/24/2009 1:19:00 PM | Computer Name = MCKIN | Source = MsiInstaller | ID = 11904 Description = Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to register. HRESULT -2147220473. Contact your support personnel. Error - 3/27/2009 7:01:33 PM | Computer Name = MCKIN | Source = Windows Search Service | ID = 3024 Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error - 3/30/2009 8:00:36 PM | Computer Name = MCKIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcr71.dll, version 7.10.3052.4, fault address 0x000017fb. Error - 4/6/2009 1:25:18 PM | Computer Name = MCKIN | Source = Application Error | ID = 1000 Description = Faulting application hpqpse.exe, version 80.0.257.11, faulting module msxml3.dll, version 8.100.1048.0, fault address 0x0000b48b. Error - 4/15/2009 10:04:56 AM | Computer Name = MCKIN | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/15/2009 10:05:38 AM | Computer Name = MCKIN | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/15/2009 10:05:55 AM | Computer Name = MCKIN | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 3/27/2009 10:33:14 PM | Computer Name = MCKIN | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error - 3/28/2009 6:41:25 PM | Computer Name = MCKIN | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error - 3/28/2009 10:19:52 PM | Computer Name = MCKIN | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error - 3/29/2009 1:46:42 PM | Computer Name = MCKIN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde Error - 3/29/2009 1:46:43 PM | Computer Name = MCKIN | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. < End of report >
Did I miss anything? Let me know if any more info is needed. Any and all help is gratly appreciated.