Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/viruse/slowed Pc


  • This topic is locked This topic is locked
24 replies to this topic

#1 SgtLimbo

SgtLimbo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 02 October 2008 - 04:11 PM

Not really sure how this happned as I was overseas. My brother and a friend was here at my home to take care of my dog while I was away. When I got home I went to log on my pc and it was very slow from the last time I logged on. After I loaded up and was on my desktop I received a popup of adds. I ran norton full system scan and it found Trojan vudu or something wich norton after 4 scans and rebooting norton finally removed as it said. I still receive popups but not as much as I did the first time. Then I ran Adaware 6 just to see what it found and it seemed to find 1,436 infections, needless to say they are no longer allowed on my pc. I got HJT and ran it just before this post. This is the log that it made.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:53 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [f4158cf6] rundll32.exe "C:\WINDOWS\system32\gafllcwf.dll",b
O4 - HKLM\..\Run: [BMf726bf6a] Rundll32.exe "C:\WINDOWS\system32\gmjierio.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O20 - AppInit_DLLs: ygeuiv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10233 bytes

Please help me as my pc is slowed and seems its causing my pc to have a pause it seems aswell. Thank You for any and all help that can be given.

PS. forgot to mention that ive been getting alot of IE errors lately and programs closing ever sence the trojan was found on my pc and removed it but still believe that tere are still things hiding on my pc that are infecting my pc. please help.

Edited by SgtLimbo, 02 October 2008 - 07:25 PM.


BC AdBot (Login to Remove)

 


#2 SgtLimbo

SgtLimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 02 October 2008 - 09:18 PM

I came back from overseas wich I had my brother and a friend watch my dog wich they had access to my pc durring the time they were here. Now I get back and my pc had a trojan that norton found that was Trojan Vudu or Vuduo or something. I ran norton full system scan and after a while it removed the trojan from what it said but I still get alot of popups and with that my pc is running really slow. I cannt afford to lose the information on my pc due to that some of wich are very important documents. Please help me im in need of this being resolved. This is my HJT info

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:50 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [f4158cf6] rundll32.exe "C:\WINDOWS\system32\cbxxxxmb.dll",b
O4 - HKLM\..\Run: [BMf726bf6a] Rundll32.exe "C:\WINDOWS\system32\kkdouvtb.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O20 - AppInit_DLLs: sbywui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9849 bytes

PLEASE im in need of help and have no idea what I need to do. Thank You.

PS. yeah sorry about the second post I got caught up in work that I forgot I had already made a post of this. Any way the top post can be deleted so its still just 1 post not a double post? Sorry again about that wasnt trying too.

Edited by SgtLimbo, 03 October 2008 - 04:06 AM.
Merged topics. ~ OB


#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 03 October 2008 - 11:44 AM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt


Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 SgtLimbo

SgtLimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 03 October 2008 - 05:19 PM

sorry about the long delay on the reports. pc is taking 5mins to open a page now. here are the 2 reports you asked for.

OTViewIt logfile created on: 10/3/2008 5:13:59 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 464.08 Mb Available Physical Memory | 45.39% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.79 Gb Total Space | 89.08 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Drive D: | 15.60 Gb Total Space | 10.37 Gb Free Space | 66.46% Space Free | Partition Type: FAT32
Drive E: | 98.86 Gb Total Space | 9.49 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive F: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
Drive G: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYTHIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/06/13 15:02:50 | 00,239,264 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
[2008/01/08 16:36:34 | 00,177,512 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[2005/03/29 19:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
[2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[2005/02/25 14:45:26 | 00,992,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2008/01/08 16:36:34 | 00,185,704 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[2008/09/30 20:40:56 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/04/05 14:32:24 | 00,128,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
[2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2008/09/17 09:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
[2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/01/08 16:36:34 | 00,049,512 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[2005/05/12 09:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/05/12 10:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2005/02/02 18:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/09/27 03:30:59 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/10/03 17:11:26 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/30 20:40:56 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/01/08 16:36:34 | 00,185,704 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])
[2006/06/13 15:02:50 | 00,239,264 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -- (ccProxy [Auto | Running])
[2008/01/08 16:36:34 | 00,083,304 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])
[2008/01/08 16:36:34 | 00,177,512 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])
[2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/04/13 19:12:21 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxssvc.exe -- (Fax [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/09/27 02:34:49 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/03/29 19:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC [Auto | Running])
[2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/04/05 14:32:24 | 00,128,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -- (navapsvc [Auto | Running])
[2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2008/09/17 09:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
[2008/09/27 07:29:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Stopped])
[2005/08/26 14:22:48 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Stopped])
[2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
[2005/02/25 14:45:26 | 00,992,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
[2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
[2008/04/13 19:12:38 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/29 17:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/08/03 02:19:14 | 00,022,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aracpi.sys -- (aracpi [On_Demand | Running])
[2005/08/03 02:19:14 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arhidfltr.sys -- (arhidfltr [On_Demand | Running])
[2005/08/03 02:19:16 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arkbcfltr.sys -- (arkbcfltr [On_Demand | Running])
[2005/08/03 02:19:16 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\armoucfltr.sys -- (armoucfltr [On_Demand | Running])
[2005/08/03 02:19:14 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arpolicy.sys -- (ARPolicy [On_Demand | Running])
[2003/11/05 17:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
File not found -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT [On_Demand | Stopped])
[2008/09/17 11:18:12 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2005/06/30 03:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2005/10/21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/22 07:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/12/15 17:18:32 | 00,220,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/12/15 17:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/06/17 16:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [Disabled | Stopped])
[2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/08/10 12:45:04 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV [On_Demand | Stopped])
[2008/09/17 11:18:12 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081001.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/09/17 11:18:12 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081001.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/09/17 09:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 23:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2005/07/04 02:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/09/15 19:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 13:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2005/08/26 14:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
[2005/08/26 14:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/02/25 14:45:26 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/09/27 20:54:51 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/28 18:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2006/09/15 22:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/03/28 18:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/03/28 18:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 02:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080926.002\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2007/03/28 18:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2007/03/28 18:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/03/28 18:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 13:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2008/04/13 13:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2004/12/15 17:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Search Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Search Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{8bbf454c-3488-4348-94d6-32ded89b0c65} (HKLM) -- C:\WINDOWS\system32\hmfldu.dll ()
{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8} (HKLM) -- C:\WINDOWS\system32\khfCuSjK.dll File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{E3F6D0D0-09E0-43BE-8BEC-BA27BCD24FEC} (HKLM) -- C:\WINDOWS\system32\ljJASKde.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AlwaysReady Power Message APP"=ARPWRMSG.EXE (Microsoft)
"BMf726bf6a"=Rundll32.exe "C:\WINDOWS\system32\pltyndou.dll",s ()
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"DISCover"=C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"f4158cf6"=rundll32.exe "C:\WINDOWS\system32\sclodoih.dll",b ()
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"PCDrProfiler"= File not found
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[1999/11/07 02:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 12:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Connection Help -- C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Connection Help -- C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
trymedia.com: http in Trusted sites
trymedia.com: https in Trusted sites
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class

========== (O17) DNS Name Servers ==========

{00670B93-B7DF-4290-9260-387AA81BCD1F} (Servers: | Description: 1394 Net Adapter)
{892900FC-9814-4488-99C0-81491C1EE93D} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{D7B319B1-A3B0-4924-ABD3-81B15482ABB5} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=hmfldu.dll
>[2008/10/03 16:02:10 | 00,115,200 | ---- | M] () -- C:\WINDOWS\system32\hmfldu.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
khfCuSjK: "DllName" = khfCuSjK.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8}" (HKLM) -- C:\WINDOWS\system32\khfCuSjK.dll File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\ljJASKde,
>[2008/09/30 15:58:59 | 00,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ljJASKde.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/12/02 18:55:00 | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 06:01:14 | 00,000,053 | -HS- | M] () -- F:\Autorun.inf -- [ FAT32 ]

autorun []
[2006/09/25 11:01:39 | 04,386,816 | R--- | M] () -- G:\autorun.exe -- [ UDF ]

Autorun.exe [MZ | ]
[2006/09/25 11:01:39 | 04,386,816 | R--- | M] () -- G:\Autorun.exe -- [ UDF ]

Autorun.inf [[autorun] | icon=bf2142.ico | open=Autorun.exe | ]
[2006/09/25 11:01:39 | 00,000,046 | R--- | M] () -- G:\Autorun.inf -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\Autorun.exe -- [2006/09/25 11:01:39 | 04,386,816 | R--- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/03 17:11:24 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/03 16:02:10 | 00,115,200 | ---- | C] () -- C:\WINDOWS\System32\hmfldu.dll
[2008/10/03 16:02:09 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rjylohjr.dll
[2008/10/03 15:59:41 | 01,077,475 | -HS- | C] () -- C:\WINDOWS\System32\hiodolcs.ini
[2008/10/03 15:59:40 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\sclodoih.dll
[2008/10/03 15:59:32 | 00,104,960 | ---- | C] () -- C:\WINDOWS\System32\pltyndou.dll
[2008/10/03 10:42:33 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PSO BB.lnk
[2008/10/03 09:51:26 | 00,000,000 | ---D | C] -- C:\Program Files\Phantasy Star Online Blue Burst
[2008/10/03 09:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\PSO BB private server
[2008/10/02 19:21:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sbywui.dll
[2008/10/02 19:21:38 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmcadjqf.dll
[2008/10/02 19:18:46 | 01,065,202 | -HS- | C] () -- C:\WINDOWS\System32\bmxxxxbc.ini
[2008/10/02 19:18:46 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cbxxxxmb.dll
[2008/10/02 19:18:38 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kkdouvtb.dll
[2008/10/02 16:02:29 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to HijackThis.exe.lnk
[2008/10/02 16:01:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/10/02 15:11:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/10/02 14:42:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008/10/02 00:38:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\SEGA
[2008/10/02 00:38:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2008/10/02 00:36:00 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2008/10/02 00:36:00 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2008/10/02 00:22:55 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PHANTASY STAR UNIVERSE Illuminus.lnk
[2008/10/02 00:22:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SEGA
[2008/10/02 00:14:10 | 00,000,000 | ---D | C] -- C:\SEGA
[2008/10/01 19:24:02 | 00,948,375 | -HS- | C] () -- C:\WINDOWS\System32\fwcllfag.ini
[2008/10/01 19:18:28 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ygeuiv.dll
[2008/10/01 19:18:27 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uivvcowq.dll
[2008/10/01 19:18:08 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gmjierio.dll
[2008/09/30 23:25:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Jumper
[2008/09/30 21:25:53 | 00,000,484 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW Acolytes.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 20:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 20:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 20:36:26 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2008/09/30 20:36:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/09/30 19:18:03 | 00,949,008 | -HS- | C] () -- C:\WINDOWS\System32\tvsboyjr.ini
[2008/09/30 19:17:57 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rjyobsvt.dll
[2008/09/30 19:17:35 | 00,113,020 | ---- | C] () -- C:\WINDOWS\BMf726bf6a.xml
[2008/09/30 19:17:22 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mishvlej.dll
[2008/09/30 16:14:36 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/30 16:14:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/09/30 16:13:56 | 00,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/30 16:04:24 | 00,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/30 16:04:18 | 00,000,000 | ---D | C] -- C:\ProgramData
[2008/09/30 16:04:11 | 00,004,634 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/30 16:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
[2008/09/30 16:00:02 | 00,949,008 | -HS- | C] () -- C:\WINDOWS\System32\xxcbbpud.ini
[2008/09/30 16:00:02 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qqafqx.dll
[2008/09/30 16:00:01 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lacbsyoa.dll
[2008/09/30 15:59:01 | 00,894,971 | -HS- | C] () -- C:\WINDOWS\System32\edKSAJjl.ini
[2008/09/30 15:59:01 | 00,894,564 | -HS- | C] () -- C:\WINDOWS\System32\edKSAJjl.ini2
[2008/09/30 15:58:55 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ljJASKde.dll
[2008/09/30 15:53:51 | 00,034,304 | ---- | C] () -- C:\WINDOWS\System32\ljJDVmJy.dll
[2008/09/30 10:46:14 | 00,000,322 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Deskjet 5400 series.job
[2008/09/30 10:31:27 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2008/09/30 10:15:04 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/09/30 10:15:04 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/09/30 10:14:58 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/09/30 10:14:58 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/09/30 00:03:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Full Movies
[2008/09/29 23:50:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/29 17:49:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/29 17:49:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/29 17:49:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/29 17:49:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/29 17:48:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/29 17:41:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/29 08:30:07 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TimeShift.lnk
[2008/09/29 08:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra Entertainment
[2008/09/29 08:16:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
[2008/09/29 06:18:43 | 00,000,000 | ---D | C] -- C:\Program Files\SOFTMAX
[2008/09/29 05:29:15 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2008/09/29 03:33:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SPORE
[2008/09/28 23:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Game Folders
[2008/09/28 21:55:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\NOS
[2008/09/28 21:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/28 21:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/09/28 15:41:36 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2008/09/28 15:07:25 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2008/09/27 21:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\The Incredible Hulk
[2008/09/27 21:46:42 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Incredible Hulk.lnk
[2008/09/27 21:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\SEGA
[2008/09/27 21:41:11 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2008/09/27 21:41:09 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2008/09/27 21:41:09 | 00,018,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll
[2008/09/27 21:41:06 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2008/09/27 21:41:03 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2008/09/27 21:41:02 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/09/27 21:41:01 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/09/27 21:41:01 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/09/27 21:41:01 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2008/09/27 21:41:01 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2008/09/27 21:41:00 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2008/09/27 21:19:11 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2008/09/27 21:19:11 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2008/09/27 20:54:50 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/27 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
[2008/09/27 20:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2008/09/27 17:53:05 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/27 17:53:03 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/27 17:53:01 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/27 17:53:01 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/27 17:52:59 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/27 17:52:59 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/27 17:52:59 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/27 17:52:57 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/27 17:52:57 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/27 17:52:55 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/27 17:52:54 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/27 17:52:54 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/27 17:52:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/27 17:52:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/27 17:52:45 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/27 17:52:43 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/27 17:52:43 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/27 17:52:40 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/27 17:52:39 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/27 17:52:39 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/27 17:52:38 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/27 17:52:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/27 17:52:36 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/27 17:52:36 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/27 17:52:36 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/27 17:52:35 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/27 17:52:32 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/27 17:52:26 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/27 17:52:24 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/27 17:52:24 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/27 17:52:24 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/27 17:52:23 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/27 17:52:23 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/27 17:52:23 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/27 17:52:23 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/27 17:52:20 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/27 17:52:20 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/27 17:52:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/27 17:52:07 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/27 17:52:07 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/27 17:52:07 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/27 17:51:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/27 17:51:54 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/27 17:51:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/27 17:51:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/27 17:51:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/27 17:51:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/27 17:51:43 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/09/27 17:51:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/09/27 17:51:42 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/27 17:51:40 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/09/27 17:51:40 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/09/27 17:51:37 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/27 17:51:36 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/27 17:51:34 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/27 17:51:32 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/27 17:51:32 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/27 17:51:32 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/27 17:51:32 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/27 17:51:32 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/27 17:51:32 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/27 17:51:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/27 17:51:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/27 17:51:31 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/27 17:51:31 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/27 17:51:30 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/27 17:51:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/27 17:51:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/27 17:51:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/27 17:51:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/27 17:51:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/27 17:51:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/27 17:51:30 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/27 17:51:28 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/27 17:51:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/27 17:51:25 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/27 17:51:25 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/27 17:51:25 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/27 17:51:25 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/27 17:51:24 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/27 17:51:24 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/27 17:51:21 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/27 17:51:21 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/27 17:51:21 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/27 17:51:19 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/27 17:27:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2008/09/27 17:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2008/09/27 17:26:23 | 00,201,044 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/27 17:26:22 | 00,018,394 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/27 17:26:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2008/09/27 17:25:37 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2008/09/27 17:08:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/09/27 07:47:19 | 00,000,118 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\default.pls
[2008/09/27 07:29:48 | 00,137,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/27 07:29:41 | 00,183,120 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/27 07:29:35 | 00,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/09/27 07:25:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Folders
[2008/09/27 07:18:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\³Ø½¼ Ç÷¯±×
[2008/09/27 06:56:50 | 00,004,121 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\SVCD1.nsd
[2008/09/27 06:52:30 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 06:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DivX
[2008/09/27 06:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead
[2008/09/27 06:45:01 | 00,002,363 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2008/09/27 06:44:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Nero
[2008/09/27 06:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/09/27 06:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/09/27 06:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/09/27 06:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe
[2008/09/27 05:43:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Games
[2008/09/27 05:43:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield Installation Information
[2008/09/27 05:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/09/27 05:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2008/09/27 05:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Spore Creations
[2008/09/27 05:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 3
[2008/09/27 05:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2008/09/27 05:26:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/09/27 05:25:58 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2008/09/27 05:25:58 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2008/09/27 05:25:57 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/09/27 05:25:57 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2008/09/27 05:25:57 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2008/09/27 05:25:55 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2008/09/27 05:25:55 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2008/09/27 05:25:54 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2008/09/27 05:25:54 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2008/09/27 05:25:51 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/09/27 05:25:51 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/09/27 05:25:50 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/09/27 05:25:50 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2008/09/27 05:25:49 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/09/27 05:25:49 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2008/09/27 05:25:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
[2008/09/27 05:21:17 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2008/09/27 05:21:17 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2008/09/27 05:21:14 | 00,000,000 | ---D | C] -- C:\Nexon
[2008/09/27 05:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/09/27 05:21:08 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/09/27 05:21:08 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/09/27 05:21:07 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/09/27 05:21:07 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/09/27 05:21:07 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2008/09/27 05:21:06 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/09/27 05:21:05 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/09/27 05:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Battlefield 2142
[2008/09/27 05:02:35 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2008/09/27 04:34:06 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2008/09/27 04:34:03 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/09/27 04:32:36 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/09/27 04:20:30 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/09/27 04:20:23 | 00,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2008/09/27 04:20:14 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2008/09/27 04:08:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2008/09/27 04:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/09/27 03:39:17 | 00,000,000 | ---D | C] -- C:\Games
[2008/09/27 03:37:16 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/09/27 03:35:21 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Notepad.lnk
[2008/09/27 03:26:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\I386
[2008/09/27 03:25:44 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 03:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/27 03:18:09 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/09/27 03:17:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/09/27 03:17:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/09/27 03:17:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/09/27 03:16:43 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/09/27 03:16:39 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/09/27 03:15:37 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2008/09/27 03:10:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/09/27 03:10:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2008/09/27 03:10:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/09/27 03:10:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/09/27 03:07:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/09/27 03:07:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/09/27 03:06:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/09/27 03:06:05 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/09/27 03:03:20 | 16,208,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/27 03:03:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/09/27 03:02:37 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/09/27 03:02:37 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/09/27 03:02:36 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/09/27 03:02:36 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/09/27 03:02:36 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/09/27 03:02:35 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/09/27 03:02:34 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/09/27 03:02:34 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/09/27 03:02:32 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/27 03:02:01 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\kb913800.exe
[2008/09/27 03:00:57 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 02:58:31 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/27 02:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/27 02:55:39 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/27 02:55:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/27 02:55:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/27 02:55:26 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 02:46:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/09/27 02:41:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2008/09/27 02:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2008/09/27 02:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/27 02:37:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/09/27 02:34:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2008/09/27 02:32:07 | 00,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2008/09/27 02:28:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/09/27 02:27:58 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/27 02:27:37 | 00,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2008/09/27 02:27:33 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2008/09/27 02:27:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/09/27 02:27:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2008/09/27 02:27:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2008/09/27 02:24:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2008/09/27 02:24:11 | 03,170,476 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/09/27 02:24:11 | 00,050,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/27 02:24:11 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/09/27 02:24:11 | 00,000,087 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2008/09/27 02:24:09 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 02:24:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2008/09/27 02:24:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2008/09/27 02:24:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2008/09/27 02:24:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
[2008/09/27 02:23:01 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2008/09/17 09:55:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 09:55:00 | 01,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 09:55:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 09:55:00 | 01,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 09:55:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 09:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 09:55:00 | 00,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 09:55:00 | 00,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 09:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 09:55:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/09/15 19:14:26 | 00,524,288 | ---- | C] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2008/09/15 19:14:26 | 00,004,816 | ---- | C] () -- C:\WINDOWS\System32\divxsm.tlb
[2008/09/15 19:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:12:54 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/09/15 19:12:54 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2008/09/15 19:12:02 | 00,196,608 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2008/09/15 19:12:02 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/09/15 19:12:00 | 00,593,920 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2008/09/15 19:12:00 | 00,344,064 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2008/09/15 19:12:00 | 00,057,344 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2008/09/15 19:12:00 | 00,053,248 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/09/15 19:11:58 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/09/15 19:11:58 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/09/15 19:11:56 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/09/15 19:11:48 | 00,634,880 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2008/09/15 19:11:46 | 00,352,401 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2008/09/15 19:11:28 | 00,161,096 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2008/09/15 19:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/03 17:14:27 | 00,894,971 | -HS- | M] () -- C:\WINDOWS\System32\edKSAJjl.ini
[2008/10/03 17:14:24 | 00,894,971 | -HS- | M] () -- C:\WINDOWS\System32\edKSAJjl.ini2
[2008/10/03 17:11:26 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/03 17:05:35 | 00,000,022 | ---- | M] () -- C:\WINDOWS\pskt.ini
[2008/10/03 17:05:33 | 00,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/03 16:57:43 | 00,113,020 | ---- | M] () -- C:\WINDOWS\BMf726bf6a.xml
[2008/10/03 16:02:10 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rjylohjr.dll
[2008/10/03 16:02:10 | 00,115,200 | ---- | M] () -- C:\WINDOWS\System32\hmfldu.dll
[2008/10/03 15:59:46 | 01,077,475 | -HS- | M] () -- C:\WINDOWS\System32\hiodolcs.ini
[2008/10/03 15:59:41 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\sclodoih.dll
[2008/10/03 15:59:33 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\pltyndou.dll
[2008/10/03 10:42:33 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PSO BB.lnk
[2008/10/03 09:49:00 | 01,065,202 | -HS- | M] () -- C:\WINDOWS\System32\bmxxxxbc.ini
[2008/10/03 07:58:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 07:57:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/03 04:19:07 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 19:21:38 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vmcadjqf.dll
[2008/10/02 19:21:38 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sbywui.dll
[2008/10/02 19:18:46 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cbxxxxmb.dll
[2008/10/02 19:18:38 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kkdouvtb.dll
[2008/10/02 16:02:29 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to HijackThis.exe.lnk
[2008/10/02 03:52:20 | 00,137,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/02 03:52:13 | 00,183,120 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/10/02 00:23:53 | 00,948,375 | -HS- | M] () -- C:\WINDOWS\System32\fwcllfag.ini
[2008/10/02 00:22:55 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PHANTASY STAR UNIVERSE Illuminus.lnk
[2008/10/01 19:18:28 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ygeuiv.dll
[2008/10/01 19:18:28 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uivvcowq.dll
[2008/10/01 19:18:12 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gmjierio.dll
[2008/10/01 01:13:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/30 22:42:10 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Notepad.lnk
[2008/09/30 21:25:53 | 00,000,484 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW Acolytes.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 20:36:26 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2008/09/30 20:21:58 | 00,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/30 19:17:57 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rjyobsvt.dll
[2008/09/30 19:17:29 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mishvlej.dll
[2008/09/30 16:14:36 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/30 16:13:56 | 00,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/30 16:04:24 | 00,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/30 16:04:11 | 00,004,634 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/30 16:00:05 | 00,949,008 | -HS- | M] () -- C:\WINDOWS\System32\xxcbbpud.ini
[2008/09/30 16:00:05 | 00,949,008 | -HS- | M] () -- C:\WINDOWS\System32\tvsboyjr.ini
[2008/09/30 16:00:02 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qqafqx.dll
[2008/09/30 16:00:02 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lacbsyoa.dll
[2008/09/30 15:58:59 | 00,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ljJASKde.dll
[2008/09/30 15:49:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/30 11:03:29 | 00,000,118 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\default.pls
[2008/09/30 10:46:15 | 00,000,322 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet 5400 series.job
[2008/09/29 23:54:38 | 00,473,464 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/29 23:54:38 | 00,402,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/29 23:54:38 | 00,063,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/29 23:47:43 | 03,170,476 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/09/29 17:45:37 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/29 08:30:07 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TimeShift.lnk
[2008/09/27 21:46:42 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Incredible Hulk.lnk
[2008/09/27 21:19:11 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2008/09/27 20:54:51 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/27 07:29:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/09/27 06:56:50 | 00,004,121 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\SVCD1.nsd
[2008/09/27 06:49:16 | 00,002,363 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2008/09/27 05:26:00 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2008/09/27 05:20:24 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/27 04:20:30 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/09/27 04:20:23 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2008/09/27 03:19:46 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2008/09/27 03:19:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/27 03:19:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/27 02:58:10 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/27 02:55:39 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/27 02:55:04 | 00,000,108 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/09/27 02:25:39 | 00,000,139 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/09/27 02:23:08 | 00,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/09/27 02:22:45 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2008/09/17 09:55:00 | 01,724,416 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 09:55:00 | 01,657,376 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 09:55:00 | 01,503,232 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 09:55:00 | 01,346,080 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 09:55:00 | 01,101,824 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 09:55:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 09:55:00 | 00,449,056 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 09:55:00 | 00,436,768 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 09:55:00 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 09:55:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/09/17 09:55:00 | 00,018,394 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/15 19:14:26 | 00,524,288 | ---- | M] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2008/09/15 19:14:26 | 00,004,816 | ---- | M] () -- C:\WINDOWS\System32\divxsm.tlb
[2008/09/15 19:14:24 | 03,596,288 | ---- | M] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:12:54 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/09/15 19:12:54 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2008/09/15 19:12:02 | 00,196,608 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2008/09/15 19:12:02 | 00,081,920 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/09/15 19:12:00 | 00,593,920 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2008/09/15 19:12:00 | 00,344,064 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2008/09/15 19:12:00 | 00,057,344 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2008/09/15 19:12:00 | 00,053,248 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/09/15 19:11:58 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/09/15 19:11:58 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/09/15 19:11:56 | 00,683,520 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/09/15 19:11:48 | 00,634,880 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2008/09/15 19:11:46 | 00,352,401 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2008/09/15 19:11:28 | 00,161,096 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2008/09/15 19:11:10 | 00,012,288 | ---- | M] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
< End of report >


Extras.Txt report

OTViewIt Extras logfile created on: 10/3/2008 5:13:59 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 464.08 Mb Available Physical Memory | 45.39% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.79 Gb Total Space | 89.08 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Drive D: | 15.60 Gb Total Space | 10.37 Gb Free Space | 66.46% Space Free | Partition Type: FAT32
Drive E: | 98.86 Gb Total Space | 9.49 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive F: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
Drive G: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYTHIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/12/02 18:58:30 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/29 01:32:49 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/09/29 01:33:49 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/12 10:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/06/03 19:50:00 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/06/03 19:50:14 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/06/03 19:45:46 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/11 07:50:34 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/11 07:07:26 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/06/03 20:12:34 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/11 07:34:02 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/06/03 19:51:06 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/03/16 01:12:10 | 00,417,792 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/03/16 01:17:50 | 00,704,512 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2005/06/03 20:06:04 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/09/27 02:43:29 | 01,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
[2005/09/27 02:42:26 | 00,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
[2005/09/27 02:42:20 | 00,090,112 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
[2005/12/02 18:58:30 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/05/21 13:33:10 | 08,419,956 | ---- | M] () -- C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2
[2008/09/27 05:21:13 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/07/31 05:28:59 | 28,245,072 | ---- | M] () -- C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
[2008/09/29 01:32:49 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/09/29 01:33:49 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/08/05 03:37:08 | 01,458,912 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 12:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 12:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 12:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/02 01:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 08:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}"=Norton Internet Security
"{1367FA2F-2B3D-430F-872F-588B93420BFC}"=TimeShift
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}"=DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}"=Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}"=HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}"=Unload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}"=J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}"=cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}"=HPDeskjet5400Series
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}"=HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}"=Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}"=Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}"=Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}"=Norton Internet Security
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}"=NewCopy
"{5677563D-0CB1-485f-9E18-C5025306BB3F}"=Norton AntiSpam
"{567C23E1-7580-4185-B8C2-30805677297C}"=NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}"=HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}"=DocProc
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}"=Crysis WARHEAD®
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}"=AiOSoftware
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}"=LightScribe 1.4.52.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}"=Readme
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}"=Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}"=ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}"=Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B276997E-4367-4b1b-A39C-4CAE7464337A}"=AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}"=PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}"=Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}"=AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}"=cp_LightScribePlugin
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}"=Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}"=HP Photosmart Cameras 5.0
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}"=Norton Internet Security
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}"=Fax
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}"=CameraDrivers
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}"=Nero 8
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}"=ccCommon
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}"=CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFB0FED6-0010-4E9B-A402-E513F2459161}"=muvee autoProducer unPlugged 1.2
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}"=muvee autoProducer 4.5
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}"=Norton WMI Update
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}"=HP Deskjet 5400 series
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}"=Battlefield 2142
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}"=HP DigitalMedia Archive
"{FC08587A-4F01-4188-819F-F55880022917}"=ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}"=Norton Internet Security
"12133444-BF36-4d4e-B7FB-A3424C645DE4"=GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AwayMode160"=Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Data Fax SoftModem with SmartCP
"Combat Arms"=Combat Arms
"Crysis WARHEAD®"=Crysis WARHEAD®
"DISCover"=DISCover
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 5.3
"HP Image Zone for Media Center PC"=HP Image Zone for Media Center PC
"HP Imaging Device Functions"=HP Imaging Device Functions 5.3
"HP Photo & Imaging"=HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"IntelliMover Data Transfer Demo"=Remove IntelliMover Demo
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"KBD"=HP Multimedia Keyboard Software
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"Phantasy Star Online Blue Burst_is1"=Phantasy Star Online Blue Burst 1.0
"PHANTASY STAR UNIVERSE Ambition of the Illuminus_is1"=PHANTASY STAR UNIVERSE Ambition of the Illuminus
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0"=RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security 2005 (Symantec Corporation)
"SystemRequirementsLab"=System Requirements Lab
"The Incredible Hulk"=The Incredible Hulk
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2008 12:31:04 AM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module flash9f.ocx, version 9.0.124.0, fault address 0x0005375c.

Error - 10/2/2008 4:22:21 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 1.99.0.1, faulting module
ljjaskde.dll, version 6.0.2900.2180, fault address 0x00062943.

Error - 10/2/2008 4:22:30 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1001
Description = Fault bucket 952433805.

Error - 10/2/2008 4:22:37 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 1.99.0.1, faulting module
ljjaskde.dll, version 6.0.2900.2180, fault address 0x00062943.

Error - 10/2/2008 4:22:47 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1001
Description = Fault bucket 952433805.

Error - 10/2/2008 4:48:35 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 1.99.0.1, faulting module
ljjaskde.dll, version 6.0.2900.2180, fault address 0x00062943.

Error - 10/2/2008 4:48:41 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 1.99.0.1, faulting module
ljjaskde.dll, version 6.0.2900.2180, fault address 0x00062943.

Error - 10/2/2008 8:21:10 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x07691557.

Error - 10/2/2008 8:21:21 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1001
Description = Fault bucket 892036840.

Error - 10/3/2008 5:58:59 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.


< End of report >

Thank you for the help on this and sorry about sounding pushy, jus have alot of information needed thats hard to get now with this Trojan Vuduo i believe it was that is back. if needed i can rerun a new HJT log for you.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 04 October 2008 - 02:10 PM

Hi SgtLimbo and welcome to Bleepingcomputer :thumbsup:

Thank you for the help on this and sorry about sounding pushy, jus have alot of information needed thats hard to get now with this Trojan Vuduo i believe it was that is back. if needed i can rerun a new HJT log for you.


Your absolutely correct. You do have alot of vundos here, don't worry we'll take care of them. I'll need to see a Hijackthis log in the next post, but right now the OTViewit logs you gave me is enough for this post. Just follow the instructions below and you'll be fine :)

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Please follow the instructions for running Combofix from here
  • Please read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It
    is a simple procedure that will only take a few moments of your time.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.

    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click NO to skip the ComboFix scan for now.

    Posted Image
  • Save all document or windows that are open because when running combofix you won't have internet connection and everything will be closed.
  • Click on your Start Menu, then Run, In the run box type:
    "%userprofile%\desktop\combofix.exe" /killall
  • Combofix will now run
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with the following:
  • Combofix log
  • Fresh Hijackthis log<- Please rename Hijackthis before running it.(If you do not know how to rename Hijackthis follow the instructions below)
  • Fresh RSIT log
  • How is your computer running after running combofix?
How To Rename Hijackthis

Please Navigate to the folder C:\Program Files\Trend Micro\HijackThis<-This folder.
In the HijackThis folder Rename HijackThis.exe.
To Rename Hijackthis:
Right click on Hijackthis.exe and then from the menu that appears, click rename.
Rename it to analysis.exe<- After you rename Hijackthis run analysis.exe and post back the results.


Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 SgtLimbo

SgtLimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 04 October 2008 - 04:56 PM

Ok first thing, my pc seems running smoother than before. I can actually open IE without any popups so far and my windows explorer opens faster now as well. Here is the combo fix and HJT log but not sure what the RSIT log is sorry but here are the 2 at least.

ComboFix log

ComboFix 08-10-04.01 - HP_Administrator 2008-10-04 16:35:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.475 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\WINDOWS\BMf726bf6a.txt
C:\WINDOWS\BMf726bf6a.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bmxxxxbc.ini
C:\WINDOWS\system32\edKSAJjl.ini
C:\WINDOWS\system32\edKSAJjl.ini2
C:\WINDOWS\system32\fwcllfag.ini
C:\WINDOWS\system32\gmjierio.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hiodolcs.ini
C:\WINDOWS\system32\hmfldu.dll
C:\WINDOWS\system32\isehvr.dll
C:\WINDOWS\system32\kkdouvtb.dll
C:\WINDOWS\system32\lacbsyoa.dll
C:\WINDOWS\system32\ljJASKde.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mglhykht.dll
C:\WINDOWS\system32\mishvlej.dll
C:\WINDOWS\system32\nfricnhy.dll
C:\WINDOWS\system32\pdqegqcq.dll
C:\WINDOWS\system32\pltyndou.dll
C:\WINDOWS\system32\qqafqx.dll
C:\WINDOWS\system32\rjylohjr.dll
C:\WINDOWS\system32\rjyobsvt.dll
C:\WINDOWS\system32\sbywui.dll
C:\WINDOWS\system32\sclodoih.dll
C:\WINDOWS\system32\tvsboyjr.ini
C:\WINDOWS\system32\uivvcowq.dll
C:\WINDOWS\system32\vmcadjqf.dll
C:\WINDOWS\system32\xxcbbpud.ini
C:\WINDOWS\system32\ygeuiv.dll
C:\WINDOWS\system32\yhncirfn.ini
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-04 10:13 . 2008-10-04 10:44 <DIR> d-------- C:\Sylvanet PSOBB
2008-10-03 09:51 . 2008-10-03 19:06 <DIR> d-------- C:\Program Files\Phantasy Star Online Blue Burst
2008-10-02 00:38 . 2008-10-02 00:38 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-10-02 00:36 . 2003-07-20 22:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-02 00:36 . 2005-01-04 13:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-02 00:14 . 2008-10-02 00:14 <DIR> d-------- C:\SEGA
2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-30 20:40 . 2008-09-30 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 20:36 . 2008-09-30 20:36 <DIR> d-------- C:\Program Files\CCleaner
2008-09-30 16:14 . 2008-09-30 16:14 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-30 16:14 . 2008-09-30 16:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-30 16:04 . 2008-09-30 16:04 <DIR> d-------- C:\ProgramData
2008-09-30 16:04 . 2008-09-30 16:04 4,634 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-30 10:45 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll
2008-09-30 10:29 . 2008-09-30 10:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-09-30 10:29 . 2005-04-27 20:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll
2008-09-30 10:29 . 2008-09-30 10:45 79,413 --a------ C:\WINDOWS\hpfins05.dat
2008-09-30 10:29 . 2005-04-27 20:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-09-30 10:29 . 2005-07-15 17:15 1,350 --------- C:\WINDOWS\hpfmdl05.dat
2008-09-30 10:15 . 2008-04-13 13:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-30 10:15 . 2008-04-13 13:47 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-30 10:14 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-30 10:14 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-29 17:48 . 2008-09-29 17:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-29 08:18 . 2008-09-29 08:18 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-09-29 08:16 . 2008-09-29 08:16 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-09-29 06:18 . 2008-09-29 06:18 <DIR> d-------- C:\Program Files\SOFTMAX
2008-09-29 05:29 . 2007-11-22 09:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-09-29 03:33 . 2008-09-29 03:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE
2008-09-28 21:55 . 2008-09-28 21:55 <DIR> d-------- C:\Program Files\NOS
2008-09-28 21:55 . 2008-09-28 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-28 15:41 . 2008-09-28 15:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-28 15:34 . 2008-09-28 15:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-09-27 21:41 . 2008-09-27 21:41 <DIR> d-------- C:\Program Files\SEGA
2008-09-27 21:19 . 2008-09-27 21:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-27 20:54 . 2008-09-27 20:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-09-27 20:54 . 2008-09-27 20:54 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-27 20:15 . 2008-09-27 20:15 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-09-27 17:53 . 2008-04-13 19:12 712,704 --a------ C:\WINDOWS\system32\windowscodecs.dll
2008-09-27 17:53 . 2008-04-13 19:12 346,112 --a------ C:\WINDOWS\system32\windowscodecsext.dll
2008-09-27 17:53 . 2008-04-13 19:12 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll
2008-09-27 17:53 . 2008-04-13 19:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-09-27 17:53 . 2004-08-03 22:29 25,471 --a------ C:\WINDOWS\system32\drivers\watv10nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 22,271 --a------ C:\WINDOWS\system32\drivers\watv06nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,935 --a------ C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,871 --a------ C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,807 --a------ C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,295 --a------ C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-09-27 17:51 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-27 17:27 . 2008-09-27 17:27 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-09-27 17:27 . 2008-09-27 17:27 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-27 17:26 . 2008-09-27 17:26 <DIR> d-------- C:\WINDOWS\nview
2008-09-27 17:26 . 2008-09-17 09:55 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-27 17:26 . 2008-10-04 16:45 201,044 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-27 17:26 . 2008-09-17 09:55 18,394 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-27 17:25 . 2008-09-27 17:25 <DIR> d-------- C:\NVIDIA
2008-09-27 17:25 . 2008-09-16 21:27 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-27 07:29 . 2008-10-03 23:30 183,120 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-27 07:29 . 2008-10-03 23:30 137,480 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-27 07:29 . 2008-09-27 07:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-27 06:52 . 2008-09-30 20:56 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2008-09-27 06:52 . 2008-10-01 01:13 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-27 06:44 . 2008-09-27 06:44 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-09-27 06:41 . 2008-09-27 06:41 <DIR> d-------- C:\Program Files\Nero
2008-09-27 06:41 . 2008-09-27 06:43 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-27 06:41 . 2008-09-27 06:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-27 05:43 . 2008-09-27 05:43 <DIR> d-------- C:\WINDOWS\Sun
2008-09-27 05:43 . 2008-09-27 05:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield Installation Information
2008-09-27 05:26 . 2008-09-27 05:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-27 05:26 . 2008-09-27 05:26 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2008-09-27 05:26 . 2008-09-27 05:26 <DIR> d-------- C:\Program Files\DIFX
2008-09-27 05:21 . 2008-09-27 05:21 <DIR> d-------- C:\Nexon
2008-09-27 05:21 . 2008-09-27 05:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-27 05:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-27 05:02 . 2008-09-30 16:04 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-27 04:34 . 2001-08-17 15:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-27 04:34 . 2008-04-13 13:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-27 04:20 . 2008-09-27 04:20 <DIR> d-------- C:\Program Files\DivX
2008-09-27 04:20 . 2008-09-15 19:14 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-09-27 04:20 . 2008-09-15 19:14 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-27 04:20 . 2008-09-15 19:14 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-27 04:08 . 2008-09-27 04:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-27 03:39 . 2008-09-27 08:30 <DIR> d-------- C:\Games
2008-09-27 03:27 . 2008-10-04 16:40 249 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-09-27 03:26 . 2008-09-27 02:26 <DIR> d-------- C:\WINDOWS\I386
2008-09-27 03:21 . 2008-09-30 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 03:18 . 2008-09-27 03:25 <DIR> dr-h----- C:\MSOCache
2008-09-27 03:17 . 2008-09-28 15:07 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-09-27 03:15 . 2008-09-30 10:15 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-09-27 03:10 . 2008-09-27 03:11 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-27 03:03 . 2008-06-13 06:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-09-27 03:03 . 2008-06-13 06:05 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-27 03:00 . 2008-05-08 09:02 203,136 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-27 02:57 . 2008-09-27 02:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-27 02:55 . 2008-09-27 02:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-27 02:55 . 2008-09-27 02:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-27 02:55 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-27 02:32 . 2008-09-27 02:32 <DIR> d-------- C:\Program Files\SymNetDrv
2008-09-27 02:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-27 02:26 . 2004-10-25 17:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE
2008-09-27 02:26 . 2008-09-27 02:26 1,816 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL448AA-ABA a1310n_YC_0Pavi_QMXF607_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.15_T070125_WXP2_L409_M1023_J123_7AMD_8Athlon 64_92.19_#060328_N10EC8139_Z14F12F20_G.MRK
2008-09-27 02:24 . 2005-12-02 18:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-09-27 02:24 . 2008-09-27 02:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-09-27 02:24 . 2005-12-02 18:55 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-09-27 02:24 . 2005-12-02 18:40 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
2008-09-27 02:24 . 2008-09-30 20:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-09-27 02:23 . 2005-12-02 18:53 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-27 02:23 . 2005-12-02 19:10 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-09-27 02:23 . 2005-12-02 18:55 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit
2008-09-27 02:23 . 2005-12-02 18:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Digital Interactive Systems Corporation
2008-09-27 02:22 . 2005-12-02 18:53 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-09-15 19:14 . 2008-09-15 19:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-15 19:14 . 2008-09-15 19:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-15 19:14 . 2008-09-15 19:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-09-15 19:11 . 2008-09-15 19:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-09-15 19:11 . 2008-09-15 19:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-09-15 19:11 . 2008-09-15 19:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-09-15 19:11 . 2008-09-15 19:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-09-15 19:11 . 2008-09-15 19:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-09-15 19:11 . 2008-09-15 19:11 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-15 19:11 . 2008-09-15 19:11 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 21:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-02 08:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-01 05:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-09-27 22:20 --------- d-----w C:\Program Files\Rhapsody
2008-09-27 09:56 --------- d-----w C:\Program Files\Google
2008-09-27 07:32 --------- d-----w C:\Program Files\Symantec
2008-09-27 07:29 --------- d-----w C:\Program Files\Java
2008-09-17 14:55 6,132,576 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-16 00:14 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-27 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-29 22656]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-27 100056]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=isehvr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-27 C:\WINDOWS\Tasks\HPCeeSchedule.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 22:22]

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 14:47]

2008-09-30 C:\WINDOWS\Tasks\WebReg Deskjet 5400 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 10:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1387b86f-c5eb-406c-b817-897a0e154dff} - C:\WINDOWS\system32\isehvr.dll
BHO-{4721D3C1-F922-4F9C-AAF8-F8C61085A0F6} - C:\WINDOWS\system32\ljJASKde.dll
HKLM-Run-BMf726bf6a - C:\WINDOWS\system32\mglhykht.dll
HKLM-Run-f4158cf6 - C:\WINDOWS\system32\nfricnhy.dll
HKLM-Run-PCDrProfiler - (no file)
Notify-AtiExtEvent - (no file)
Notify-khfCuSjK - khfCuSjK.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ig
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 16:43:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\ComboFix\pv.cfexe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-10-04 16:48:31 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-10-04 21:48:24

Pre-Run: 94,192,504,832 bytes free
Post-Run: 95,434,674,176 bytes free

346 --- E O F --- 2008-09-29 22:55:09


HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:08 PM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\analysis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O20 - AppInit_DLLs: isehvr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10176 bytes

If you can tell me what and how i get the RSIT log is ill make that as well and post it, because the things i have is HJT, OTViewIT and ComboFix. Thanks for the great help with this seems its gotten alot better now THank You.

ps. I still get popups while my IE is down, all I have to do is open windows explorer and ill get a popup. Otherwise my pc seems faster than it was before your help with this problem. Thanks for the helping me with this problem I have.

Edited by SgtLimbo, 05 October 2008 - 06:01 AM.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 05 October 2008 - 01:58 PM

Hi.
Your computer looks alot better now, concerning the popups I can't tell much but I want to ask you ro run an online scan.
Also can you tell me what kinds of popups? Is there a particular site that you get alot of popups?

If you can tell me what and how i get the RSIT log is ill make that as well and post it, because the things i have is HJT, OTViewIT and ComboFix. Thanks for the great help with this seems its gotten alot better now THank You.

Sorry about that. That was my mistake, what I wanted to see was the Otviewit Logs. This is the first time I used OTviewit and before I use another program called RSIT so I got confused.
Please post back with the OTviewit logs.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

After you run combofix please Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

For your next reply post back with the following:
  • Combofix log
  • OTViewit logs (OTViewIt.txt and Extra.txt)
  • Kaspersky online scan log
  • Fresh Hijackthis log
Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 SgtLimbo

SgtLimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 05 October 2008 - 05:24 PM

The popups are basicly random sites of advertisings, theres really no specific site address. Heres the combofix log.

ComboFix 08-10-04.01 - HP_Administrator 2008-10-05 17:03:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.651 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[4].txt

.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-05 07:02 . 2008-10-05 07:02 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-10-05 07:00 . 2008-10-05 07:15 <DIR> d-------- C:\Program Files\America's Army
2008-10-05 04:19 . 2008-04-13 19:11 1,689,088 ---h---t- C:\WINDOWS\system32\258626d8.dll
2008-10-05 04:19 . 2008-04-13 19:11 1,689,088 ---h---t- C:\WINDOWS\system32\12794a7c.dll
2008-10-05 04:19 . 2008-04-13 19:12 82,432 ---h---t- C:\WINDOWS\system32\6fc70e0.dll
2008-10-05 04:19 . 2008-04-13 19:12 82,432 ---h---t- C:\WINDOWS\system32\1016bd91.dll
2008-10-05 04:01 . 2008-04-13 19:11 1,689,088 ---h---t- C:\WINDOWS\system32\d13797b.dll
2008-10-05 04:01 . 2008-04-13 19:11 1,689,088 ---h---t- C:\WINDOWS\system32\1f987000.dll
2008-10-05 04:01 . 2008-04-13 19:12 82,432 ---h---t- C:\WINDOWS\system32\30e88ae.dll
2008-10-05 04:01 . 2008-04-13 19:12 82,432 ---h---t- C:\WINDOWS\system32\13adb958.dll
2008-10-05 03:50 . 2008-10-05 03:50 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-03 09:51 . 2008-10-05 16:14 <DIR> d-------- C:\Program Files\Phantasy Star Online Blue Burst
2008-10-02 00:38 . 2008-10-02 00:38 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-10-02 00:36 . 2003-07-20 22:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-02 00:36 . 2005-01-04 13:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-02 00:14 . 2008-10-02 00:14 <DIR> d-------- C:\SEGA
2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-30 20:40 . 2008-09-30 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 20:36 . 2008-09-30 20:36 <DIR> d-------- C:\Program Files\CCleaner
2008-09-30 16:14 . 2008-09-30 16:14 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-30 16:14 . 2008-09-30 16:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-30 16:04 . 2008-09-30 16:04 <DIR> d-------- C:\ProgramData
2008-09-30 16:04 . 2008-09-30 16:04 4,634 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-30 10:45 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll
2008-09-30 10:29 . 2008-09-30 10:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-09-30 10:29 . 2005-04-27 20:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll
2008-09-30 10:29 . 2008-09-30 10:45 79,413 --a------ C:\WINDOWS\hpfins05.dat
2008-09-30 10:29 . 2005-04-27 20:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-09-30 10:29 . 2005-07-15 17:15 1,350 --------- C:\WINDOWS\hpfmdl05.dat
2008-09-30 10:15 . 2008-04-13 13:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-30 10:15 . 2008-04-13 13:47 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-30 10:14 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-30 10:14 . 2008-04-13 13:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-29 17:49 . 2008-09-29 17:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-29 17:48 . 2008-09-29 17:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-29 08:18 . 2008-09-29 08:18 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-09-29 08:16 . 2008-09-29 08:16 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-09-29 06:18 . 2008-09-29 06:18 <DIR> d-------- C:\Program Files\SOFTMAX
2008-09-29 05:29 . 2007-11-22 09:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-09-29 03:33 . 2008-09-29 03:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE
2008-09-28 21:55 . 2008-09-28 21:55 <DIR> d-------- C:\Program Files\NOS
2008-09-28 21:55 . 2008-09-28 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-28 15:41 . 2008-09-28 15:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-28 15:34 . 2008-09-28 15:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-09-27 21:41 . 2008-09-27 21:41 <DIR> d-------- C:\Program Files\SEGA
2008-09-27 21:19 . 2008-09-27 21:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-27 20:54 . 2008-09-27 20:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-09-27 20:54 . 2008-09-27 20:54 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-27 20:15 . 2008-09-27 20:15 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-09-27 17:53 . 2008-04-13 19:12 712,704 --a------ C:\WINDOWS\system32\windowscodecs.dll
2008-09-27 17:53 . 2008-04-13 19:12 346,112 --a------ C:\WINDOWS\system32\windowscodecsext.dll
2008-09-27 17:53 . 2008-04-13 19:12 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll
2008-09-27 17:53 . 2008-04-13 19:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-09-27 17:53 . 2004-08-03 22:29 25,471 --a------ C:\WINDOWS\system32\drivers\watv10nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 22,271 --a------ C:\WINDOWS\system32\drivers\watv06nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,935 --a------ C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,871 --a------ C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,807 --a------ C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-09-27 17:53 . 2004-08-03 22:29 11,295 --a------ C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-09-27 17:51 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-27 17:27 . 2008-09-27 17:27 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-09-27 17:27 . 2008-09-27 17:27 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-27 17:26 . 2008-09-27 17:26 <DIR> d-------- C:\WINDOWS\nview
2008-09-27 17:26 . 2008-09-17 09:55 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-27 17:26 . 2008-10-05 03:48 201,044 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-27 17:26 . 2008-09-17 09:55 18,394 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-27 17:25 . 2008-09-27 17:25 <DIR> d-------- C:\NVIDIA
2008-09-27 17:25 . 2008-09-16 21:27 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-27 07:29 . 2008-10-05 15:24 139,144 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-27 07:29 . 2008-10-05 15:24 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-27 07:29 . 2008-09-27 07:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-27 06:52 . 2008-09-30 20:56 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2008-09-27 06:52 . 2008-10-01 01:13 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-27 06:44 . 2008-09-27 06:44 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-09-27 06:41 . 2008-09-27 06:41 <DIR> d-------- C:\Program Files\Nero
2008-09-27 06:41 . 2008-09-27 06:43 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-27 06:41 . 2008-09-27 06:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-27 05:43 . 2008-09-27 05:43 <DIR> d-------- C:\WINDOWS\Sun
2008-09-27 05:43 . 2008-09-27 05:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield Installation Information
2008-09-27 05:26 . 2008-09-27 05:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-27 05:26 . 2008-09-27 05:26 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2008-09-27 05:26 . 2008-09-27 05:26 <DIR> d-------- C:\Program Files\DIFX
2008-09-27 05:21 . 2008-09-27 05:21 <DIR> d-------- C:\Nexon
2008-09-27 05:21 . 2008-09-27 05:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-27 05:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-27 05:02 . 2008-09-30 16:04 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-27 04:34 . 2001-08-17 15:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-27 04:34 . 2008-04-13 13:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-27 04:20 . 2008-09-27 04:20 <DIR> d-------- C:\Program Files\DivX
2008-09-27 04:20 . 2008-09-15 19:14 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-09-27 04:20 . 2008-09-15 19:14 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-27 04:20 . 2008-09-15 19:14 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-27 04:08 . 2008-09-27 04:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-27 03:39 . 2008-09-27 08:30 <DIR> d-------- C:\Games
2008-09-27 03:27 . 2008-10-05 03:50 249 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-09-27 03:26 . 2008-09-27 02:26 <DIR> d-------- C:\WINDOWS\I386
2008-09-27 03:21 . 2008-09-30 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 03:18 . 2008-09-27 03:25 <DIR> dr-h----- C:\MSOCache
2008-09-27 03:17 . 2008-09-28 15:07 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-09-27 03:15 . 2008-09-30 10:15 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-09-27 03:10 . 2008-09-27 03:11 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-27 03:03 . 2008-06-13 06:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-09-27 03:03 . 2008-06-13 06:05 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-27 03:00 . 2008-05-08 09:02 203,136 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-27 02:57 . 2008-09-27 02:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-27 02:55 . 2008-09-27 02:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-27 02:55 . 2008-09-27 02:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-27 02:55 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-27 02:32 . 2008-09-27 02:32 <DIR> d-------- C:\Program Files\SymNetDrv
2008-09-27 02:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-27 02:26 . 2004-10-25 17:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE
2008-09-27 02:26 . 2008-09-27 02:26 1,816 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL448AA-ABA a1310n_YC_0Pavi_QMXF607_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.15_T070125_WXP2_L409_M1023_J123_7AMD_8Athlon 64_92.19_#060328_N10EC8139_Z14F12F20_G.MRK
2008-09-27 02:24 . 2005-12-02 18:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-09-27 02:24 . 2008-09-27 02:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-09-27 02:24 . 2005-12-02 18:55 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-09-27 02:24 . 2005-12-02 18:40 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
2008-09-27 02:24 . 2008-09-30 20:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-09-27 02:23 . 2005-12-02 18:53 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-27 02:23 . 2005-12-02 19:10 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-09-27 02:23 . 2005-12-02 18:55 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit
2008-09-27 02:23 . 2005-12-02 18:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Digital Interactive Systems Corporation
2008-09-27 02:22 . 2005-12-02 18:53 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 00:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-02 08:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-01 05:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-09-29 22:52 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-29 22:52 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-29 22:52 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-29 22:52 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-29 22:52 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-09-29 22:52 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-29 22:52 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-29 22:52 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-27 22:20 --------- d-----w C:\Program Files\Rhapsody
2008-09-27 09:56 --------- d-----w C:\Program Files\Google
2008-09-27 07:32 --------- d-----w C:\Program Files\Symantec
2008-09-27 07:29 --------- d-----w C:\Program Files\Java
2008-09-16 00:14 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-16 00:14 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-04 14:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe
2008-08-29 13:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-04_16.48.10.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 12:14:38 45,056 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut10_656D5B05040941EEBBEED9C4D6388972.exe
+ 2008-10-05 12:14:38 45,056 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut11_656D5B05040941EEBBEED9C4D6388972.exe
+ 2008-10-05 12:14:38 45,056 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut14_656D5B05040941EEBBEED9C4D6388972.exe
+ 2008-10-05 12:14:38 45,056 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut15_656D5B05040941EEBBEED9C4D6388972.exe
+ 2008-10-05 12:14:38 2,238 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut17_656D5B05040941EEBBEED9C4D6388972.exe
+ 2008-10-05 12:14:38 45,056 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut8_656D5B05040941EEBBEED9C4D6388972.exe
+ 2008-10-05 12:14:38 45,056 ----a-r C:\WINDOWS\Installer\{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}\NewShortcut9_656D5B05040941EEBBEED9C4D6388972.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-05 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-29 22656]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-27 100056]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder

2008-09-27 C:\WINDOWS\Tasks\HPCeeSchedule.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 22:22]

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 14:47]

2008-09-30 C:\WINDOWS\Tasks\WebReg Deskjet 5400 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 10:21]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:06:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-05 17:07:10
ComboFix-quarantined-files.txt 2008-10-05 22:07:07
ComboFix2.txt 2008-10-04 21:48:33

Pre-Run: 90,393,526,272 bytes free
Post-Run: 90,557,644,800 bytes free

296 --- E O F --- 2008-10-05 08:49:51


heres the OTViewIt log

OTViewIt logfile created on: 10/5/2008 5:16:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 605.54 Mb Available Physical Memory | 59.22% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.79 Gb Total Space | 84.36 Gb Free Space | 47.45% Space Free | Partition Type: NTFS
Drive D: | 15.60 Gb Total Space | 10.37 Gb Free Space | 66.46% Space Free | Partition Type: FAT32
Drive E: | 98.86 Gb Total Space | 9.49 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive F: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
Drive G: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYTHIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/06/13 15:02:50 | 00,239,264 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
[2008/01/08 16:36:34 | 00,177,512 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[2005/03/29 19:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
[2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[2005/02/25 14:45:26 | 00,992,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2008/01/08 16:36:34 | 00,185,704 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[2008/09/30 20:40:56 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/04/05 14:32:24 | 00,128,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
[2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2008/09/17 09:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
[2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/01/08 16:36:34 | 00,049,512 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[2005/05/12 09:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/05/12 10:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2005/02/02 18:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/12/14 14:44:30 | 00,065,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
[2002/08/21 15:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
[2008/10/05 14:05:00 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/09/27 07:29:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2008/10/05 15:24:18 | 00,111,928 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/03 17:11:26 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/30 20:40:56 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/01/08 16:36:34 | 00,185,704 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])
[2006/06/13 15:02:50 | 00,239,264 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -- (ccProxy [Auto | Running])
[2008/01/08 16:36:34 | 00,083,304 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])
[2008/01/08 16:36:34 | 00,177,512 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])
[2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/04/13 19:12:21 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxssvc.exe -- (Fax [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/09/27 02:34:49 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/03/29 19:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC [Auto | Running])
[2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/04/05 14:32:24 | 00,128,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -- (navapsvc [On_Demand | Running])
[2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2008/09/17 09:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
[2008/09/27 07:29:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/08/26 14:22:48 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Stopped])
[2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
[2005/02/25 14:45:26 | 00,992,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
[2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
[2008/04/13 19:12:38 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/10/05 15:24:18 | 00,111,928 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])

========== Driver Services ==========

[2005/08/29 17:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/08/03 02:19:14 | 00,022,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aracpi.sys -- (aracpi [On_Demand | Running])
[2005/08/03 02:19:14 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arhidfltr.sys -- (arhidfltr [On_Demand | Running])
[2005/08/03 02:19:16 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arkbcfltr.sys -- (arkbcfltr [On_Demand | Running])
[2005/08/03 02:19:16 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\armoucfltr.sys -- (armoucfltr [On_Demand | Running])
[2005/08/03 02:19:14 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arpolicy.sys -- (ARPolicy [On_Demand | Running])
[2003/11/05 17:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT [On_Demand | Running])
[2008/09/17 11:18:12 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2005/06/30 03:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2005/10/21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/22 07:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/12/15 17:18:32 | 00,220,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/12/15 17:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/06/17 16:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [Disabled | Stopped])
[2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/08/10 12:45:04 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV [On_Demand | Stopped])
[2008/09/17 11:18:12 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081001.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/09/17 11:18:12 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081001.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/09/17 09:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 23:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2005/07/04 02:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/09/15 19:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 13:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2005/08/26 14:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
[2005/08/26 14:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/02/25 14:45:26 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/09/27 20:54:51 | 00,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/28 18:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2006/09/15 22:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/03/28 18:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/03/28 18:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 02:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080926.002\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2007/03/28 18:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2007/03/28 18:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/03/28 18:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 13:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2008/04/13 13:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2004/12/15 17:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/10/05 15:24:26 | 00,139,144 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/ig

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE (Microsoft)
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"DISCover"=C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[1999/11/07 02:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 12:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Connection Help -- C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Connection Help -- C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
trymedia.com: http in Trusted sites
trymedia.com: https in Trusted sites
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class

========== (O17) DNS Name Servers ==========

{00670B93-B7DF-4290-9260-387AA81BCD1F} (Servers: | Description: 1394 Net Adapter)
{892900FC-9814-4488-99C0-81491C1EE93D} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{D7B319B1-A3B0-4924-ABD3-81B15482ABB5} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/12/02 18:55:00 | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]

autorun []
[2006/09/25 11:01:39 | 04,386,816 | R--- | M] () -- G:\autorun.exe -- [ UDF ]

Autorun.exe [MZ | ]
[2006/09/25 11:01:39 | 04,386,816 | R--- | M] () -- G:\Autorun.exe -- [ UDF ]

Autorun.inf [[autorun] | icon=bf2142.ico | open=Autorun.exe | ]
[2006/09/25 11:01:39 | 00,000,046 | R--- | M] () -- G:\Autorun.inf -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\Autorun.exe -- [2006/09/25 11:01:39 | 04,386,816 | R--- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/05 17:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/05 17:02:38 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/10/05 07:14:37 | 00,001,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\America's Army.lnk
[2008/10/05 07:02:33 | 00,000,000 | ---D | C] -- C:\Program Files\America's Army Server Manager
[2008/10/05 07:00:55 | 00,000,000 | ---D | C] -- C:\Program Files\America's Army
[2008/10/05 04:19:34 | 00,082,432 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\6fc70e0.dll
[2008/10/05 04:19:34 | 00,082,432 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\1016bd91.dll
[2008/10/05 04:19:33 | 01,689,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\258626d8.dll
[2008/10/05 04:19:33 | 01,689,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\12794a7c.dll
[2008/10/05 04:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tgs_pub_2.0.5
[2008/10/05 04:01:38 | 00,082,432 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\30e88ae.dll
[2008/10/05 04:01:38 | 00,082,432 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\13adb958.dll
[2008/10/05 04:01:37 | 01,689,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d13797b.dll
[2008/10/05 04:01:37 | 01,689,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\1f987000.dll
[2008/10/05 03:50:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/10/04 16:51:25 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to analysis.exe.lnk
[2008/10/04 16:35:43 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/10/04 16:32:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/10/04 16:23:29 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/10/04 16:06:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/04 16:06:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/04 16:06:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/04 16:06:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/10/04 16:06:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/04 16:06:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/04 16:06:20 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/04 16:06:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/10/04 16:05:37 | 02,938,266 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2008/10/03 17:11:24 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/03 10:42:33 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PSO BB.lnk
[2008/10/03 09:51:26 | 00,000,000 | ---D | C] -- C:\Program Files\Phantasy Star Online Blue Burst
[2008/10/02 16:01:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/10/02 14:42:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008/10/02 00:38:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\SEGA
[2008/10/02 00:38:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2008/10/02 00:36:00 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2008/10/02 00:36:00 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2008/10/02 00:22:55 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PHANTASY STAR UNIVERSE Illuminus.lnk
[2008/10/02 00:22:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SEGA
[2008/10/02 00:14:10 | 00,000,000 | ---D | C] -- C:\SEGA
[2008/09/30 23:25:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Jumper
[2008/09/30 21:25:53 | 00,000,484 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW Acolytes.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 20:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 20:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 20:36:26 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2008/09/30 20:36:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/09/30 16:14:36 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/30 16:14:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/09/30 16:13:56 | 00,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/30 16:04:24 | 00,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/30 16:04:18 | 00,000,000 | ---D | C] -- C:\ProgramData
[2008/09/30 16:04:11 | 00,004,634 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/30 16:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
[2008/09/30 10:46:14 | 00,000,322 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Deskjet 5400 series.job
[2008/09/30 10:31:27 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2008/09/30 10:15:04 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/09/30 10:15:04 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/09/30 10:14:58 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/09/30 10:14:58 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/09/30 00:03:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Full Movies
[2008/09/29 23:50:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/29 17:49:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/29 17:49:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/29 17:49:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/29 17:49:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/29 17:48:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/29 17:41:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/29 08:30:07 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TimeShift.lnk
[2008/09/29 08:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra Entertainment
[2008/09/29 08:16:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
[2008/09/29 06:18:43 | 00,000,000 | ---D | C] -- C:\Program Files\SOFTMAX
[2008/09/29 05:29:15 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2008/09/29 03:33:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SPORE
[2008/09/28 23:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Game Folders
[2008/09/28 21:55:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\NOS
[2008/09/28 21:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/28 21:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/09/28 15:41:36 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2008/09/28 15:07:25 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2008/09/27 21:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\The Incredible Hulk
[2008/09/27 21:46:42 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Incredible Hulk.lnk
[2008/09/27 21:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\SEGA
[2008/09/27 21:41:11 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2008/09/27 21:41:09 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2008/09/27 21:41:09 | 00,018,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll
[2008/09/27 21:41:06 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2008/09/27 21:41:03 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2008/09/27 21:41:02 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/09/27 21:41:01 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/09/27 21:41:01 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/09/27 21:41:01 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2008/09/27 21:41:01 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2008/09/27 21:41:00 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2008/09/27 21:19:11 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2008/09/27 21:19:11 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2008/09/27 20:54:50 | 00,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/27 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
[2008/09/27 20:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2008/09/27 17:53:05 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/27 17:53:03 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/27 17:53:01 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/27 17:53:01 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/27 17:52:59 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/27 17:52:59 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/27 17:52:59 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/27 17:52:57 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/27 17:52:57 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/27 17:52:55 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/27 17:52:54 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/27 17:52:54 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/27 17:52:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/27 17:52:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/27 17:52:45 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/27 17:52:43 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/27 17:52:43 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/27 17:52:40 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/27 17:52:39 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/27 17:52:39 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/27 17:52:38 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/27 17:52:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/27 17:52:36 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/27 17:52:36 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/27 17:52:36 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/27 17:52:35 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/27 17:52:32 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/27 17:52:26 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/27 17:52:24 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/27 17:52:24 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/27 17:52:24 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/27 17:52:23 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/27 17:52:23 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/27 17:52:23 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/27 17:52:23 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/27 17:52:20 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/27 17:52:20 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/27 17:52:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/27 17:52:07 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/27 17:52:07 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/27 17:52:07 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/27 17:51:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/27 17:51:54 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/27 17:51:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/27 17:51:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/27 17:51:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/27 17:51:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/27 17:51:43 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/09/27 17:51:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/09/27 17:51:42 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/27 17:51:40 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/09/27 17:51:40 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/09/27 17:51:37 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/27 17:51:36 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/27 17:51:34 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/27 17:51:32 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/27 17:51:32 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/27 17:51:32 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/27 17:51:32 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/27 17:51:32 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/27 17:51:32 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/27 17:51:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/27 17:51:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/27 17:51:31 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/27 17:51:31 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/27 17:51:30 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/27 17:51:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/27 17:51:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/27 17:51:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/27 17:51:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/27 17:51:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/27 17:51:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/27 17:51:30 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/27 17:51:28 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/27 17:51:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/27 17:51:25 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/27 17:51:25 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/27 17:51:25 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/27 17:51:25 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/27 17:51:24 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/27 17:51:24 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/27 17:51:21 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/27 17:51:21 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/27 17:51:21 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/27 17:51:19 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/27 17:27:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2008/09/27 17:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2008/09/27 17:26:23 | 00,201,044 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/27 17:26:22 | 00,018,394 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/27 17:26:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2008/09/27 17:25:37 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2008/09/27 17:08:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/09/27 07:47:19 | 00,000,118 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\default.pls
[2008/09/27 07:29:48 | 00,139,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/27 07:29:41 | 00,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/27 07:29:35 | 00,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/09/27 07:25:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Folders
[2008/09/27 07:18:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\³Ø½¼ Ç÷¯±×
[2008/09/27 06:56:50 | 00,004,121 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\SVCD1.nsd
[2008/09/27 06:52:30 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 06:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DivX
[2008/09/27 06:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead
[2008/09/27 06:45:01 | 00,002,363 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2008/09/27 06:44:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Nero
[2008/09/27 06:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/09/27 06:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/09/27 06:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/09/27 06:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe
[2008/09/27 05:43:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Games
[2008/09/27 05:43:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield Installation Information
[2008/09/27 05:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/09/27 05:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2008/09/27 05:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Spore Creations
[2008/09/27 05:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 3
[2008/09/27 05:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2008/09/27 05:26:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/09/27 05:25:58 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2008/09/27 05:25:58 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2008/09/27 05:25:57 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/09/27 05:25:57 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2008/09/27 05:25:57 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2008/09/27 05:25:55 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2008/09/27 05:25:55 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2008/09/27 05:25:54 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2008/09/27 05:25:54 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2008/09/27 05:25:51 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/09/27 05:25:51 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/09/27 05:25:50 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/09/27 05:25:50 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2008/09/27 05:25:49 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/09/27 05:25:49 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2008/09/27 05:25:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
[2008/09/27 05:21:17 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2008/09/27 05:21:17 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2008/09/27 05:21:14 | 00,000,000 | ---D | C] -- C:\Nexon
[2008/09/27 05:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/09/27 05:21:08 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/09/27 05:21:08 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/09/27 05:21:07 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/09/27 05:21:07 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/09/27 05:21:07 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2008/09/27 05:21:06 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/09/27 05:21:05 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/09/27 05:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Battlefield 2142
[2008/09/27 05:02:35 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2008/09/27 04:34:06 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2008/09/27 04:34:03 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/09/27 04:32:36 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/09/27 04:20:30 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/09/27 04:20:23 | 00,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2008/09/27 04:20:14 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2008/09/27 04:08:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2008/09/27 04:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/09/27 03:39:17 | 00,000,000 | ---D | C] -- C:\Games
[2008/09/27 03:37:16 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/09/27 03:35:21 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Notepad.lnk
[2008/09/27 03:26:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\I386
[2008/09/27 03:25:44 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 03:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/27 03:18:09 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/09/27 03:17:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/09/27 03:17:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/09/27 03:17:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/09/27 03:16:43 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/09/27 03:16:39 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/09/27 03:15:37 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2008/09/27 03:10:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/09/27 03:10:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2008/09/27 03:10:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/09/27 03:10:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/09/27 03:07:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/09/27 03:07:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/09/27 03:06:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/09/27 03:06:05 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/09/27 03:03:20 | 16,208,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/27 03:03:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/09/27 03:02:37 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/09/27 03:02:37 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/09/27 03:02:36 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/09/27 03:02:36 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/09/27 03:02:36 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/09/27 03:02:35 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/09/27 03:02:34 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/09/27 03:02:34 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/09/27 03:02:32 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/27 03:02:01 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\kb913800.exe
[2008/09/27 03:00:57 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 02:58:31 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/27 02:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/27 02:55:39 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/27 02:55:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/27 02:55:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/27 02:55:26 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 02:46:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/09/27 02:41:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2008/09/27 02:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2008/09/27 02:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/27 02:37:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/09/27 02:34:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2008/09/27 02:32:07 | 00,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2008/09/27 02:28:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/09/27 02:27:37 | 00,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2008/09/27 02:27:33 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2008/09/27 02:27:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/09/27 02:27:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2008/09/27 02:27:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2008/09/27 02:24:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2008/09/27 02:24:11 | 03,170,476 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/09/27 02:24:11 | 00,050,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/27 02:24:11 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/09/27 02:24:11 | 00,000,087 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2008/09/27 02:24:09 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 02:24:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2008/09/27 02:24:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2008/09/27 02:24:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2008/09/27 02:24:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2008/09/27 02:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
[2008/09/27 02:23:01 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2008/09/17 09:55:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 09:55:00 | 01,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 09:55:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 09:55:00 | 01,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 09:55:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 09:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 09:55:00 | 00,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 09:55:00 | 00,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 09:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 09:55:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/09/15 19:14:26 | 00,524,288 | ---- | C] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2008/09/15 19:14:26 | 00,004,816 | ---- | C] () -- C:\WINDOWS\System32\divxsm.tlb
[2008/09/15 19:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:12:54 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/09/15 19:12:54 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2008/09/15 19:12:02 | 00,196,608 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2008/09/15 19:12:02 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/09/15 19:12:00 | 00,593,920 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2008/09/15 19:12:00 | 00,344,064 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2008/09/15 19:12:00 | 00,057,344 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2008/09/15 19:12:00 | 00,053,248 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/09/15 19:11:58 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/09/15 19:11:58 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/09/15 19:11:56 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/09/15 19:11:48 | 00,634,880 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2008/09/15 19:11:46 | 00,352,401 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2008/09/15 19:11:28 | 00,161,096 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2008/09/15 19:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/05 17:07:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/05 17:06:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/05 15:24:26 | 00,139,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/05 15:24:18 | 00,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/10/05 07:14:37 | 00,001,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\America's Army.lnk
[2008/10/05 03:48:40 | 00,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/05 03:47:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/04 16:51:25 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to analysis.exe.lnk
[2008/10/04 16:43:18 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/04 16:05:42 | 02,938,266 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2008/10/03 17:11:26 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/03 10:42:33 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PSO BB.lnk
[2008/10/03 04:19:07 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 00:22:55 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PHANTASY STAR UNIVERSE Illuminus.lnk
[2008/10/01 01:13:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/30 22:42:10 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Notepad.lnk
[2008/09/30 21:25:53 | 00,000,484 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW Acolytes.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 20:40:22 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 20:36:26 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2008/09/30 20:21:58 | 00,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/30 16:14:36 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/30 16:13:56 | 00,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/30 16:04:24 | 00,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/30 16:04:11 | 00,004,634 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/30 15:49:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/30 11:03:29 | 00,000,118 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\default.pls
[2008/09/30 10:46:15 | 00,000,322 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet 5400 series.job
[2008/09/29 23:54:38 | 00,473,464 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/29 23:54:38 | 00,402,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/29 23:54:38 | 00,063,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/29 23:47:43 | 03,170,476 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/09/29 17:45:37 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/29 08:30:07 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TimeShift.lnk
[2008/09/27 21:46:42 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Incredible Hulk.lnk
[2008/09/27 21:19:11 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2008/09/27 20:54:51 | 00,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/27 07:29:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/09/27 06:56:50 | 00,004,121 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\SVCD1.nsd
[2008/09/27 06:49:16 | 00,002,363 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2008/09/27 05:26:00 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2008/09/27 04:20:30 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/09/27 04:20:23 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2008/09/27 03:19:46 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2008/09/27 03:19:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/27 03:19:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/27 02:58:10 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/27 02:55:39 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/27 02:55:04 | 00,000,108 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/09/27 02:25:39 | 00,000,139 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/09/27 02:23:08 | 00,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/09/27 02:22:45 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2008/09/17 09:55:00 | 01,724,416 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 09:55:00 | 01,657,376 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 09:55:00 | 01,503,232 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 09:55:00 | 01,346,080 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 09:55:00 | 01,101,824 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 09:55:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 09:55:00 | 00,449,056 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 09:55:00 | 00,436,768 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 09:55:00 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 09:55:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/09/17 09:55:00 | 00,018,394 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/15 19:14:26 | 00,524,288 | ---- | M] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2008/09/15 19:14:26 | 00,004,816 | ---- | M] () -- C:\WINDOWS\System32\divxsm.tlb
[2008/09/15 19:14:24 | 03,596,288 | ---- | M] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:12:54 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/09/15 19:12:54 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2008/09/15 19:12:02 | 00,196,608 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2008/09/15 19:12:02 | 00,081,920 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/09/15 19:12:00 | 00,593,920 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2008/09/15 19:12:00 | 00,344,064 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2008/09/15 19:12:00 | 00,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2008/09/15 19:12:00 | 00,057,344 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2008/09/15 19:12:00 | 00,053,248 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/09/15 19:11:58 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/09/15 19:11:58 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/09/15 19:11:58 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/09/15 19:11:56 | 00,683,520 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/09/15 19:11:48 | 00,634,880 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2008/09/15 19:11:46 | 00,352,401 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2008/09/15 19:11:28 | 00,161,096 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2008/09/15 19:11:10 | 00,012,288 | ---- | M] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
< End of report >


heres the Extras log

OTViewIt Extras logfile created on: 10/5/2008 5:16:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 605.54 Mb Available Physical Memory | 59.22% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.79 Gb Total Space | 84.36 Gb Free Space | 47.45% Space Free | Partition Type: NTFS
Drive D: | 15.60 Gb Total Space | 10.37 Gb Free Space | 66.46% Space Free | Partition Type: FAT32
Drive E: | 98.86 Gb Total Space | 9.49 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive F: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
Drive G: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYTHIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/12/02 18:58:30 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/29 01:32:49 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/09/29 01:33:49 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/12 10:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/06/03 19:50:00 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/06/03 19:50:14 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/06/03 19:45:46 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/11 07:50:34 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/11 07:07:26 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/06/03 20:12:34 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/11 07:34:02 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/06/03 19:51:06 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/03/16 01:12:10 | 00,417,792 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/03/16 01:17:50 | 00,704,512 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2005/06/03 20:06:04 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/09/27 02:43:29 | 01,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
[2005/09/27 02:42:26 | 00,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
[2005/09/27 02:42:20 | 00,090,112 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
[2005/12/02 18:58:30 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/05/21 13:33:10 | 08,419,956 | ---- | M] () -- C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2
[2008/09/27 05:21:13 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/07/31 05:28:59 | 28,245,072 | ---- | M] () -- C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
[2008/09/29 01:32:49 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/09/29 01:33:49 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/08/05 03:37:08 | 01,458,912 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 12:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 12:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 12:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/02 01:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 08:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}"=Norton Internet Security
"{1367FA2F-2B3D-430F-872F-588B93420BFC}"=TimeShift
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}"=DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}"=Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}"=HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}"=Unload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}"=J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}"=cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}"=HPDeskjet5400Series
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}"=HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}"=Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}"=Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}"=Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}"=Norton Internet Security
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}"=NewCopy
"{5677563D-0CB1-485f-9E18-C5025306BB3F}"=Norton AntiSpam
"{567C23E1-7580-4185-B8C2-30805677297C}"=NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}"=HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}"=DocProc
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}"=Crysis WARHEAD®
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}"=AiOSoftware
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}"=LightScribe 1.4.52.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}"=Readme
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}"=Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}"=ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}"=Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B276997E-4367-4b1b-A39C-4CAE7464337A}"=AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}"=PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}"=Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}"=AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}"=cp_LightScribePlugin
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}"=Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}"=HP Photosmart Cameras 5.0
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}"=Norton Internet Security
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}"=Fax
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}"=CameraDrivers
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}"=Nero 8
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}"=America's Army
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}"=ccCommon
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}"=CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFB0FED6-0010-4E9B-A402-E513F2459161}"=muvee autoProducer unPlugged 1.2
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}"=muvee autoProducer 4.5
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}"=Norton WMI Update
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}"=HP Deskjet 5400 series
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}"=Battlefield 2142
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}"=HP DigitalMedia Archive
"{FC08587A-4F01-4188-819F-F55880022917}"=ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}"=Norton Internet Security
"12133444-BF36-4d4e-B7FB-A3424C645DE4"=GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AwayMode160"=Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Data Fax SoftModem with SmartCP
"Combat Arms"=Combat Arms
"Crysis WARHEAD®"=Crysis WARHEAD®
"DISCover"=DISCover
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 5.3
"HP Image Zone for Media Center PC"=HP Image Zone for Media Center PC
"HP Imaging Device Functions"=HP Imaging Device Functions 5.3
"HP Photo & Imaging"=HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"IntelliMover Data Transfer Demo"=Remove IntelliMover Demo
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"KBD"=HP Multimedia Keyboard Software
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"Phantasy Star Online Blue Burst_is1"=Phantasy Star Online Blue Burst 1.0
"PHANTASY STAR UNIVERSE Ambition of the Illuminus_is1"=PHANTASY STAR UNIVERSE Ambition of the Illuminus
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0"=RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security 2005 (Symantec Corporation)
"SystemRequirementsLab"=System Requirements Lab
"The Incredible Hulk"=The Incredible Hulk
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3616229981-413110331-2593493897-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2008 7:13:01 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x51fec63c.

Error - 10/3/2008 7:19:17 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x9103c63c.

Error - 10/3/2008 7:29:17 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x9103c63c.

Error - 10/3/2008 7:31:25 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x9103c63c.

Error - 10/3/2008 8:05:15 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application psobbtrainer.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 10/3/2008 11:03:15 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x000b1be4.

Error - 10/3/2008 11:03:17 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1001
Description = Fault bucket 883042264.

Error - 10/5/2008 2:42:46 AM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
shpsobb.exe, version 0.0.0.0, fault address 0x002963d5.

Error - 10/5/2008 5:13:34 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0xffffffff.

Error - 10/5/2008 5:13:38 PM | Computer Name = MYTHIC | Source = Application Error | ID = 1001
Description = Fault bucket 425139033.

[ System Events ]
Error - 10/4/2008 10:00:36 AM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/4/2008 10:00:43 AM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 10/4/2008 11:14:30 AM | Computer Name = MYTHIC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/4/2008 11:14:30 AM | Computer Name = MYTHIC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/4/2008 5:03:37 PM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/4/2008 5:03:42 PM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 10/4/2008 5:45:40 PM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/4/2008 5:45:40 PM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/4/2008 5:59:05 PM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/4/2008 5:59:10 PM | Computer Name = MYTHIC | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).


< End of report >


and heres the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:39 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HijackThis\analysis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10026 bytes


Thanks for this help its appriceated. As I said the popups seem to be a random advertisements of different things. My wife got on the pc and opened a site that was for 18+ viewers for victorian secrects and it poped up porn adds. I even got on and went to a site for computer hardware and got adds for different types of computers and software. Same with when my son got on it and opened up disney.com wich it opened up sites for travel and a few for different kids movies and toys. So heres the info you requested and I hope the info on the popup helped some at least, maybe its part of the trojan problem when it installed. No idea but I do thank you so much for this help your giving me.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 05 October 2008 - 07:01 PM

Hi.

Thanks for the specfic details you gave me with those popups those will help me in a way.

Thanks for this help its appriceated. As I said the popups seem to be a random advertisements of different things. My wife got on the pc and opened a site that was for 18+ viewers for victorian secrects and it poped up porn adds.

That doesn't sound good. We'll run an online scan and see what it picks up.

Also did you forget about the Kaspersky online scan in the previous post?
Please do the kaspersky online scan log and post it back to me in your next reply.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.


One last thing to ask you, any other problems besides popups? Just wondering.

Post back with the Kaspersky online scan log.

Thanks :thumbsup:

With Regards,
Extremboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 SgtLimbo

SgtLimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 05 October 2008 - 09:45 PM

Yeah getting the scan now. Forgot about it and its in the middle of scanning now just gotta wait for the scan to finish and ill have it with the post prior to your last post sence I still have the edit open. The only other thing ive noticed is that I seem to have at start of my pc after loading, I seem to have 63 processes running when before I left I only had around 41 at most. Not really sure if theres much other then the pc seems to bog down after its fully loaded up and seems to make programs close for no reason but that some times has to do with norton wont let programs stay open so I have to disable internet security and anti virus protection just so programs will run even when I try and open a doc file for my work or even a game doesnt seem to matter wich it is. I have that figured out for the most part sence I have a new copy I just got for norton that I just got yestarday but rather wait till this matter is cleared up before I install the new software. Right now my main concern is the trojans (wich seem to be basicly gone for the most part) the pc running slower, too many processes running and those annouying popups. I do appriceate the help on this sence it has cleared up alot and seems to be not as hard to run the pc and work at the same time. Thanks for this great help and the scan will be posted on my prior post as an edit due to I have the edit still open.

PS. sorry about the internet scan taking so long, its just that my pc decided it was going to restart and now I have to rerun the scan all over again. The scan was at 70% after 4 almost 5hrs long so it might be a while it seems. Sorry again.

Edited by SgtLimbo, 05 October 2008 - 11:07 PM.


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 06 October 2008 - 06:49 AM

Hi.

I know the Kaspersky takes a long time to run.

For the slow computer thing we can deal with that later. I need to first see an online scan to see what else is in your system.

Also one suggustion when running the kaspersky online scan is to close and disable as much application as possible and just leave kaspersky there for a few hours. Disable all your security programs because it may interfere with kaspersky scan.

Don't play any games just leave the scan alone and once its done post it here.

Right now my main concern is the trojans (wich seem to be basicly gone for the most part) the pc running slower, too many processes running and those annouying popups.

Can you tell me which trojan???The popups we will deal right now and the slowness we'll deal at the end.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 SgtLimbo

SgtLimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 06 October 2008 - 01:42 PM

Heres the Kasperksy scan finally but this is the file I got so I hope tihs is what you wanted.

Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Scan statistics
Files scanned 113391
Threat name 12
Infected objects 14
Suspicious objects 0
Duration of the scan 09:22:16

File name Threat name Threats count
C:\Documents and Settings\HP_Administrator\Desktop\Folders\Nero 8\Nero-8.3.6.0_eng_update.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1

C:\Documents and Settings\HP_Administrator\Desktop\Folders\Nero 8\Nero_8_Ultra_Edition_8.3.6.0.part1.rar Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1

C:\Documents and Settings\HP_Administrator\Desktop\Folders\Nero 8\Nero_8_Ultra_Edition_8.3.6.0.part2.rar Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31EB2181.dll Infected: Trojan.Win32.Monder.qit 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gmjierio.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kkdouvtb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alwx 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ljJASKde.dll.vir Infected: Trojan.Win32.Monder.qwj 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mishvlej.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alvf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pltyndou.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alyd 1

E:\Codemasters\RF Online;\RFPoA.exe Infected: Trojan-Dropper.Win32.Tiny.cf 1

E:\stuff to keep\cod4 generator.exe Infected: Trojan.Win32.Monder.pne 1

E:\stuff to keep\cod4 generator.exe Infected: Trojan-Downloader.Win32.Agent.agvb 1

E:\stuff to keep\cod4 generator.exe Infected: Trojan-Downloader.Win32.Agent.agld 1

E:\stuff to keep\cod4 generator.exe Infected: Trojan.Win32.Monder.pnm 1

The selected area was scanned.


Sorry it took so long I hope this is what it was you wanted.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 06 October 2008 - 02:19 PM

Hi.

Sorry it took so long I hope this is what it was you wanted.

Yup, thats what I wanted to see.

Right now my main concern is the trojans (wich seem to be basicly gone for the most part) the pc running slower, too many processes running and those annouying popups.

What trojans are you talking about?

Can you tell me? I'll post back with the insturctions soon. Just tell me what trojan you are seeing?

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 06 October 2008 - 02:19 PM

Sorry this was a double post...

Edited by extremeboy, 06 October 2008 - 02:20 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 06 October 2008 - 03:00 PM

Anyways please continue with the following instructions.
In your next post include what the trojan you were talking about.

Hi again.

The Kaspersky scan found some bad files that we need to remove later.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\258626d8.dll
    C:\WINDOWS\system32\12794a7c.dll
    C:\WINDOWS\system32\6fc70e0.dll
    C:\WINDOWS\system32\1016bd91.dll
    C:\WINDOWS\system32\d13797b.dll
    C:\WINDOWS\system32\1f987000.dll
    C:\WINDOWS\system32\30e88ae.dll 
    C:\WINDOWS\system32\13adb958.dll
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Delete Files/Folders manually

Use Windows Explorer to find and delete the following files:

E:\Codemasters\RF Online;\RFPoA.exe<-This file
E:\stuff to keep\cod4 generator.exe <-This file

As an example to delete a file:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Restart your computer once your done

Note: If you can't find the E:\ drive, it could be a USB flash memory or an external hard drive, so please attach it to your computer first and then delete it.

After doing all that please tell me who your computer running now?
Are there sill any popups? If so please describe any particular sites, if not then just tell me so.

Post back with the following:
  • Combofix log
  • Fresh OTviewit log
  • Fresh Hijackthis log
Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users