Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Was infected with Vundo [Solved]

Started by bettei , Apr 28 2009 11:47 AM

  • This topic is locked This topic is locked

#1
bettei
Posted 28 April 2009 - 11:47 AM

bettei

    Member

  • Member
  • PipPipPip
  • 340 posts
My computer seems slow to load, and sounds like something is constantly running. By that I mean it sounds like it is running a virus program scanning all the time, I can hear it running louder than normally. Sorry I can't explain it better than that.

I notice that when Firefox loads, there are several things that appear in my lower left task bar, like I am being redirected before I get to my home page. Also, when I check my taskmanager, there are 55 programs running, and it seems unneeded.

I ran the Vundo removal link you posted. Then I did the ATF cleaner, and at the Firefox tab I selected all but my passwords, but got "no files were deleted". Tried again, same thing. And then I ran Malwarebytes. The first scan showed problems, but I am not sure I saved that log, since there was a mistake in trying to post it in here. So I just went through all these steps again, and ran Malwarebytes, and it showed no problems, and I hope I can post the logs successfully.
Malwarebytes' Anti-Malware 1.36
Database version: 2053
Windows 5.1.2600 Service Pack 3

4/28/2009 8:42:21 AM
mbam-log-2009-04-28 (08-41-58).txt

Scan type: Quick Scan
Objects scanned: 90193
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b26caa68-6ebf-4a30-a0f0-0a0bfe3da5dd} (Rogue.RegistryDefender5) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\ProgramData\RD Platinum v5.0 (Rogue.RegistryDefender) -> No action taken.
C:\ProgramData\RD Platinum v5.0\backup (Rogue.RegistryDefender) -> No action taken.

Files Infected:
C:\Program Files\mixfix.dll (Spyware.OnlineGames) -> No action taken.

Malwarebytes' Anti-Malware 1.36
Database version: 2053
Windows 5.1.2600 Service Pack 3

4/28/2009 12:36:35 PM
mbam-log-2009-04-28 (12-36-35).txt

Scan type: Quick Scan
Objects scanned: 89645
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Should I try to run something else now? I don't know why I can't clear the Firefox cache in the ATF cleaner.
Thanks

Edited by bettei, 28 April 2009 - 11:50 AM.

  • 0

Advertisements

#2
bettei
Posted 02 May 2009 - 06:47 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I am still hoping to get some help and advice on this problem. When I tried to run Rookit, I had to slick on it several times to get it to run. I got an error message and try again or continue.
So I hope I had done this right this time.
OTListIt logfile created on: 5/2/2009 7:31:13 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.25% Memory free
3.83 Gb Paging File | 3.45 Gb Available in Paging File | 90.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.65 Gb Total Space | 191.39 Gb Free Space | 70.72% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.19 Gb Free Space | 2.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 442.00 Gb Free Space | 94.90% Space Free | Partition Type: NTFS

Computer Name: BETTE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (HP)
PRC - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe ()
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
PRC - C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon [On_Demand | Stopped]) -- File not found
SRV - (AgereModemAudio [Auto | Running]) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (ELService [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [Disabled | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (HP)
SRV - (PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe ()
SRV - (VETMSGNT [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ELacpi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys (Intel Corporation)
DRV - (ELhid [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELhid.sys (Intel Corporation)
DRV - (ELkbd [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELkbd.sys (Intel Corporation)
DRV - (ELmon [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELmon.sys (Intel Corporation)
DRV - (ELmou [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELmou.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MXOPSWD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (VET-FILT [System | Running]) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VET-REC [System | Running]) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VETMONNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft...P...pdate&O1=b1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/06 18:15:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/15 14:48:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 16:37:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/30 16:37:57 | 00,000,000 | ---D | M]

[2008/12/20 12:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Extensions
[2008/12/20 12:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/01 17:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Firefox\Profiles\9rsjib6j.default\extensions
[2009/04/24 08:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Firefox\Profiles\9rsjib6j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/12/29 09:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Firefox\Profiles\9rsjib6j.default\extensions\{f152489f-b189-4550-81fd-7d996d242be7}-trash
[2009/05/01 16:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 16:37:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/26 12:33:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 23:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 23:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 19:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 19:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 19:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 19:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 19:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 19:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 19:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" (Maxtor Corporation)
O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108591
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: msn.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1210766804562 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/02 04:01:47 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 00,000,032 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/02 07:25:19 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/02 07:23:51 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\OTListIt2.exe
[2009/05/02 07:23:33 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Rooter.exe
[2009/05/01 20:46:19 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/01 20:43:41 | 00,781,909 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\RSIT.exe
[2009/05/01 07:57:48 | 00,001,745 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\HijackThis.lnk
[2009/05/01 07:57:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\HJTInstall.exe
[2009/05/01 07:46:34 | 56,875,533 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Abstract020_NTSCavi.zip
[2009/04/30 16:09:15 | 07,526,856 | ---- | C] (Mozilla) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Firefox Setup 3.0.10.exe
[2009/04/29 16:55:13 | 62,390,9515 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.pxc
[2009/04/29 16:55:12 | 00,841,665 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.bak
[2009/04/29 16:55:12 | 00,841,665 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.b01
[2009/04/29 16:55:12 | 00,841,664 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.b03
[2009/04/29 16:55:12 | 00,841,639 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.b02
[2009/04/29 16:55:12 | 00,812,220 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.psh
[2009/04/29 13:51:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4_psdata
[2009/04/28 12:01:05 | 00,902,454 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b07
[2009/04/28 12:01:05 | 00,900,119 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b06
[2009/04/28 12:01:05 | 00,900,119 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b05
[2009/04/28 12:01:05 | 00,872,280 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b08
[2009/04/28 12:01:05 | 00,872,226 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b09
[2009/04/28 12:01:05 | 00,859,939 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.bak
[2009/04/28 12:01:05 | 00,859,346 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b03
[2009/04/28 12:01:05 | 00,859,346 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b02
[2009/04/28 12:01:05 | 00,859,346 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b01
[2009/04/28 12:01:05 | 00,858,743 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b04
[2009/04/28 12:01:05 | 00,841,667 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.psh
[2009/04/27 18:16:54 | 00,028,672 | ---- | C] (6XGate Systems, Inc.) -- C:\WINDOWS\System32\regclass.dll
[2009/04/27 16:36:52 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\SysRestorePoint.exe
[2009/04/27 14:52:53 | 00,001,830 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Maxtor Manager.lnk
[2009/04/27 14:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2009/04/27 13:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/04/26 18:53:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3_psdata
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.bak
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b04
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b03
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b02
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b01
[2009/04/26 18:42:38 | 00,896,030 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.psh
[2009/04/26 16:39:21 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler slide2
[2009/04/26 16:38:06 | 00,946,572 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b04
[2009/04/26 16:38:06 | 00,936,112 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b03
[2009/04/26 16:38:06 | 00,936,112 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b02
[2009/04/26 16:38:06 | 00,931,852 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b01
[2009/04/26 16:38:06 | 00,931,019 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.psh
[2009/04/26 16:38:06 | 00,924,162 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.bak
[2009/04/26 15:36:34 | 00,001,244 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Untitled ProShow 1.psh
[2009/04/26 15:36:34 | 00,000,012 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Untitled ProShow 1.pxc
[2009/04/26 12:16:54 | 00,001,740 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\ProShow Gold.lnk
[2009/04/26 08:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/24 08:27:32 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\windows-kb890830-v2.9.exe
[2009/04/23 17:10:51 | 00,913,825 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.bak
[2009/04/23 17:10:51 | 00,913,824 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.psh
[2009/04/23 17:10:51 | 00,881,831 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b02
[2009/04/23 17:10:51 | 00,881,831 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b01
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b09
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b08
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b07
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b06
[2009/04/23 17:10:51 | 00,850,459 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b04
[2009/04/23 17:10:51 | 00,850,459 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b03
[2009/04/23 17:10:51 | 00,850,366 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b05
[2009/04/17 08:30:11 | 00,417,631 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\schaeffer jewelery appraisal.pdf
[2009/04/16 12:41:35 | 21,374,81216 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/16 06:44:22 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 06:44:22 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 06:44:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 06:44:21 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 06:44:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 06:44:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 06:44:20 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 06:44:20 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 06:44:19 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 10:30:57 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2009/04/14 10:30:56 | 00,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2009/04/14 10:30:56 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/04/14 10:30:56 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/04/14 10:30:55 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2009/04/14 10:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/04/14 10:30:04 | 00,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2009/04/14 10:30:04 | 00,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2009/04/14 10:30:04 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2009/04/14 10:30:04 | 00,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2009/04/14 10:30:03 | 00,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2009/04/14 10:30:03 | 00,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2009/04/14 10:30:03 | 00,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2009/04/13 14:49:07 | 00,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2009/04/13 14:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Netscape
[2009/04/13 14:48:56 | 00,000,000 | ---D | C] -- C:\Program Files\Photodex
[2009/04/13 14:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Photodex
[2009/04/12 15:33:44 | 00,000,810 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\VideoPad Video Editor.lnk
[2009/04/12 14:07:00 | 00,000,000 | ---D | C] -- C:\videooutput
[2009/04/12 14:03:58 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/12 14:03:58 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/04/12 14:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Smallvideosoft
[2009/04/11 14:55:06 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\muvee Technologies
[2009/04/11 14:54:17 | 00,001,252 | -H-- | C] () -- C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job
[2009/04/10 16:38:48 | 00,000,000 | ---D | C] -- C:\HASBRO
[2009/04/10 15:39:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/10 15:30:40 | 00,000,000 | ---D | C] -- C:\Program Files\Infogrames Interactive
[2009/04/10 07:57:50 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/04/10 07:57:50 | 00,025,244 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2009/04/10 07:57:50 | 00,005,600 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WINASPI.DLL
[2009/04/10 07:57:50 | 00,004,672 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WOWPOST.EXE
[2009/04/07 15:10:48 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty
[2009/04/07 14:26:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\dvdcss
[2009/04/07 13:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
[2009/04/06 16:48:46 | 00,001,523 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Recuva.lnk
[2009/04/06 16:48:46 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
[2009/04/06 12:36:06 | 00,006,144 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\VIDEO_TS.IFO
[2009/04/06 12:36:00 | 00,006,144 | ---- | C] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\VIDEO_TS.BUP
[2009/04/06 11:43:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Smart Panel
[2009/04/06 11:42:31 | 00,001,586 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\EPSON Smart Panel.lnk
[2009/04/06 11:40:50 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/04/06 11:40:50 | 00,073,216 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\ADE.DLL
[2009/04/06 11:40:50 | 00,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2009/04/06 11:40:50 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/04/06 11:30:28 | 00,000,000 | ---D | C] -- C:\Smart Panel
[2008/05/09 19:55:05 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/03/03 13:44:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/24 15:54:01 | 00,000,015 | ---- | C] () -- C:\WINDOWS\smapanel.ini
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/19 08:33:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/05/13 14:10:15 | 00,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/11/11 14:14:00 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/09/13 15:39:58 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/09/13 15:26:26 | 00,000,162 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 2400 Photo.ini
[2006/09/10 10:34:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/09/08 11:45:15 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/08/09 16:28:02 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/07 18:23:06 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2006/08/04 15:57:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/03 18:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/06/02 04:26:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/02 04:07:12 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/02 04:04:00 | 00,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/02 04:03:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/02 04:01:59 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/02 03:59:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 03:50:11 | 00,000,263 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/02 03:49:35 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/02 03:34:12 | 00,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/02 03:12:21 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/02 03:12:21 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/02 03:12:03 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/30 23:02:00 | 00,000,511 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 15:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/09 23:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/02 07:37:38 | 00,001,252 | -H-- | M] () -- C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job
[2009/05/02 07:23:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\OTListIt2.exe
[2009/05/02 07:23:33 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Rooter.exe
[2009/05/02 07:13:36 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/02 07:10:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/02 07:10:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\desktop.ini
[2009/05/02 07:10:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/02 07:10:20 | 21,374,81216 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/01 20:43:43 | 00,781,909 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\RSIT.exe
[2009/05/01 07:57:48 | 00,001,745 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\HijackThis.lnk
[2009/05/01 07:57:13 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\HJTInstall.exe
[2009/05/01 07:50:19 | 56,875,533 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Abstract020_NTSCavi.zip
[2009/04/30 16:37:59 | 00,001,613 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/30 16:23:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 16:10:05 | 07,526,856 | ---- | M] (Mozilla) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Firefox Setup 3.0.10.exe
[2009/04/30 16:03:34 | 00,000,511 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/30 16:03:34 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/04/30 16:03:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/30 12:34:15 | 62,390,9515 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.pxc
[2009/04/30 12:34:09 | 00,812,220 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.psh
[2009/04/30 12:09:09 | 00,001,740 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\ProShow Gold.lnk
[2009/04/30 12:07:48 | 00,841,665 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.bak
[2009/04/30 12:07:37 | 00,841,665 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.b01
[2009/04/29 17:03:14 | 00,841,639 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.b02
[2009/04/29 16:55:12 | 00,841,664 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\ty5.b03
[2009/04/29 16:54:48 | 00,841,667 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.psh
[2009/04/29 16:31:16 | 00,859,939 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.bak
[2009/04/29 15:51:56 | 00,859,346 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b01
[2009/04/29 15:45:42 | 00,859,346 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b02
[2009/04/29 15:45:17 | 00,859,346 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b03
[2009/04/29 15:42:07 | 00,858,743 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b04
[2009/04/29 13:40:41 | 00,900,119 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b05
[2009/04/29 13:21:17 | 00,900,119 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b06
[2009/04/29 13:13:43 | 00,902,454 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b07
[2009/04/29 11:36:21 | 00,872,280 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b08
[2009/04/29 09:43:44 | 00,872,226 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler4.b09
[2009/04/28 11:59:30 | 00,896,030 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.psh
[2009/04/28 11:30:29 | 00,931,941 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.bak
[2009/04/27 16:36:52 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\SysRestorePoint.exe
[2009/04/27 14:52:53 | 00,001,830 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Maxtor Manager.lnk
[2009/04/26 19:36:56 | 00,931,941 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b01
[2009/04/26 19:36:51 | 00,931,941 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b02
[2009/04/26 18:52:25 | 00,931,941 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b03
[2009/04/26 18:42:38 | 00,931,941 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler3.b04
[2009/04/26 18:17:35 | 00,931,019 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.psh
[2009/04/26 17:56:14 | 00,924,162 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.bak
[2009/04/26 17:48:33 | 00,931,852 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b01
[2009/04/26 17:34:56 | 00,936,112 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b02
[2009/04/26 17:34:25 | 00,936,112 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b03
[2009/04/26 16:38:06 | 00,946,572 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\tyler2.b04
[2009/04/26 15:43:04 | 00,000,012 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Untitled ProShow 1.pxc
[2009/04/26 15:36:34 | 00,001,244 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Untitled ProShow 1.psh
[2009/04/26 11:38:31 | 00,913,824 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.psh
[2009/04/26 11:36:30 | 00,913,825 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.bak
[2009/04/25 15:46:08 | 00,881,831 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b01
[2009/04/25 15:24:21 | 00,881,831 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b02
[2009/04/25 11:48:09 | 00,850,459 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b03
[2009/04/25 11:47:28 | 00,850,459 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b04
[2009/04/25 11:46:07 | 00,850,366 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b05
[2009/04/24 18:32:09 | 00,857,809 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b06
[2009/04/24 18:31:23 | 00,857,809 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b07
[2009/04/24 18:27:34 | 00,857,809 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b08
[2009/04/24 18:27:09 | 00,857,809 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Ty slideshow.b09
[2009/04/24 08:28:35 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\windows-kb890830-v2.9.exe
[2009/04/23 16:58:06 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/21 09:11:40 | 00,049,664 | -HS- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\Thumbs.db
[2009/04/20 15:51:19 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 41 PM.job
[2009/04/17 08:30:11 | 00,417,631 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\My Documents\schaeffer jewelery appraisal.pdf
[2009/04/16 18:08:03 | 00,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 18:08:02 | 00,557,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 18:08:02 | 00,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/12 15:33:44 | 00,000,810 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\VideoPad Video Editor.lnk
[2009/04/10 15:39:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2009/04/06 16:48:46 | 00,001,523 | ---- | M] () -- C:\DOCUME~1\HP_ADM~1.YOU\Desktop\Recuva.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 11:42:31 | 00,001,586 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\EPSON Smart Panel.lnk
[2009/04/06 11:37:43 | 00,000,162 | ---- | M] () -- C:\WINDOWS\EPSON Perfection 2400 Photo.ini
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
  • 0

#3
bettei
Posted 02 May 2009 - 06:51 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
And I wasn't sure if I posted the latest txt from the OT list. Sorry, but this is all pretty confusing to me. I am sorry if I am not doing something correctly.

OTListIt Extras logfile created on: 5/2/2009 7:31:13 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.25% Memory free
3.83 Gb Paging File | 3.45 Gb Available in Paging File | 90.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.65 Gb Total Space | 191.39 Gb Free Space | 70.72% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.19 Gb Free Space | 2.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 442.00 Gb Free Space | 94.90% Space Free | Partition Type: NTFS

Computer Name: BETTE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP (Hewlett-Packard)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP (Hewlett-Packard)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService File not found
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe:*:Enabled:PPCtlPriv (CA, Inc.)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM (Microsoft Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe:*:Enabled:LSSrvc (Hewlett-Packard Company)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22901BB7-2C57-409E-AF2F-56FFFEA41116}" = EPSON Photo Print
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD PixPlay_is1" = DVD PixPlay
"ERUNT_is1" = ERUNT 1.1j
"eTrust Suite Personal" = CA Internet Security Suite
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Photodex Presenter" = Photodex Presenter
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"PROSet" = Intel® Network Connections Drivers
"ProShow Gold" = ProShow Gold
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Silent Package Run-Time Sample" = EPSON PERF 2400 Guide
"ToolBox" = NCH Toolbox
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"WT005646" = SCRABBLE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2009 4:32:11 PM | Computer Name = BETTE | Source = Application Hang | ID = 1001
Description = Fault bucket 536289174.

Error - 4/26/2009 4:34:39 PM | Computer Name = BETTE | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2009 4:45:43 PM | Computer Name = BETTE | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2009 6:50:20 PM | Computer Name = BETTE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.YOUR-4DACD0EA75\MY
DOCUMENTS\TYLER2.BAK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 4/26/2009 6:50:20 PM | Computer Name = BETTE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.YOUR-4DACD0EA75\MY
DOCUMENTS\TYLER2.BAK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 4/30/2009 1:54:14 PM | Computer Name = BETTE | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2009 1:54:18 PM | Computer Name = BETTE | Source = Application Hang | ID = 1001
Description = Fault bucket 536289174.

Error - 4/30/2009 5:20:43 PM | Computer Name = BETTE | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 4/30/2009 5:21:00 PM | Computer Name = BETTE | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 4/30/2009 5:21:00 PM | Computer Name = BETTE | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

[ System Events ]
Error - 4/30/2009 5:21:01 PM | Computer Name = BETTE | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 4/30/2009 5:21:07 PM | Computer Name = BETTE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 4/30/2009 5:21:12 PM | Computer Name = BETTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/30/2009 5:21:12 PM | Computer Name = BETTE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 4/30/2009 5:21:12 PM | Computer Name = BETTE | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 4/30/2009 5:27:23 PM | Computer Name = BETTE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 5/1/2009 8:31:28 AM | Computer Name = BETTE | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 5/1/2009 8:31:28 AM | Computer Name = BETTE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 5/2/2009 8:11:58 AM | Computer Name = BETTE | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 5/2/2009 8:11:58 AM | Computer Name = BETTE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >
  • 0

#4
XmichouX
Posted 06 May 2009 - 08:48 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Welcome to the site! :) My name's XmichouX and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


Regards,
  • 0

#5
bettei
Posted 06 May 2009 - 09:29 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
Ok, I have run my anti malware without having my anitivirus turn on, and when I turned the virus protection back on, it found win32/sillyautorunAWH since I have posted in here. I will be in and out today with errands, but I wanted you to know that I will be checking back.
Thanks.
  • 0

#6
XmichouX
Posted 06 May 2009 - 11:25 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

My computer seems slow to load,

When I see your list of startup, i understand. You have too many programs which run at startup, do you want to take out some of those entries ?

1)
  • Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

2) Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2007/05/10 08:48:26 | 00,000,032 | ---- | M] () - J:\autorun.inf -- [ NTFS ]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

Regards,

Edited by XmichouX, 06 May 2009 - 11:26 AM.

  • 0

#7
bettei
Posted 06 May 2009 - 11:30 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
OTListIt logfile created on: 5/6/2009 6:07:50 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.39% Memory free
3.84 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.65 Gb Total Space | 190.42 Gb Free Space | 70.36% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.19 Gb Free Space | 2.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 441.99 Gb Free Space | 94.90% Space Free | Partition Type: NTFS

Computer Name: BETTE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (HP)
PRC - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe ()
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon [On_Demand | Stopped]) -- File not found
SRV - (AgereModemAudio [Auto | Running]) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (ELService [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [Disabled | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (HP)
SRV - (PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe ()
SRV - (VETMSGNT [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ELacpi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys (Intel Corporation)
DRV - (ELhid [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELhid.sys (Intel Corporation)
DRV - (ELkbd [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELkbd.sys (Intel Corporation)
DRV - (ELmon [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELmon.sys (Intel Corporation)
DRV - (ELmou [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELmou.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MXOPSWD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (VET-FILT [System | Running]) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VET-REC [System | Running]) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VETMONNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft...P...pdate&O1=b1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/06 18:15:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/15 14:48:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 16:37:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/30 16:37:57 | 00,000,000 | ---D | M]

[2008/12/20 12:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Extensions
[2008/12/20 12:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 08:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Firefox\Profiles\9rsjib6j.default\extensions
[2009/04/24 08:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Firefox\Profiles\9rsjib6j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/12/29 09:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\Firefox\Profiles\9rsjib6j.default\extensions\{f152489f-b189-4550-81fd-7d996d242be7}-trash
[2009/05/05 08:05:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 16:37:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/26 12:33:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 23:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 23:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 19:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 19:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 19:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 19:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 19:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 19:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 19:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" (Maxtor Corporation)
O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: msn.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1210766804562 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/02 04:01:47 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/06 12:41:12 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/05/06 12:41:14 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 00,000,032 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/06 12:44:11 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 12:41:12 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/06 12:33:34 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Flash_Disinfector.exe
[2009/05/06 10:05:21 | 00,014,028 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tymenu.mnu
[2009/05/06 08:28:22 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
[2009/05/06 08:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2009/05/06 08:22:17 | 17,973,184 | ---- | C] (Photodex Corporation) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\psgold_40_2548.exe
[2009/05/04 17:15:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial_psdata
[2009/05/04 17:02:17 | 49,552,925 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.pxc
[2009/05/04 17:02:17 | 00,199,238 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.bak
[2009/05/04 17:02:17 | 00,199,237 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.psh
[2009/05/04 17:02:17 | 00,199,210 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.b01
[2009/05/04 15:58:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/03 14:39:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/03 14:39:43 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/03 14:39:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/03 14:39:43 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/03 14:39:43 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/03 14:39:43 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/03 14:39:43 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/03 14:39:43 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/03 14:38:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/03 08:47:27 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ueq5jj08.exe
[2009/05/02 19:03:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My WinZip Files
[2009/05/02 10:59:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\settings.dat
[2009/05/02 10:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/02 10:46:12 | 00,440,854 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RootRepeal.rar
[2009/05/02 07:25:19 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/02 07:23:51 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTListIt2.exe
[2009/05/02 07:23:33 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Rooter.exe
[2009/05/01 20:46:19 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/01 20:43:41 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RSIT.exe
[2009/05/01 07:57:48 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HijackThis.lnk
[2009/05/01 07:57:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HJTInstall.exe
[2009/05/01 07:46:34 | 56,875,533 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Abstract020_NTSCavi.zip
[2009/04/29 16:55:13 | 93,117,9552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.pxc
[2009/04/29 16:55:12 | 00,841,665 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b03
[2009/04/29 16:55:12 | 00,841,665 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b02
[2009/04/29 16:55:12 | 00,841,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b05
[2009/04/29 16:55:12 | 00,841,639 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b04
[2009/04/29 16:55:12 | 00,812,414 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.psh
[2009/04/29 16:55:12 | 00,812,220 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b01
[2009/04/29 16:55:12 | 00,812,214 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.bak
[2009/04/29 13:51:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4_psdata
[2009/04/28 12:01:05 | 00,902,454 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b07
[2009/04/28 12:01:05 | 00,900,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b06
[2009/04/28 12:01:05 | 00,900,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b05
[2009/04/28 12:01:05 | 00,872,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b08
[2009/04/28 12:01:05 | 00,872,226 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b09
[2009/04/28 12:01:05 | 00,859,939 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.bak
[2009/04/28 12:01:05 | 00,859,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b03
[2009/04/28 12:01:05 | 00,859,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b02
[2009/04/28 12:01:05 | 00,859,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b01
[2009/04/28 12:01:05 | 00,858,743 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b04
[2009/04/28 12:01:05 | 00,841,667 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.psh
[2009/04/27 18:16:54 | 00,028,672 | ---- | C] (6XGate Systems, Inc.) -- C:\WINDOWS\System32\regclass.dll
[2009/04/27 16:36:52 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\SysRestorePoint.exe
[2009/04/27 14:52:53 | 00,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2009/04/27 14:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2009/04/27 13:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/04/26 18:53:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3_psdata
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.bak
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b04
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b03
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b02
[2009/04/26 18:42:38 | 00,931,941 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b01
[2009/04/26 18:42:38 | 00,896,030 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.psh
[2009/04/26 16:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler slide2
[2009/04/26 16:38:06 | 00,946,572 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b04
[2009/04/26 16:38:06 | 00,936,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b03
[2009/04/26 16:38:06 | 00,936,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b02
[2009/04/26 16:38:06 | 00,931,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b01
[2009/04/26 16:38:06 | 00,931,019 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.psh
[2009/04/26 16:38:06 | 00,924,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.bak
[2009/04/26 15:36:34 | 00,001,244 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Untitled ProShow 1.psh
[2009/04/26 15:36:34 | 00,000,012 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Untitled ProShow 1.pxc
[2009/04/26 08:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/24 08:27:32 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\windows-kb890830-v2.9.exe
[2009/04/23 17:10:51 | 00,913,825 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.bak
[2009/04/23 17:10:51 | 00,913,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.psh
[2009/04/23 17:10:51 | 00,881,831 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b02
[2009/04/23 17:10:51 | 00,881,831 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b01
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b09
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b08
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b07
[2009/04/23 17:10:51 | 00,857,809 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b06
[2009/04/23 17:10:51 | 00,850,459 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b04
[2009/04/23 17:10:51 | 00,850,459 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b03
[2009/04/23 17:10:51 | 00,850,366 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b05
[2009/04/16 12:41:35 | 21,374,81216 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/16 06:44:22 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 06:44:22 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 06:44:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 06:44:21 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 06:44:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 06:44:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 06:44:20 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 06:44:20 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 06:44:19 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 10:30:57 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2009/04/14 10:30:56 | 00,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2009/04/14 10:30:56 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/04/14 10:30:55 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2009/04/14 10:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/04/14 10:30:04 | 00,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2009/04/14 10:30:04 | 00,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2009/04/14 10:30:04 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2009/04/14 10:30:04 | 00,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2009/04/14 10:30:03 | 00,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2009/04/14 10:30:03 | 00,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2009/04/14 10:30:03 | 00,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2009/04/13 14:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Netscape
[2009/04/13 14:48:56 | 00,000,000 | ---D | C] -- C:\Program Files\Photodex
[2009/04/13 14:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Photodex
[2009/04/12 15:33:44 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2009/04/12 14:07:00 | 00,000,000 | ---D | C] -- C:\videooutput
[2009/04/12 14:03:58 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/12 14:03:58 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/04/12 14:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Smallvideosoft
[2009/04/11 14:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\muvee Technologies
[2009/04/11 14:54:17 | 00,001,202 | -H-- | C] () -- C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job
[2009/04/10 16:38:48 | 00,000,000 | ---D | C] -- C:\HASBRO
[2009/04/10 15:39:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/10 15:30:40 | 00,000,000 | ---D | C] -- C:\Program Files\Infogrames Interactive
[2009/04/10 07:57:50 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/04/10 07:57:50 | 00,025,244 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2009/04/10 07:57:50 | 00,005,600 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WINASPI.DLL
[2009/04/10 07:57:50 | 00,004,672 | ---- | C] (Adaptec) -- C:\WINDOWS\System\WOWPOST.EXE
[2009/04/07 15:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty
[2009/04/07 14:26:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\dvdcss
[2009/04/07 13:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
[2009/04/06 11:40:50 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/04/06 11:40:50 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/05/09 19:55:05 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/03/03 13:44:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/24 15:54:01 | 00,000,015 | ---- | C] () -- C:\WINDOWS\smapanel.ini
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/19 08:33:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/05/13 14:10:15 | 00,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/11/11 14:14:00 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/09/13 15:39:58 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/09/13 15:26:26 | 00,000,162 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 2400 Photo.ini
[2006/09/10 10:34:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/09/08 11:45:15 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/08/09 16:28:02 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/07 18:23:06 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2006/08/04 15:57:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/03 18:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/06/02 04:26:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/02 04:07:12 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/02 04:04:00 | 00,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/02 04:03:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/02 04:01:59 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/02 03:59:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 03:50:11 | 00,000,263 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/02 03:49:35 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/02 03:34:12 | 00,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/02 03:12:21 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/02 03:12:21 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/02 03:12:03 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/30 23:02:00 | 00,000,511 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 15:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/09 23:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/06 18:15:30 | 00,001,202 | -H-- | M] () -- C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job
[2009/05/06 17:31:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/06 17:29:50 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\desktop.ini
[2009/05/06 17:29:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/06 17:29:46 | 21,374,81216 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/06 17:29:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/06 12:34:28 | 00,000,511 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/06 12:34:28 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/05/06 12:34:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/06 12:33:35 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Flash_Disinfector.exe
[2009/05/06 10:25:17 | 93,117,9552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.pxc
[2009/05/06 10:21:40 | 00,812,414 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.psh
[2009/05/06 10:05:21 | 00,014,028 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tymenu.mnu
[2009/05/06 10:01:11 | 00,812,214 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.bak
[2009/05/06 08:41:27 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
[2009/05/06 08:26:15 | 17,973,184 | ---- | M] (Photodex Corporation) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\psgold_40_2548.exe
[2009/05/04 17:29:06 | 49,552,925 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.pxc
[2009/05/04 17:29:05 | 00,199,237 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.psh
[2009/05/04 17:14:18 | 00,199,238 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.bak
[2009/05/04 17:02:22 | 00,199,210 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\trial.b01
[2009/05/03 08:47:27 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ueq5jj08.exe
[2009/05/02 10:59:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\settings.dat
[2009/05/02 10:46:12 | 00,440,854 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RootRepeal.rar
[2009/05/02 07:23:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTListIt2.exe
[2009/05/02 07:23:33 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Rooter.exe
[2009/05/01 20:43:43 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RSIT.exe
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 11:54:18 | 00,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/01 07:57:48 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HijackThis.lnk
[2009/05/01 07:57:13 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HJTInstall.exe
[2009/05/01 07:50:19 | 56,875,533 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Abstract020_NTSCavi.zip
[2009/04/30 16:37:59 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/30 16:23:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 12:34:09 | 00,812,220 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b01
[2009/04/30 12:07:48 | 00,841,665 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b02
[2009/04/30 12:07:37 | 00,841,665 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b03
[2009/04/29 17:03:14 | 00,841,639 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b04
[2009/04/29 16:55:12 | 00,841,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ty5.b05
[2009/04/29 16:54:48 | 00,841,667 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.psh
[2009/04/29 16:31:16 | 00,859,939 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.bak
[2009/04/29 15:51:56 | 00,859,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b01
[2009/04/29 15:45:42 | 00,859,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b02
[2009/04/29 15:45:17 | 00,859,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b03
[2009/04/29 15:42:07 | 00,858,743 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b04
[2009/04/29 13:40:41 | 00,900,119 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b05
[2009/04/29 13:21:17 | 00,900,119 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b06
[2009/04/29 13:13:43 | 00,902,454 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b07
[2009/04/29 11:36:21 | 00,872,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b08
[2009/04/29 09:43:44 | 00,872,226 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler4.b09
[2009/04/28 11:59:30 | 00,896,030 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.psh
[2009/04/28 11:30:29 | 00,931,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.bak
[2009/04/27 16:36:52 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\SysRestorePoint.exe
[2009/04/27 14:52:53 | 00,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2009/04/26 19:36:56 | 00,931,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b01
[2009/04/26 19:36:51 | 00,931,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b02
[2009/04/26 18:52:25 | 00,931,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b03
[2009/04/26 18:42:38 | 00,931,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler3.b04
[2009/04/26 18:17:35 | 00,931,019 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.psh
[2009/04/26 17:56:14 | 00,924,162 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.bak
[2009/04/26 17:48:33 | 00,931,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b01
[2009/04/26 17:34:56 | 00,936,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b02
[2009/04/26 17:34:25 | 00,936,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b03
[2009/04/26 16:38:06 | 00,946,572 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\tyler2.b04
[2009/04/26 15:43:04 | 00,000,012 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Untitled ProShow 1.pxc
[2009/04/26 15:36:34 | 00,001,244 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Untitled ProShow 1.psh
[2009/04/26 11:38:31 | 00,913,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.psh
[2009/04/26 11:36:30 | 00,913,825 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.bak
[2009/04/25 15:46:08 | 00,881,831 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b01
[2009/04/25 15:24:21 | 00,881,831 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b02
[2009/04/25 11:48:09 | 00,850,459 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b03
[2009/04/25 11:47:28 | 00,850,459 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b04
[2009/04/25 11:46:07 | 00,850,366 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b05
[2009/04/24 18:32:09 | 00,857,809 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b06
[2009/04/24 18:31:23 | 00,857,809 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b07
[2009/04/24 18:27:34 | 00,857,809 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b08
[2009/04/24 18:27:09 | 00,857,809 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Ty slideshow.b09
[2009/04/24 08:28:35 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\windows-kb890830-v2.9.exe
[2009/04/21 09:11:40 | 00,049,664 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Thumbs.db
[2009/04/20 15:51:19 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 41 PM.job
[2009/04/16 18:08:03 | 00,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 18:08:02 | 00,557,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 18:08:02 | 00,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/12 15:33:44 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2009/04/10 15:39:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Edited by bettei, 06 May 2009 - 05:18 PM.

  • 0

#8
XmichouX
Posted 07 May 2009 - 10:03 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Have you still problems ?
Your log is clean.

You can delete this file as well :

C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ueq5jj08.exe

1) Launch MBAM.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2) Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

P.S : Please don't send me PM, ask your questions here if you have.

Regards,
  • 0

#9
bettei
Posted 07 May 2009 - 11:45 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I have a question...about that .exe file you said to remove from my desktop? I think that is just an autofix from Microsoft. I had to use it to reconnect the opening window wizard when you insert a cd. After running the Hijack program, I got no prompt at all when I inserted a CD, I had to go to my computer and right click on the icon to open and view the contents of the cd. I got that fixed on my own though.

I also wondered if my scan is clean, why do you want me to run that Kapersky program?

Malwarebytes' Anti-Malware 1.36
Database version: 2074
Windows 5.1.2600 Service Pack 3

5/7/2009 1:06:00 PM
mbam-log-2009-05-07 (13-06-00).txt

Scan type: Quick Scan
Objects scanned: 90770
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by bettei, 07 May 2009 - 03:56 PM.

  • 0

#10
XmichouX
Posted 08 May 2009 - 02:34 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Okay for the file.

I want to see the KAS log to see if it finds something :)

Regards,
  • 0

#11
bettei
Posted 08 May 2009 - 07:03 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
Before I run Kapersky, I would like to know these things:

Do I have to turn off my present CA antivirus to run Kapersky?
Will it ask me to uninstall my Ca antivirus?
Will that window prompt be gone again (the one that indentifies what Cd or DVd you inserted and what program you want to open it) be gone again after I run Kapersky?

If so, will there be a problem getting that window back again? That took me some time to get that back, and I am not sure how I even did it. I am a novice with computers, as you can tell.
Thanks
  • 0

#12
XmichouX
Posted 09 May 2009 - 04:14 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

You can turn off CA Antivirus, if there is a conflict between CA & Kaspersky.

No, it wont ask you to uninstall your Antivirus. It's just an online scan.

For the Windows Prompt, i don't see the correlation with this online scan, no. It's the Automatic Execution. Normally, you can try to execute it in the Panel Control, but at home, it doesn't work too.. And it's not virus related.

I don't understand. This windows prompt come back or not ?

Regards,
  • 0

#13
bettei
Posted 09 May 2009 - 11:49 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
Well the scan found nothing. Guess there is another reason besides viruses that is causing Proshow Gold to stop responding sometimes when I am working in the program. Thanks.
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 09, 2009 17:03:25
Records in database: 2151382
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Files scanned 136524
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:28:24

No malware has been detected. The scan area is clean.
The selected area was scanned.
  • 0

#14
XmichouX
Posted 10 May 2009 - 09:03 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Your PC is clean.

Prevention

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.Next, let's clean your restore points and set a new one:

~ Please download and run OTCleanIt
--> Click on the big CleanUp! button.

This Tool will delete all the tools we Used, if not, let me know which tools are still present !
It will also hide your hidden files etc.

~~ Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

~~~ Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    - Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):
  • Java™ 6 Update 5
  • Java™ 6 Update 7

- Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

To keep your operating system up to date visit weekly, and be aware of what emails you open and websites you visit.

You can too delete the tools we used for the disinfection.
Keep Malware Byte's Anti Malware.

~~~~ I invite to you now to (re)activating all your resident protections (Antivirus, Antispyware, Firewall.).
You must have access to your protections in the systray zone beside the tasks bar. If you have difficulties, does not hesitate to question me!
If it is not done, make sure that the automatic updates of Windows are activated!
Update correctly your Softwares (Java, Adobe, Flash.) thanks to Sotware Inspector (at Secunia)

~~~~~ How to protect myself ?

Here are some programs free for personal use :

Antivirus softs :


Antispyware softs :

  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Firewall :


Cleaners :

  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

I will keep the topic open for a couple more days, so if you have a further problem to post a reply into this thread :)

Regards,
  • 0

#15
Rorschach112
Posted 14 May 2009 - 11:41 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP