Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.zlob.g


  • This topic is locked This topic is locked
14 replies to this topic

#1 hmp76

hmp76

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 12 December 2008 - 10:51 AM

I just bought a new HP laptop on Sunday...so here's some basic info.

HP Dv7
Intel duo core
Windows Vista Home Premium
Made sure Norton was running.

Was on a trusted internet site Dec 9, then a security popup came up saying I had a trojan virus called Trojan.zlob.g.
Thinking my norton and firewall were working I clicked on the Protect button and it took me to a website for Personal Defender 2009.
I quickly closed the window, but realizing now I'm infected. (Angry) I tried to get back to the internet, but it kept closing all my internet windows and the Windows Security Alert popup window kept coming up. I've tried everything from Spybot Search and Destroy, to Malwarebytes. So here I am. I couldn't run the Kaspersky Reports because I couldn't stay connected with the internet.

So here is my log and info file. Thanks in advance! Cheers!

LOG

Logfile of random's system information tool 1.04 (written by random/random)
Run by HMP at 2008-12-12 09:37:09
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 184 GB (81%) free of 227 GB
Total RAM: 4092 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:37:11, on 12/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Users\HMP\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HMP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12295 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-07-28 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files (x86)\google\googletoolbar1.dll [2008-12-07 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar1.dll [2008-12-07 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"QPService"=C:\Program Files (x86)\HP\QuickPlay\QPService.exe [2008-06-25 468264]
"ccApp"=c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-12 09:37:09 ----D---- C:\rsit
2008-12-11 13:43:15 ----A---- C:\Windows\system32\tmp.txt
2008-12-11 13:43:15 ----A---- C:\Users\HMP\AppData\Roaming\SetValue.bat
2008-12-11 13:43:15 ----A---- C:\Users\HMP\AppData\Roaming\GetValue.vbs
2008-12-11 13:43:06 ----A---- C:\rapport.txt
2008-12-11 13:42:42 ----A---- C:\Windows\system32\WS2Fix.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\VCCLSID.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\VACFix.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\swxcacls.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\swsc.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\swreg.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\SrchSTS.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\Process.exe
2008-12-11 13:42:42 ----A---- C:\Windows\system32\dumphive.exe
2008-12-11 11:56:49 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-12-11 11:46:31 ----D---- C:\Users\HMP\AppData\Roaming\U3
2008-12-10 16:29:38 ----D---- C:\Program Files (x86)\Trend Micro
2008-12-10 02:31:59 ----D---- C:\Users\HMP\AppData\Roaming\Malwarebytes
2008-12-10 02:31:53 ----D---- C:\ProgramData\Malwarebytes
2008-12-10 02:17:37 ----SHD---- C:\Config.Msi
2008-12-10 01:10:57 ----A---- C:\Windows\ntbtlog.txt
2008-12-07 12:33:58 ----D---- C:\Users\HMP\AppData\Roaming\Google
2008-12-07 12:23:47 ----D---- C:\Users\HMP\AppData\Roaming\Skype
2008-12-07 12:23:31 ----D---- C:\ProgramData\Google
2008-12-07 12:23:25 ----D---- C:\Program Files (x86)\Google
2008-12-07 12:23:17 ----D---- C:\Program Files (x86)\Skype
2008-12-07 12:23:17 ----D---- C:\Program Files (x86)\Common Files\Skype
2008-12-07 12:23:14 ----D---- C:\ProgramData\Skype
2008-12-07 11:45:32 ----D---- C:\Program Files (x86)\MSXML 4.0
2008-12-06 23:49:57 ----D---- C:\Users\HMP\AppData\Roaming\Yahoo!
2008-12-06 23:49:57 ----D---- C:\ProgramData\Yahoo! Companion
2008-12-06 23:13:14 ----D---- C:\Users\HMP\AppData\Roaming\HP
2008-12-06 23:13:13 ----D---- C:\Users\HMP\AppData\Roaming\CyberLink
2008-12-06 23:13:06 ----A---- C:\ProgramData\MobileTV.exe
2008-12-06 23:13:06 ----A---- C:\ProgramData\DVD.exe
2008-12-06 23:13:05 ----D---- C:\ProgramData\ENU
2008-12-06 23:13:05 ----A---- C:\ProgramData\MPV.exe
2008-12-06 23:13:05 ----A---- C:\ProgramData\Karaoke.exe
2008-12-06 23:13:05 ----A---- C:\ProgramData\hpqp.txt
2008-12-06 23:13:05 ----A---- C:\ProgramData\Games.exe
2008-12-06 22:11:45 ----D---- C:\Users\HMP\AppData\Roaming\Macromedia
2008-12-06 22:11:39 ----D---- C:\Users\HMP\AppData\Roaming\Adobe
2008-12-06 21:35:05 ----A---- C:\Windows\system32\msshooks.dll
2008-12-06 21:35:05 ----A---- C:\Windows\system32\mimefilt.dll
2008-12-06 21:35:04 ----A---- C:\Windows\system32\msscb.dll
2008-12-06 21:35:02 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-12-06 21:35:02 ----A---- C:\Windows\system32\propdefs.dll
2008-12-06 21:35:02 ----A---- C:\Windows\system32\msstrc.dll
2008-12-06 21:35:02 ----A---- C:\Windows\system32\mssitlb.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\thawbrkr.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\propsys.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\offfilt.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\mssprxy.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\msshsq.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\korwbrkr.dll
2008-12-06 21:35:01 ----A---- C:\Windows\system32\chsbrkr.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\xmlfilter.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-12-06 21:35:00 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-12-06 21:35:00 ----A---- C:\Windows\system32\rtffilt.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\nlhtml.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\mssvp.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\mssrch.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\mssphtb.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\mssph.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\msscntrs.dll
2008-12-06 21:35:00 ----A---- C:\Windows\system32\chtbrkr.dll
2008-12-06 21:34:59 ----A---- C:\Windows\system32\tquery.dll
2008-12-06 21:30:09 ----D---- C:\Users\HMP\AppData\Roaming\WildTangent
2008-12-06 21:26:07 ----A---- C:\Windows\system32\tzres.dll
2008-12-06 21:18:18 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-12-06 21:18:13 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-12-06 21:17:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-12-06 21:16:41 ----A---- C:\Windows\system32\shell32.dll
2008-12-06 21:16:32 ----A---- C:\Windows\system32\mshtml.dll
2008-12-06 21:16:31 ----A---- C:\Windows\system32\ieframe.dll
2008-12-06 21:16:30 ----A---- C:\Windows\system32\wininet.dll
2008-12-06 21:16:30 ----A---- C:\Windows\system32\urlmon.dll
2008-12-06 21:16:30 ----A---- C:\Windows\system32\iertutil.dll
2008-12-06 21:16:29 ----A---- C:\Windows\system32\mstime.dll
2008-12-06 21:16:28 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-06 21:16:22 ----A---- C:\Windows\system32\EncDec.dll
2008-12-06 21:16:21 ----A---- C:\Windows\system32\psisdecd.dll
2008-12-06 21:16:16 ----A---- C:\Windows\system32\msxml6.dll
2008-12-06 21:16:09 ----A---- C:\Windows\system32\inetcomm.dll
2008-12-06 21:16:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-06 21:16:05 ----A---- C:\Windows\system32\gameux.dll
2008-12-06 21:16:05 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-06 21:15:58 ----A---- C:\Windows\system32\wshrm.dll
2008-12-06 21:15:57 ----A---- C:\Windows\system32\msxml3.dll
2008-12-06 21:15:54 ----A---- C:\Windows\system32\winipsec.dll
2008-12-06 21:15:54 ----A---- C:\Windows\system32\polstore.dll
2008-12-06 21:15:54 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-12-06 21:15:53 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-06 21:15:50 ----A---- C:\Windows\system32\wshqos.dll
2008-12-06 21:15:50 ----A---- C:\Windows\system32\traffic.dll
2008-12-06 21:15:50 ----A---- C:\Windows\system32\rpcrt4.dll
2008-12-06 21:15:50 ----A---- C:\Windows\system32\pacerprf.dll
2008-12-06 21:15:49 ----A---- C:\Windows\system32\win32spl.dll
2008-12-06 21:15:47 ----A---- C:\Windows\system32\quartz.dll
2008-12-06 21:15:46 ----A---- C:\Windows\system32\es.dll
2008-12-06 21:15:43 ----A---- C:\Windows\system32\connect.dll
2008-12-06 21:15:39 ----A---- C:\Windows\system32\wshext.dll
2008-12-06 21:15:39 ----A---- C:\Windows\system32\wscript.exe
2008-12-06 21:15:39 ----A---- C:\Windows\system32\vbscript.dll
2008-12-06 21:15:39 ----A---- C:\Windows\system32\scrrun.dll
2008-12-06 21:15:39 ----A---- C:\Windows\system32\scrobj.dll
2008-12-06 21:15:39 ----A---- C:\Windows\system32\jscript.dll
2008-12-06 21:15:39 ----A---- C:\Windows\system32\cscript.exe
2008-12-06 21:15:37 ----A---- C:\Windows\system32\dataclen.dll
2008-12-06 21:15:36 ----A---- C:\Windows\system32\wmpeffects.dll
2008-12-06 21:13:33 ----A---- C:\Windows\system32\Faultrep.dll
2008-12-06 21:10:20 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-06 21:10:20 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-06 21:10:20 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-06 21:09:56 ----A---- C:\Windows\system32\netapi32.dll
2008-12-06 21:04:57 ----A---- C:\Windows\system32\wups.dll
2008-12-06 21:04:57 ----A---- C:\Windows\system32\wudriver.dll
2008-12-06 21:04:57 ----A---- C:\Windows\system32\wuapi.dll
2008-12-06 21:04:50 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-06 21:04:50 ----A---- C:\Windows\system32\wuapp.exe
2008-12-06 20:58:35 ----D---- C:\Users\HMP\AppData\Roaming\Hewlett-Packard
2008-12-06 20:58:13 ----D---- C:\Users\HMP\AppData\Roaming\Symantec
2008-12-06 20:57:42 ----D---- C:\Users\HMP\AppData\Roaming\Identities
2008-12-06 20:48:59 ----D---- C:\Users\HMP\AppData\Roaming\HP TCS
2008-12-06 20:48:07 ----D---- C:\ProgramData\Viewpoint
2008-12-06 20:48:06 ----D---- C:\Program Files (x86)\Viewpoint
2008-12-06 20:47:51 ----D---- C:\ProgramData\AOL OCP
2008-12-06 20:47:51 ----D---- C:\ProgramData\AOL
2008-12-06 20:47:33 ----D---- C:\Program Files (x86)\Common Files\AOL
2008-12-06 20:47:32 ----D---- C:\Program Files (x86)\AIM6
2008-12-06 20:44:43 ----SD---- C:\Users\HMP\AppData\Roaming\Microsoft
2008-12-06 20:44:43 ----D---- C:\Users\HMP\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-12-12 09:37:11 ----D---- C:\Windows\Prefetch
2008-12-12 09:37:07 ----D---- C:\Windows\Temp
2008-12-12 09:34:08 ----D---- C:\Windows\rescache
2008-12-12 09:29:32 ----A---- C:\ProgramData\hpqp.ini
2008-12-12 09:23:50 ----D---- C:\Windows\System32
2008-12-12 09:23:50 ----D---- C:\Windows\inf
2008-12-12 09:23:13 ----D---- C:\Windows\SysWOW64
2008-12-11 11:56:52 ----D---- C:\Windows\system32\drivers
2008-12-11 11:56:49 ----RD---- C:\Program Files (x86)
2008-12-10 14:26:49 ----SHD---- C:\System Volume Information
2008-12-10 14:23:10 ----D---- C:\Windows\Logs
2008-12-10 02:31:53 ----HD---- C:\ProgramData
2008-12-10 02:29:52 ----D---- C:\Windows
2008-12-10 02:27:01 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2008-12-10 02:20:34 ----SHD---- C:\Windows\Installer
2008-12-07 12:23:17 ----D---- C:\Program Files (x86)\Common Files
2008-12-07 11:45:56 ----D---- C:\Windows\winsxs
2008-12-07 03:28:49 ----D---- C:\Windows\panther
2008-12-07 02:31:12 ----D---- C:\ProgramData\CyberLink
2008-12-06 23:13:13 ----D---- C:\ProgramData\HP
2008-12-06 22:26:26 ----RSD---- C:\Windows\assembly
2008-12-06 22:26:26 ----D---- C:\Windows\Microsoft.NET
2008-12-06 22:16:52 ----D---- C:\Windows\Tasks
2008-12-06 21:49:56 ----D---- C:\Windows\Debug
2008-12-06 21:40:37 ----D---- C:\Program Files (x86)\Norton Internet Security
2008-12-06 21:39:02 ----D---- C:\Windows\system32\en-US
2008-12-06 21:38:53 ----D---- C:\Windows\PolicyDefinitions
2008-12-06 21:38:52 ----D---- C:\Windows\AppPatch
2008-12-06 21:38:51 ----D---- C:\Windows\ehome
2008-12-06 21:38:43 ----D---- C:\Program Files (x86)\Windows Mail
2008-12-06 21:30:04 ----D---- C:\ProgramData\WildTangent
2008-12-06 21:19:52 ----D---- C:\Windows\SoftwareDistribution
2008-12-06 21:18:55 ----D---- C:\ProgramData\Symantec
2008-12-06 21:04:37 ----SD---- C:\ProgramData\Microsoft
2008-12-06 20:57:57 ----SHD---- C:\$RECYCLE.BIN
2008-12-06 20:57:38 ----D---- C:\Windows\SMINST
2008-12-06 20:57:29 ----D---- C:\Windows\system
2008-12-06 20:48:53 ----RD---- C:\Program Files (x86)\Online Services
2008-12-06 20:48:53 ----HD---- C:\HP
2008-12-06 20:47:52 ----SD---- C:\Windows\Downloaded Program Files
2008-12-06 20:46:44 ----HD---- C:\System.sav
2008-12-06 20:46:44 ----D---- C:\SwSetup
2008-12-06 20:44:43 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2008-11-20 475696]
R1 IDSvia64;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20081209.003\IDSvia64.sys [2008-12-04 368688]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS []
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files (x86)\HP\QuickPlay\000.fcl [2008-06-25 27632]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-20 128048]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20081209.025\ENG64.SYS [2008-11-20 136752]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20081209.025\EX64.SYS [2008-11-20 1461808]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-06-25 292216]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-06-25 116080]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe []
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-09 148832]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-07-28 1245064]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 comHost;COM Host; c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 267096]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------



INFO

info.txt logfile of random's system information tool 1.04 2008-12-12 09:37:12

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->"c:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~2\Yahoo!\Common\unyt.exe
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files (x86)\AIM6\uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files (x86)\google\googletoolbar1.dll"
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP Quick Launch Buttons 6.40 D1-->C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Smart Web Printing-->msiexec /i{380357CA-29F4-4B3C-B401-32C057E6B59B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0103-->MsiExec.exe /I{B8169E45-8E23-430B-91D1-EC64540C8ED0}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JMicron JMB38X Flash Media Controller-->"C:\Program Files (x86)\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
PhotoNow!-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files (x86)\HP\QuickPlay\unins001.exe"
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingbox Flash Tour-->MsiExec.exe /I{38EAC694-0D90-445F-8C17-8B50ADFE3162}
SlingPlayer-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\unyt.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\CyberLink\Power2Go
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM

"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:11 PM

Posted 20 December 2008 - 12:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 20 December 2008 - 03:52 PM

I have Vista, and I've downloaded the dds.scr and it tells me that it doesn't work for this operating system. It then tells me to press anykey to continue and then it just closes down. The other two you've said to download simply show up as jiberish. There's no file to download.

I've tried Malwarebytes, SuperantiSpyware, Norton Antivirus and none have detected the problem. I haven't done anything to the computer since I've posted the log or info file.

Thanks

#4 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 21 December 2008 - 02:21 PM

I've downloaded the DDS files from a different computer and didn't get the "jibberish" text like I did yesterday. So let me run those and I'll post the results.

Thanks again for your help!

Cheers :thumbsup:

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 22 December 2008 - 10:38 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
If DSS doesn't work please run the following:

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 23 December 2008 - 01:49 AM

Hello EB!

Thanks in advance for the help. I understand you all are busy, and I appreciate you taking the time to help me with my computer problem. And a Cheers to Orange Blossom....thank you!

Here are the two logs you've requested.

OTViewIt Log

OTViewIt logfile created on: 12/23/2008 00:37:42 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\HMP\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.55% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 170.71 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.89 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMP-PC
Current User Name: HMP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/06/25 23:36:24 | 00,292,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
[2008/06/25 23:36:24 | 00,116,080 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
[2008/04/26 02:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
[2007/01/09 03:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
[2008/12/04 13:50:00 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2008/06/25 23:35:38 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
[2008/03/14 09:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[2007/08/22 17:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
[2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2008/04/15 15:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[2008/01/09 01:22:14 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
[2008/03/25 05:28:02 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
[2007/09/26 08:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/04/11 09:49:06 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
[2008/02/07 12:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
[2008/02/09 16:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/06/19 15:04:50 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
[2008/07/28 08:06:33 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/12/23 00:35:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (AESTFilters [Auto | Running])
File not found -- -- (AgereModemAudio [Auto | Running])
[2008/02/09 16:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 20:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/20 20:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])
[2008/02/07 12:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
[2007/08/22 01:22:00 | 00,267,096 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/20 20:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2007/12/04 18:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2008/12/07 12:23:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/04/15 14:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2008/01/09 01:22:14 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [On_Demand | Running])
File not found -- -- (hpsrv [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])
[2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 20:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/20 20:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 20:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/06/25 23:36:24 | 00,292,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
[2008/06/25 23:36:24 | 00,116,080 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
[2008/04/26 02:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
[2007/01/09 03:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/20 20:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (STacSV [Auto | Running])
[2008/07/28 08:06:33 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

File not found -- -- (Accelerometer [On_Demand | Running])
[2008/01/20 20:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Boot | Running])
[2008/01/20 20:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Boot | Running])
[2008/01/20 20:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Boot | Running])
[2008/01/20 20:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Boot | Running])
File not found -- -- (AgereSoftModem [On_Demand | Running])
File not found -- -- (aic78xx [Boot | Running])
[2008/01/20 20:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Boot | Running])
[2008/01/20 20:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Boot | Running])
[2008/01/20 20:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Boot | Running])
[2008/01/20 20:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/20 20:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (btwaudio [On_Demand | Running])
File not found -- -- (btwavdt [On_Demand | Running])
File not found -- -- (btwrchid [On_Demand | Running])
[2008/01/20 20:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Boot | Running])
[2008/07/30 17:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\System32\drivers\COH_Mon.inf -- (COH_Mon [On_Demand | Stopped])
[2008/01/20 20:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/11/20 09:38:36 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
[2008/01/20 20:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Boot | Running])
File not found -- -- (enecir [On_Demand | Running])
[2008/11/20 09:38:36 | 00,128,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/20 20:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Boot | Running])
File not found -- -- (hpdskflt [Boot | Running])
File not found -- -- (HpqKbFiltr [On_Demand | Running])
[2008/01/20 20:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTAZL6.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2008/01/20 20:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTDPV6.SYS -- (HSF_DPV [On_Demand | Stopped])
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Boot | Running])
[2008/12/04 23:43:58 | 00,368,688 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081220.001\IDSviA64.sys -- (IDSvia64 [System | Running])
File not found -- -- (iirsp [Boot | Running])
File not found -- -- (iteatapi [Boot | Running])
File not found -- -- (iteraid [Boot | Running])
File not found -- -- (JMCR [On_Demand | Running])
[2008/01/20 20:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Boot | Running])
[2008/01/20 20:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Boot | Running])
[2008/01/20 20:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
[2008/01/20 20:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Boot | Running])
[2008/01/20 20:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Boot | Running])
[2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (Mraid35x [Boot | Running])
[2008/11/20 09:38:36 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081220.003\ENG64.SYS -- (NAVENG [On_Demand | Running])
[2008/11/20 09:38:36 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081220.003\EX64.SYS -- (NAVEX15 [On_Demand | Running])
File not found -- -- (NETw5v64 [On_Demand | Running])
File not found -- -- (nfrd960 [Boot | Running])
File not found -- -- (NVHDA [On_Demand | Running])
[2008/01/20 20:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/20 20:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Boot | Running])
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Boot | Running])
[2008/01/20 20:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Boot | Running])
File not found -- -- (ql40xx [Boot | Running])
File not found -- -- (RTL8169 [On_Demand | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2006/09/29 17:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 20:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Boot | Running])
File not found -- -- (SRTSP [On_Demand | Running])
File not found -- -- (SRTSPX [System | Running])
File not found -- -- (STHDA [On_Demand | Running])
File not found -- -- (Symc8xx [Boot | Running])
File not found -- -- (SYMDNS [On_Demand | Running])
File not found -- -- (SymEvent [On_Demand | Running])
File not found -- -- (SYMFW [On_Demand | Running])
File not found -- -- (SymIM [System | Running])
File not found -- -- (SYMNDISV [On_Demand | Running])
File not found -- -- (SYMREDRV [On_Demand | Running])
File not found -- -- (SYMTDI [System | Running])
File not found -- -- (Sym_hi [Boot | Running])
File not found -- -- (Sym_u3 [Boot | Running])
File not found -- -- (SynTP [On_Demand | Running])
[2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2008/01/20 20:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Boot | Running])
File not found -- -- (UlSata [Boot | Running])
[2008/01/20 20:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Boot | Running])
[2008/01/20 20:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Boot | Running])
[2008/01/20 20:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Boot | Running])
[2008/01/20 20:46:57 | 00,724,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTCNXT6.SYS -- (winachsf [On_Demand | Stopped])
[2008/06/25 23:35:28 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
"QPService"="C:\Program Files (x86)\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe" (Sun Microsystems, Inc.)
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 13:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\Software\Microsoft\Internet Explorer\MenuExt\]
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 13:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [2008/03/25 05:28:01 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/18 16:31:04 | 01,082,880 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Send To Bluetooth -- %SystemDrive%\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Send to &Bluetooth Device... -- %SystemDrive%\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/14 12:33:34 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Send To Bluetooth] -> File not found

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Send To Bluetooth] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-3552992561-2518136111-1605246647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06

========== (O17) DNS Name Servers ==========

{273465F0-2E3C-4EEB-B3F5-FD33E0A10812} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{AE0398E6-879C-47DA-99F7-B99E5E774F5B} (Servers: | Description: Intel® Wireless WiFi Link 5100)
{D7AC1FF6-F38C-4DFF-BF46-C7590FF80D0A} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 20:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 20:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/23 00:37:06 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe
[2008/12/20 15:00:37 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2008/12/20 14:52:37 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\IsolatedStorage
[2008/12/15 10:50:19 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/12/14 01:16:57 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008/12/14 01:16:47 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/14 01:16:46 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\SUPERAntiSpyware.com
[2008/12/14 01:16:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2008/12/14 01:15:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2008/12/14 01:15:31 | 05,780,000 | ---- | C] () -- C:\Users\HMP\Desktop\SUPERAntiSpyware.exe
[2008/12/14 00:42:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/12/14 00:42:55 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/12/14 00:42:30 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/12/14 00:42:30 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/14 00:42:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/12/14 00:42:29 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/12/14 00:42:29 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/12/14 00:42:28 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/12/14 00:42:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/12/14 00:42:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/12/14 00:40:22 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/12/14 00:40:19 | 03,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/12/14 00:40:19 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2008/12/14 00:40:18 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2008/12/14 00:40:16 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2008/12/14 00:40:15 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2008/12/14 00:40:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2008/12/14 00:40:08 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/12/12 09:37:09 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 09:36:34 | 00,305,705 | ---- | C] () -- C:\Users\HMP\Desktop\RSIT.exe
[2008/12/12 09:17:25 | 42,917,84704 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/11 13:43:15 | 00,003,168 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2008/12/11 13:43:15 | 00,000,691 | ---- | C] () -- C:\Users\HMP\AppData\Roaming\GetValue.vbs
[2008/12/11 13:43:15 | 00,000,035 | ---- | C] () -- C:\Users\HMP\AppData\Roaming\SetValue.bat
[2008/12/11 13:42:42 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2008/12/11 13:42:42 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2008/12/11 13:42:42 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2008/12/11 13:42:42 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2008/12/11 13:42:42 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2008/12/11 13:42:42 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2008/12/11 13:42:42 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2008/12/11 13:42:42 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2008/12/11 13:42:42 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2008/12/11 13:42:40 | 00,000,000 | ---D | C] -- C:\Users\HMP\Desktop\SmitfraudFix
[2008/12/11 13:30:02 | 01,583,839 | ---- | C] () -- C:\Users\HMP\Desktop\SmitfraudFix.exe
[2008/12/11 12:07:05 | 01,650,251 | -H-- | C] () -- C:\Users\HMP\AppData\Local\IconCache.db
[2008/12/11 11:56:53 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/11 11:56:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/12/11 11:56:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/11 11:56:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2008/12/11 11:51:10 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-setup.exe
[2008/12/11 11:46:31 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\U3
[2008/12/10 16:51:22 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\HMP\Desktop\ATF-Cleaner.exe
[2008/12/10 16:29:38 | 00,001,930 | ---- | C] () -- C:\Users\HMP\Desktop\HijackThis.lnk
[2008/12/10 16:29:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2008/12/10 16:29:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\HMP\Desktop\HJTInstall.exe
[2008/12/10 02:31:59 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Malwarebytes
[2008/12/10 02:31:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/12/07 12:33:58 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Google
[2008/12/07 12:33:58 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Google
[2008/12/07 12:23:47 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Skype
[2008/12/07 12:23:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2008/12/07 12:23:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2008/12/07 12:23:19 | 00,002,405 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2008/12/07 12:23:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2008/12/07 12:23:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2008/12/07 12:23:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2008/12/07 11:45:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2008/12/07 02:30:55 | 00,000,000 | ---D | C] -- C:\Users\HMP\Documents\Youcam
[2008/12/06 23:49:57 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Yahoo!
[2008/12/06 23:49:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2008/12/06 23:13:14 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\HP
[2008/12/06 23:13:13 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\CyberLink
[2008/12/06 23:13:06 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/06 23:13:06 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/06 23:13:05 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/06 23:13:05 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2008/12/06 23:13:05 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/12/06 23:13:05 | 00,000,000 | ---D | C] -- C:\ProgramData\ENU
[2008/12/06 23:13:03 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\QuickPlay
[2008/12/06 23:10:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Microsoft Games
[2008/12/06 23:09:57 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Apps
[2008/12/06 22:54:53 | 03,609,600 | ---- | C] () -- C:\Users\HMP\Desktop\WinterPlayerPack.msi
[2008/12/06 22:32:13 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2008/12/06 22:16:52 | 00,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job
[2008/12/06 22:11:45 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Macromedia
[2008/12/06 22:11:39 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Adobe
[2008/12/06 21:35:05 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/06 21:35:05 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2008/12/06 21:35:05 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/06 21:35:05 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2008/12/06 21:35:04 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2008/12/06 21:35:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/12/06 21:35:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2008/12/06 21:35:02 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2008/12/06 21:35:02 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2008/12/06 21:35:01 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2008/12/06 21:35:01 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2008/12/06 21:35:01 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2008/12/06 21:35:01 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2008/12/06 21:35:01 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2008/12/06 21:35:01 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2008/12/06 21:35:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2008/12/06 21:35:00 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2008/12/06 21:35:00 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2008/12/06 21:35:00 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2008/12/06 21:35:00 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2008/12/06 21:35:00 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/12/06 21:35:00 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2008/12/06 21:35:00 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2008/12/06 21:35:00 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/12/06 21:35:00 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2008/12/06 21:35:00 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2008/12/06 21:35:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2008/12/06 21:35:00 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2008/12/06 21:34:59 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2008/12/06 21:30:09 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\WildTangent
[2008/12/06 21:18:18 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/12/06 21:18:13 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/12/06 21:17:50 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/12/06 21:16:22 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008/12/06 21:16:21 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008/12/06 21:16:21 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008/12/06 21:16:21 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2008/12/06 21:16:21 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/12/06 21:16:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2008/12/06 21:16:16 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/12/06 21:16:09 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/12/06 21:16:05 | 01,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/12/06 21:15:58 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/12/06 21:15:57 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/12/06 21:15:54 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/12/06 21:15:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/12/06 21:15:54 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/12/06 21:15:53 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/12/06 21:15:50 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/12/06 21:15:50 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/12/06 21:15:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/12/06 21:15:50 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/12/06 21:15:49 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2008/12/06 21:15:47 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/12/06 21:15:46 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/12/06 21:15:43 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/12/06 21:15:39 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2008/12/06 21:15:39 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2008/12/06 21:15:39 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2008/12/06 21:15:39 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2008/12/06 21:15:39 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2008/12/06 21:15:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2008/12/06 21:15:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2008/12/06 21:15:39 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2008/12/06 21:15:37 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008/12/06 21:15:36 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/12/06 21:13:33 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2008/12/06 21:11:11 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Hewlett-Packard
[2008/12/06 21:10:20 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/12/06 21:10:20 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2008/12/06 21:10:20 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2008/12/06 21:09:56 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008/12/06 21:04:57 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/12/06 21:04:57 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/12/06 21:04:57 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/12/06 21:04:50 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/12/06 21:04:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/12/06 20:58:35 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Hewlett-Packard
[2008/12/06 20:58:27 | 00,000,000 | ---D | C] -- C:\Users\HMP\Documents\Bluetooth Exchange Folder
[2008/12/06 20:58:13 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Symantec
[2008/12/06 20:57:51 | 00,000,402 | -HS- | C] () -- C:\Users\HMP\Documents\desktop.ini
[2008/12/06 20:57:51 | 00,000,282 | -HS- | C] () -- C:\Users\HMP\Desktop\desktop.ini
[2008/12/06 20:57:51 | 00,000,174 | -HS- | C] () -- C:\Users\HMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 20:57:42 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Identities
[2008/12/06 20:57:29 | 00,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2008/12/06 20:56:05 | 00,000,554 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
[2008/12/06 20:54:19 | 00,076,064 | ---- | C] () -- C:\Users\HMP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/06 20:48:59 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\HP TCS
[2008/12/06 20:48:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2008/12/06 20:48:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2008/12/06 20:47:51 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2008/12/06 20:47:51 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL
[2008/12/06 20:47:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2008/12/06 20:47:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AIM6
[2008/12/06 20:47:30 | 00,000,366 | -H-- | C] () -- C:\IPH.PH
[2008/12/06 20:47:22 | 00,002,151 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2008/12/06 20:47:04 | 00,001,901 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2008/12/06 20:46:47 | 00,048,825 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/06 20:45:35 | 00,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCND84345CW_E487326-002_4A_I30F4_SCompal_V99.67_F.12_T080828_WV3-1_L409_M4093_J250_7Intel_8676_92.00_#081023_N10EC8168;80864237_(FS153UA#ABA)_XMOBILE_CN10_Z_2F.12.MRK
[2008/12/06 20:44:46 | 00,048,825 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/06 20:44:46 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\VirtualStore
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Videos
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Pictures
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Music
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\Temporary Internet Files
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\History
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\Application Data
[2008/12/06 20:44:43 | 00,000,000 | --SD | C] -- C:\Users\HMP\AppData\Roaming\Microsoft
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Media Center Programs
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Temp
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2008/12/23 00:35:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe
[2008/12/23 00:30:07 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job
[2008/12/23 00:29:24 | 00,048,825 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2008/12/23 00:29:23 | 00,048,825 | ---- | M] () -- C:\ProgramData\nvModes.001
[2008/12/23 00:29:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/12/20 14:27:04 | 00,000,253 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2008/12/20 14:25:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/12/20 14:25:13 | 42,917,84704 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/15 16:50:06 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/12/15 16:49:55 | 01,650,251 | -H-- | M] () -- C:\Users\HMP\AppData\Local\IconCache.db
[2008/12/14 01:16:47 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/14 01:11:46 | 05,780,000 | ---- | M] () -- C:\Users\HMP\Desktop\SUPERAntiSpyware.exe
[2008/12/12 09:35:46 | 00,305,705 | ---- | M] () -- C:\Users\HMP\Desktop\RSIT.exe
[2008/12/12 09:12:00 | 00,003,168 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2008/12/12 09:12:00 | 00,000,691 | ---- | M] () -- C:\Users\HMP\AppData\Roaming\GetValue.vbs
[2008/12/12 09:12:00 | 00,000,035 | ---- | M] () -- C:\Users\HMP\AppData\Roaming\SetValue.bat
[2008/12/11 12:08:06 | 01,583,839 | ---- | M] () -- C:\Users\HMP\Desktop\SmitfraudFix.exe
[2008/12/11 11:56:53 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/11 09:36:54 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-setup.exe
[2008/12/10 16:49:58 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\HMP\Desktop\ATF-Cleaner.exe
[2008/12/10 16:29:38 | 00,001,930 | ---- | M] () -- C:\Users\HMP\Desktop\HijackThis.lnk
[2008/12/10 16:28:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\HMP\Desktop\HJTInstall.exe
[2008/12/07 12:23:46 | 00,002,405 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2008/12/07 02:20:20 | 02,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/07 02:20:05 | 03,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/06 23:13:13 | 02,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/06 23:13:05 | 02,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2008/12/06 23:13:05 | 02,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/12/06 22:54:54 | 03,609,600 | ---- | M] () -- C:\Users\HMP\Desktop\WinterPlayerPack.msi
[2008/12/06 21:41:17 | 00,000,554 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
[2008/12/06 20:57:54 | 00,000,402 | -HS- | M] () -- C:\Users\HMP\Documents\desktop.ini
[2008/12/06 20:57:54 | 00,000,282 | -HS- | M] () -- C:\Users\HMP\Desktop\desktop.ini
[2008/12/06 20:57:54 | 00,000,174 | -HS- | M] () -- C:\Users\HMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 20:57:29 | 00,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2008/12/06 20:54:19 | 00,076,064 | ---- | M] () -- C:\Users\HMP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/06 20:48:53 | 00,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/12/06 20:45:35 | 00,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCND84345CW_E487326-002_4A_I30F4_SCompal_V99.67_F.12_T080828_WV3-1_L409_M4093_J250_7Intel_8676_92.00_#081023_N10EC8168;80864237_(FS153UA#ABA)_XMOBILE_CN10_Z_2F.12.MRK
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >




Here is the second Extra Log

OTViewIt Extras logfile created on: 12/23/2008 00:37:42 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\HMP\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.55% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 170.71 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.89 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMP-PC
Current User Name: HMP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/20 20:47:45 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/06/08 09:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/18 16:31:04 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/20 20:47:45 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}"=CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}"=HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}"=HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}"=HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}"=HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}"=Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}"=JMicron JMB38X Flash Media Controller
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{340F521E-3576-4E1A-B75C-EB0ACF751379}"=HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}"=PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}"=muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}"=HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}"=ESU for Microsoft Vista
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}"=Slingbox Flash Tour
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}"=HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}"=Cards_Calendar_OrderGift_DoMorePlugout
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}"=Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}"=HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}"=HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}"=HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}"=HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}"=hpphotosmartdisclabelplugin
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}"=HPPhotoSmartDiscLabel_PrintOnDisc
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}"=HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}"=HP Photosmart Essential 2.5
"{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}"=HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}"=LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow!
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}"=HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}"=VideoToolkit01
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}"=HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}"=IDT Audio
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{f32502b5-5b64-4882-bf61-77f23edcac4f}"=HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}"=HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}"=HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AIM_6"=AIM 6
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"HP Smart Web Printing"=HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}"=CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1"=QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security (Symantec Corporation)
"ViewpointMediaPlayer"=Viewpoint Media Player
"WildTangent hp Master Uninstall"=My HP Games
"Yahoo! Companion"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2008 22:44:19 | Computer Name = HMP-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/11/2008 22:45:04 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2008 11:01:45 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2008 11:03:32 | Computer Name = HMP-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/12/2008 11:19:05 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2008 11:29:17 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application QPService.exe, version 4.5.0.1, time stamp 0x486253a0,
faulting module upddpl.dll, version 0.0.0.0, time stamp 0x2a425e19, exception code
0xc0000005, fault offset 0x000022ed, process id 0xf40, application start time 0x01c95c6d158a37a3.

Error - 12/14/2008 02:36:23 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module upddpl.dll, version 0.0.0.0, time stamp 0x2a425e19,
exception code 0xc0000005, fault offset 0x000022f6, process id 0x3a0, application
start time 0x01c95db643402c80.

Error - 12/15/2008 12:45:16 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/15/2008 13:31:36 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application QPService.exe, version 4.5.0.1, time stamp 0x486253a0,
faulting module upddpl.dll, version 0.0.0.0, time stamp 0x2a425e19, exception code
0xc0000005, fault offset 0x00001ed5, process id 0xab0, application start time 0x01c95edad24e1d90.

Error - 12/15/2008 13:49:52 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/15/2008 13:49:58 | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2008 13:49:58 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/15/2008 13:49:58 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/15/2008 13:50:03 | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2008 13:50:03 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 12/15/2008 13:50:51 | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2008 13:50:51 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/20/2008 16:25:10 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/20/2008 16:25:10 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/20/2008 16:25:31 | Computer Name = HMP-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 23 December 2008 - 12:20 PM

Hello.

Could you describe to me what problems are you encountering so far? IE closing? etc...

From the logs you gave me you look fine. There are some orphaned entries related to some drivers and other things but that probably won't do anything. We can remove it if you wish to later.

Was on a trusted internet site Dec 9, then a security popup came up saying I had a trojan virus called Trojan.zlob.g.
Thinking my norton and firewall were working I clicked on the Protect button and it took me to a website for Personal Defender 2009.
I quickly closed the window, but realizing now I'm infected. (Angry) I tried to get back to the internet, but it kept closing all my internet windows and the Windows Security Alert popup window kept coming up. I've tried everything from Spybot Search and Destroy, to Malwarebytes. So here I am. I couldn't run the Kaspersky Reports because I couldn't stay connected with the internet.

Is your internet working okay now? Yes, Personal Defender 2009 is a rogue program, more information can be found here. However with that said, if you didn't install it or run it you are probably okay.

To be sure let's run Malwarebytes Anti-Malware scan please. I don't see much going on right now.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Please post back with:
-Malwarebytes Anti-Malware log
-Description of problems you are receiving still
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 24 December 2008 - 01:43 PM

Hi EB!

I'll be running the scan tonight. As you can imagine with the holidays, it's been pretty busy.


Thanks for the input and I hope you have a wonderful holiday! :thumbsup:

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 24 December 2008 - 02:20 PM

Hi.

Thanks for letting me know. It's fairly busy here at BC too. Post it back when you are ready and also describe to me what problems you have. :)

Happy Holidays to you too. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 25 December 2008 - 12:42 AM

Hi EB!

Here are the logs you requested. Seems to me like the new Malwarebytes scan worked. I had tired it before, but I couldn't get the updates because IE kept shutting down every time it would go to the net. Your linked helped and I downloaded it from my desktop computer and installed the file on my laptop. I did have to restart after the scan. Before the scan I was still getting the trojan.zlob.g alert window popping up about every 5 mins. After the scan it doesn't seem to be doing that now! (knock on wood) I can say when the "fake" security alert window popped up saying I had this trojan, I did click on the "Protect" button and it took me to the Windows Defender 2009 website. I quickly shut down everything from then. I hope that gives you the info you need. I haven't really done much since aside from the scans I conducted.

The OTViewIt Log:

OTViewIt logfile created on: 12/24/2008 23:21:00 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\HMP\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.65% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 170.84 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.89 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMP-PC
Current User Name: HMP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/06/25 23:36:24 | 00,292,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
[2008/06/25 23:36:24 | 00,116,080 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
[2008/04/26 02:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
[2007/01/09 03:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
[2008/12/04 13:50:00 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2008/06/25 23:35:38 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/03/14 09:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[2007/08/22 17:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
[2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
[2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2008/04/15 15:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[2008/01/09 01:22:14 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
[2008/03/25 05:28:02 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
[2007/09/26 08:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[2008/02/07 12:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
[2008/04/11 09:49:06 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
[2008/02/09 16:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/06/19 15:04:50 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
[2008/12/23 00:35:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (AESTFilters [Auto | Running])
File not found -- -- (AgereModemAudio [Auto | Running])
[2008/02/09 16:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 20:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/20 20:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])
[2008/02/07 12:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
[2007/08/22 01:22:00 | 00,267,096 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/20 20:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/12/04 18:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2008/12/07 12:23:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/04/15 14:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2008/01/09 01:22:14 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [On_Demand | Running])
File not found -- -- (hpsrv [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])
[2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 20:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/20 20:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 20:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/06/25 23:36:24 | 00,292,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
[2008/06/25 23:36:24 | 00,116,080 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
[2008/04/26 02:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
[2007/01/09 03:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/20 20:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (STacSV [Auto | Running])
[2008/07/28 08:06:33 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

File not found -- -- (Accelerometer [On_Demand | Running])
[2008/01/20 20:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Boot | Running])
[2008/01/20 20:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Boot | Running])
[2008/01/20 20:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Boot | Running])
[2008/01/20 20:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Boot | Running])
File not found -- -- (AgereSoftModem [On_Demand | Running])
File not found -- -- (aic78xx [Boot | Running])
[2008/01/20 20:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Boot | Running])
[2008/01/20 20:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Boot | Running])
[2008/01/20 20:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Boot | Running])
[2008/01/20 20:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/20 20:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (btwaudio [On_Demand | Running])
File not found -- -- (btwavdt [On_Demand | Running])
File not found -- -- (btwrchid [On_Demand | Running])
[2008/01/20 20:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Boot | Running])
[2008/07/30 17:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\System32\drivers\COH_Mon.inf -- (COH_Mon [On_Demand | Stopped])
[2008/01/20 20:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/11/20 09:38:36 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
[2008/01/20 20:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Boot | Running])
File not found -- -- (enecir [On_Demand | Running])
[2008/11/20 09:38:36 | 00,128,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/20 20:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Boot | Running])
File not found -- -- (hpdskflt [Boot | Running])
File not found -- -- (HpqKbFiltr [On_Demand | Running])
[2008/01/20 20:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTAZL6.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2008/01/20 20:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTDPV6.SYS -- (HSF_DPV [On_Demand | Stopped])
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Boot | Running])
[2008/12/04 23:43:58 | 00,368,688 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081220.001\IDSviA64.sys -- (IDSvia64 [System | Running])
File not found -- -- (iirsp [Boot | Running])
File not found -- -- (iteatapi [Boot | Running])
File not found -- -- (iteraid [Boot | Running])
File not found -- -- (JMCR [On_Demand | Running])
[2008/01/20 20:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Boot | Running])
[2008/01/20 20:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Boot | Running])
[2008/01/20 20:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
[2008/01/20 20:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Boot | Running])
[2008/01/20 20:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Boot | Running])
[2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (Mraid35x [Boot | Running])
[2008/11/20 09:38:36 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081220.003\ENG64.SYS -- (NAVENG [On_Demand | Running])
[2008/11/20 09:38:36 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081220.003\EX64.SYS -- (NAVEX15 [On_Demand | Running])
File not found -- -- (NETw5v64 [On_Demand | Running])
File not found -- -- (nfrd960 [Boot | Running])
File not found -- -- (NVHDA [On_Demand | Running])
[2008/01/20 20:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/20 20:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Boot | Running])
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Boot | Running])
[2008/01/20 20:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Boot | Running])
File not found -- -- (ql40xx [Boot | Running])
File not found -- -- (RTL8169 [On_Demand | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2006/09/29 17:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 20:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Boot | Running])
File not found -- -- (SRTSP [On_Demand | Running])
File not found -- -- (SRTSPX [System | Running])
File not found -- -- (STHDA [On_Demand | Running])
File not found -- -- (Symc8xx [Boot | Running])
File not found -- -- (SYMDNS [On_Demand | Running])
File not found -- -- (SymEvent [On_Demand | Running])
File not found -- -- (SYMFW [On_Demand | Running])
File not found -- -- (SymIM [System | Running])
File not found -- -- (SYMNDISV [On_Demand | Running])
File not found -- -- (SYMREDRV [On_Demand | Running])
File not found -- -- (SYMTDI [System | Running])
File not found -- -- (Sym_hi [Boot | Running])
File not found -- -- (Sym_u3 [Boot | Running])
File not found -- -- (SynTP [On_Demand | Running])
[2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2008/01/20 20:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Boot | Running])
File not found -- -- (UlSata [Boot | Running])
[2008/01/20 20:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Boot | Running])
[2008/01/20 20:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Boot | Running])
[2008/01/20 20:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Boot | Running])
[2008/01/20 20:46:57 | 00,724,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTCNXT6.SYS -- (winachsf [On_Demand | Stopped])
[2008/06/25 23:35:28 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
"QPService"="C:\Program Files (x86)\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe" (Sun Microsystems, Inc.)
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WinDNS"="C:\Users\HMP\AppData\Roaming\Google\windsn.exe" 2 File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 13:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [2008/03/25 05:28:01 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/18 16:31:04 | 01,082,880 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Send To Bluetooth -- %SystemDrive%\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Send to &Bluetooth Device... -- %SystemDrive%\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/14 12:33:34 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Send To Bluetooth] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06

========== (O17) DNS Name Servers ==========

{273465F0-2E3C-4EEB-B3F5-FD33E0A10812} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{AE0398E6-879C-47DA-99F7-B99E5E774F5B} (Servers: | Description: Intel® Wireless WiFi Link 5100)
{D7AC1FF6-F38C-4DFF-BF46-C7590FF80D0A} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 20:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 20:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/24 10:22:54 | 01,823,888 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-rules.exe
[2008/12/23 00:37:06 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe
[2008/12/20 14:52:37 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\IsolatedStorage
[2008/12/15 10:50:19 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/12/14 01:16:57 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008/12/14 01:16:47 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/14 01:16:46 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\SUPERAntiSpyware.com
[2008/12/14 01:16:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2008/12/14 01:15:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2008/12/14 01:15:31 | 05,780,000 | ---- | C] () -- C:\Users\HMP\Desktop\SUPERAntiSpyware.exe
[2008/12/14 00:42:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/12/14 00:42:55 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/12/14 00:42:30 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/12/14 00:42:30 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/14 00:42:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/12/14 00:42:29 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/12/14 00:42:29 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/12/14 00:42:28 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/12/14 00:42:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/12/14 00:42:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/12/14 00:40:22 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/12/14 00:40:19 | 03,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/12/14 00:40:19 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2008/12/14 00:40:18 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2008/12/14 00:40:16 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2008/12/14 00:40:15 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2008/12/14 00:40:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2008/12/14 00:40:08 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/12/12 09:37:09 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 09:36:34 | 00,305,705 | ---- | C] () -- C:\Users\HMP\Desktop\RSIT.exe
[2008/12/12 09:17:25 | 42,917,84704 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/11 13:43:15 | 00,003,168 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2008/12/11 13:43:15 | 00,000,691 | ---- | C] () -- C:\Users\HMP\AppData\Roaming\GetValue.vbs
[2008/12/11 13:43:15 | 00,000,035 | ---- | C] () -- C:\Users\HMP\AppData\Roaming\SetValue.bat
[2008/12/11 13:42:42 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2008/12/11 13:42:42 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2008/12/11 13:42:42 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2008/12/11 13:42:42 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2008/12/11 13:42:42 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2008/12/11 13:42:42 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2008/12/11 13:42:42 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2008/12/11 13:42:42 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2008/12/11 13:42:42 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2008/12/11 13:42:40 | 00,000,000 | ---D | C] -- C:\Users\HMP\Desktop\SmitfraudFix
[2008/12/11 13:30:02 | 01,583,839 | ---- | C] () -- C:\Users\HMP\Desktop\SmitfraudFix.exe
[2008/12/11 12:07:05 | 01,650,741 | -H-- | C] () -- C:\Users\HMP\AppData\Local\IconCache.db
[2008/12/11 11:56:53 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/11 11:56:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/12/11 11:56:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/11 11:56:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2008/12/11 11:51:10 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-setup.exe
[2008/12/11 11:46:31 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\U3
[2008/12/10 16:29:38 | 00,001,930 | ---- | C] () -- C:\Users\HMP\Desktop\HijackThis.lnk
[2008/12/10 16:29:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2008/12/10 16:29:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\HMP\Desktop\HJTInstall.exe
[2008/12/10 02:31:59 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Malwarebytes
[2008/12/10 02:31:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/12/07 12:23:47 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Skype
[2008/12/07 12:23:19 | 00,002,405 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2008/12/07 12:23:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2008/12/07 12:23:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2008/12/07 12:23:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2008/12/07 11:45:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2008/12/07 02:30:55 | 00,000,000 | ---D | C] -- C:\Users\HMP\Documents\Youcam
[2008/12/06 23:49:57 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Yahoo!
[2008/12/06 23:49:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2008/12/06 23:13:13 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\CyberLink
[2008/12/06 23:13:06 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/06 23:13:06 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/06 23:13:05 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/06 23:13:05 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2008/12/06 23:13:05 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/12/06 23:13:05 | 00,000,000 | ---D | C] -- C:\ProgramData\ENU
[2008/12/06 23:13:03 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\QuickPlay
[2008/12/06 23:10:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Microsoft Games
[2008/12/06 23:09:57 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Apps
[2008/12/06 22:54:53 | 03,609,600 | ---- | C] () -- C:\Users\HMP\Desktop\WinterPlayerPack.msi
[2008/12/06 22:32:13 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2008/12/06 22:16:52 | 00,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job
[2008/12/06 22:11:45 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Macromedia
[2008/12/06 22:11:39 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Adobe
[2008/12/06 21:35:05 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/06 21:35:05 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2008/12/06 21:35:05 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/06 21:35:05 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2008/12/06 21:35:04 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2008/12/06 21:35:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/12/06 21:35:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2008/12/06 21:35:02 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2008/12/06 21:35:02 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2008/12/06 21:35:01 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2008/12/06 21:35:01 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2008/12/06 21:35:01 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2008/12/06 21:35:01 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2008/12/06 21:35:01 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2008/12/06 21:35:01 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2008/12/06 21:35:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2008/12/06 21:35:00 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2008/12/06 21:35:00 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2008/12/06 21:35:00 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2008/12/06 21:35:00 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2008/12/06 21:35:00 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/12/06 21:35:00 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2008/12/06 21:35:00 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2008/12/06 21:35:00 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2008/12/06 21:35:00 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2008/12/06 21:35:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2008/12/06 21:35:00 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2008/12/06 21:34:59 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2008/12/06 21:30:09 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\WildTangent
[2008/12/06 21:18:18 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/12/06 21:18:13 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/12/06 21:17:50 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/12/06 21:16:22 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008/12/06 21:16:21 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008/12/06 21:16:21 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008/12/06 21:16:21 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2008/12/06 21:16:21 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/12/06 21:16:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2008/12/06 21:16:16 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/12/06 21:16:09 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/12/06 21:16:05 | 01,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/12/06 21:15:58 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/12/06 21:15:57 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/12/06 21:15:54 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/12/06 21:15:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/12/06 21:15:54 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/12/06 21:15:53 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/12/06 21:15:50 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/12/06 21:15:50 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/12/06 21:15:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/12/06 21:15:50 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/12/06 21:15:49 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2008/12/06 21:15:47 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/12/06 21:15:46 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/12/06 21:15:43 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/12/06 21:15:39 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2008/12/06 21:15:39 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2008/12/06 21:15:39 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2008/12/06 21:15:39 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2008/12/06 21:15:39 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2008/12/06 21:15:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2008/12/06 21:15:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2008/12/06 21:15:39 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2008/12/06 21:15:37 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008/12/06 21:15:36 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/12/06 21:13:33 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2008/12/06 21:10:20 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/12/06 21:10:20 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2008/12/06 21:10:20 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2008/12/06 21:09:56 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008/12/06 21:04:57 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/12/06 21:04:57 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/12/06 21:04:57 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/12/06 21:04:50 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/12/06 21:04:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/12/06 20:58:27 | 00,000,000 | ---D | C] -- C:\Users\HMP\Documents\Bluetooth Exchange Folder
[2008/12/06 20:58:13 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Symantec
[2008/12/06 20:57:51 | 00,000,402 | -HS- | C] () -- C:\Users\HMP\Documents\desktop.ini
[2008/12/06 20:57:51 | 00,000,282 | -HS- | C] () -- C:\Users\HMP\Desktop\desktop.ini
[2008/12/06 20:57:51 | 00,000,174 | -HS- | C] () -- C:\Users\HMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 20:57:42 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Identities
[2008/12/06 20:56:05 | 00,000,554 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
[2008/12/06 20:54:19 | 00,076,064 | ---- | C] () -- C:\Users\HMP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/06 20:48:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2008/12/06 20:48:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2008/12/06 20:47:51 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2008/12/06 20:47:51 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL
[2008/12/06 20:47:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2008/12/06 20:47:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AIM6
[2008/12/06 20:47:30 | 00,000,366 | -H-- | C] () -- C:\IPH.PH
[2008/12/06 20:47:22 | 00,002,151 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2008/12/06 20:46:47 | 00,048,825 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/06 20:44:46 | 00,048,825 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/06 20:44:46 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\VirtualStore
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Videos
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Pictures
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Music
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\Temporary Internet Files
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\History
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\Application Data
[2008/12/06 20:44:43 | 00,000,000 | --SD | C] -- C:\Users\HMP\AppData\Roaming\Microsoft
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Media Center Programs
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Temp
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2008/12/24 23:18:26 | 00,048,825 | ---- | M] () -- C:\ProgramData\nvModes.001
[2008/12/24 23:18:12 | 00,048,825 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2008/12/24 23:16:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/12/24 23:16:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/12/24 23:16:10 | 42,917,84704 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/24 23:14:59 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/12/24 23:14:57 | 01,650,741 | -H-- | M] () -- C:\Users\HMP\AppData\Local\IconCache.db
[2008/12/24 10:20:46 | 01,823,888 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-rules.exe
[2008/12/24 10:16:10 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job
[2008/12/23 00:35:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe
[2008/12/14 01:16:47 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/14 01:11:46 | 05,780,000 | ---- | M] () -- C:\Users\HMP\Desktop\SUPERAntiSpyware.exe
[2008/12/12 09:35:46 | 00,305,705 | ---- | M] () -- C:\Users\HMP\Desktop\RSIT.exe
[2008/12/12 09:12:00 | 00,003,168 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2008/12/12 09:12:00 | 00,000,691 | ---- | M] () -- C:\Users\HMP\AppData\Roaming\GetValue.vbs
[2008/12/12 09:12:00 | 00,000,035 | ---- | M] () -- C:\Users\HMP\AppData\Roaming\SetValue.bat
[2008/12/11 12:08:06 | 01,583,839 | ---- | M] () -- C:\Users\HMP\Desktop\SmitfraudFix.exe
[2008/12/11 11:56:53 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/11 09:36:54 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-setup.exe
[2008/12/10 16:29:38 | 00,001,930 | ---- | M] () -- C:\Users\HMP\Desktop\HijackThis.lnk
[2008/12/10 16:28:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\HMP\Desktop\HJTInstall.exe
[2008/12/07 12:23:46 | 00,002,405 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2008/12/07 02:20:20 | 02,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/07 02:20:05 | 03,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/06 23:13:13 | 02,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/06 23:13:05 | 02,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2008/12/06 23:13:05 | 02,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/12/06 22:54:54 | 03,609,600 | ---- | M] () -- C:\Users\HMP\Desktop\WinterPlayerPack.msi
[2008/12/06 21:41:17 | 00,000,554 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
[2008/12/06 20:57:54 | 00,000,402 | -HS- | M] () -- C:\Users\HMP\Documents\desktop.ini
[2008/12/06 20:57:54 | 00,000,282 | -HS- | M] () -- C:\Users\HMP\Desktop\desktop.ini
[2008/12/06 20:57:54 | 00,000,174 | -HS- | M] () -- C:\Users\HMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 20:54:19 | 00,076,064 | ---- | M] () -- C:\Users\HMP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/06 20:48:53 | 00,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >



The OTViewIt Extra Log:

OTViewIt Extras logfile created on: 12/24/2008 23:21:00 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\HMP\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.65% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 170.84 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.89 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMP-PC
Current User Name: HMP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[2008/01/20 20:47:45 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/06/08 09:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/11/18 16:31:04 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[2008/01/20 20:47:45 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[2008/10/15 22:47:30 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}"=CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}"=HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}"=HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}"=HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}"=HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}"=Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}"=JMicron JMB38X Flash Media Controller
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{340F521E-3576-4E1A-B75C-EB0ACF751379}"=HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}"=PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}"=muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}"=HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}"=ESU for Microsoft Vista
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}"=Slingbox Flash Tour
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}"=HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}"=Cards_Calendar_OrderGift_DoMorePlugout
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}"=Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}"=HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}"=HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}"=HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}"=HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}"=hpphotosmartdisclabelplugin
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}"=HPPhotoSmartDiscLabel_PrintOnDisc
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}"=HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}"=HP Photosmart Essential 2.5
"{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}"=HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}"=LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow!
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}"=HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}"=VideoToolkit01
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}"=HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}"=IDT Audio
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{f32502b5-5b64-4882-bf61-77f23edcac4f}"=HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}"=HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}"=HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AIM_6"=AIM 6
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"HP Smart Web Printing"=HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}"=CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1"=QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security (Symantec Corporation)
"ViewpointMediaPlayer"=Viewpoint Media Player
"WildTangent hp Master Uninstall"=My HP Games
"Yahoo! Companion"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2008 02:36:23 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module upddpl.dll, version 0.0.0.0, time stamp 0x2a425e19,
exception code 0xc0000005, fault offset 0x000022f6, process id 0x3a0, application
start time 0x01c95db643402c80.

Error - 12/15/2008 12:45:16 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/15/2008 13:31:36 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application QPService.exe, version 4.5.0.1, time stamp 0x486253a0,
faulting module upddpl.dll, version 0.0.0.0, time stamp 0x2a425e19, exception code
0xc0000005, fault offset 0x00001ed5, process id 0xab0, application start time 0x01c95edad24e1d90.

Error - 12/15/2008 13:49:52 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2008 16:26:33 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2008 19:46:09 | Computer Name = HMP-PC | Source = Application Hang | ID = 1002
Description = The program HpDocViewer.exe version 1.1.5.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11c Start Time: 01c962e4e3fde1ec Termination Time: 16

Error - 12/24/2008 12:19:26 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.31.0.0, time stamp 0x49373593,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a81d, exception
code 0x0eedfade, fault offset 0x0002f35f, process id 0x13d8, application start time
0x01c965e35cfba110.

Error - 12/24/2008 12:21:17 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.31.0.0, time stamp 0x49373593,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
code 0xc0000005, fault offset 0x0005a55c, process id 0x1184, application start time
0x01c965e390cb0e90.

Error - 12/24/2008 14:40:35 | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.31.0.0, time stamp 0x49373593,
faulting module upddpl.dll, version 0.0.0.0, time stamp 0x2a425e19, exception code
0xc0000005, fault offset 0x000022b0, process id 0x16d0, application start time 0x01c965e3ed600bb0.

Error - 12/25/2008 00:38:31 | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/20/2008 16:27:11 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/20/2008 16:27:16 | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/20/2008 16:27:16 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 12/20/2008 16:27:49 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/20/2008 16:27:52 | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/25/2008 00:37:07 | Computer Name = HMP-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:40:06 PM on 12/24/2008 was unexpected.

Error - 12/25/2008 00:36:45 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/25/2008 00:36:45 | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/25/2008 00:37:09 | Computer Name = HMP-PC | Source = HTTP | ID = 15016
Description =

Error - 12/25/2008 00:37:30 | Computer Name = HMP-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.


< End of report >


The MBAM Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1539
Windows 6.0.6001 Service Pack 1

12/24/2008 23:13:34
mbam-log-2008-12-24 (23-13-34).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 175969
Time elapsed: 30 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\HMP\AppData\Roaming\Google\upddpl.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\HMP\AppData\Roaming\Google\windsn.exe (Trojan.FakeAlert) -> Delete on reboot.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 25 December 2008 - 10:15 AM

Hello again.

Here are the logs you requested. Seems to me like the new Malwarebytes scan worked. I had tired it before, but I couldn't get the updates because IE kept shutting down every time it would go to the net. Your linked helped and I downloaded it from my desktop computer and installed the file on my laptop. I did have to restart after the scan. Before the scan I was still getting the trojan.zlob.g alert window popping up about every 5 mins. After the scan it doesn't seem to be doing that now! (knock on wood) I can say when the "fake" security alert window popped up saying I had this trojan, I did click on the "Protect" button and it took me to the Windows Defender 2009 website. I quickly shut down everything from then. I hope that gives you the info you need. I haven't really done much since aside from the scans I conducted.

Thanks for the detailed explanation. Glad that Malwarebytes worked! When you got redirected to the Windows Defender 2009 page, I'm glad you shut it down. As long as you didn't install the program then I think you are good. These rogue program sites, cannot just scan your computer telling you have 'bad' items just by you going on to that site, it isn't possible unless you downloaded some package they added... Anyways, as long as you didnt install it which i can see you didn't I think you are safe.

Your computer actually looks clean/close to clean from the logs. Some updating we need to do and some programs we need to warn you about..

View Point Programs Warning
Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Additional instructions on removing program can be found here.

WildTangent Program Warning

I see that you have "WildTangent hp Master Uninstall"/My HP Games installed. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. The only one you need to remove is this one:
    Java™ 6 Update 6
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Let's run an online scan to make sure nothing else is still lurking somewhere. Please scan your Whole Computer.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-Kaspersky scan log
-New OTViewIT log


*note: Also, just wanted to clarify one point you might be seeing from the logs. There are many parts that says "file not found". This is not always the case espically with your computer since it is a Vista 86 bit, this is how these tools interpret these kind of operating system. It's also kind of difficult to deal with these machines because many tools don't work. Your's is not that infected, but we will run a online scan to make sure :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 26 December 2008 - 03:02 PM

Thanks again EB for all your help!

Here are the scans you've requested. And I also wanted to ask if I make a donation to this website considering the wonderful job you guys do. I know you do this in your spare time and I comend you all for the time and effort you put into fixing problems like mine. I just want to say I really appreciate it! So thanks.

Now on to the scans!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 26, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 26, 2008 14:25:33
Records in database: 1517678
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 138889
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:12:32

No malware has been detected. The scan area is clean.

The selected area was scanned.

OTViewIt


OTViewIt logfile created on: 12/26/2008 1:40:56 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\HMP\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 51.62% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 165.64 Gb Free Space | 74.79% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.89 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMP-PC
Current User Name: HMP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/06/25 23:36:24 | 00,292,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
[2008/06/25 23:36:24 | 00,116,080 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
[2008/04/26 02:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
[2007/01/09 03:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
[2008/06/25 23:35:38 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/03/14 09:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[2007/08/22 17:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
[2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2008/04/15 15:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[2008/12/25 10:28:16 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2008/01/09 01:22:14 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
[2007/09/26 08:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[2008/02/07 12:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
[2008/04/11 09:49:06 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
[2008/06/19 15:04:50 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
[2008/02/09 16:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/01/20 20:48:06 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2008/03/14 12:34:06 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
[2008/04/20 18:06:04 | 00,972,128 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[2008/12/25 10:28:15 | 00,022,424 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
[2008/12/25 10:28:15 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
[2008/12/26 12:21:56 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\HMP\AppData\Local\Temp\jkos-HMP\binaries\ScanningProcess.exe
[2008/12/26 12:21:56 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\HMP\AppData\Local\Temp\jkos-HMP\binaries\ScanningProcess.exe
[2008/12/23 00:35:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (AESTFilters [Auto | Running])
File not found -- -- (AgereModemAudio [Auto | Running])
[2008/02/09 16:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 20:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/20 20:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])
[2008/02/07 12:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
[2007/08/22 01:22:00 | 00,267,096 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/20 20:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
File not found -- -- (gpsvc [Unknown | Running])
[2008/12/07 12:23:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/04/15 14:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2008/01/09 01:22:14 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [On_Demand | Running])
File not found -- -- (hpsrv [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])
[2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 20:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/20 20:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 20:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/06/25 23:36:24 | 00,292,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
[2008/06/25 23:36:24 | 00,116,080 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
[2008/04/26 02:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
[2007/01/09 03:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/20 20:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (STacSV [Auto | Running])
[2008/07/28 08:06:33 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

File not found -- -- (Accelerometer [On_Demand | Running])
[2008/01/20 20:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Boot | Running])
[2008/01/20 20:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Boot | Running])
[2008/01/20 20:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Boot | Running])
[2008/01/20 20:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Boot | Running])
File not found -- -- (AgereSoftModem [On_Demand | Running])
File not found -- -- (aic78xx [Boot | Running])
[2008/01/20 20:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Boot | Running])
[2008/01/20 20:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Boot | Running])
[2008/01/20 20:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Boot | Running])
[2008/01/20 20:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/20 20:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (btwaudio [On_Demand | Running])
File not found -- -- (btwavdt [On_Demand | Running])
File not found -- -- (btwrchid [On_Demand | Running])
[2008/01/20 20:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Boot | Running])
[2008/07/30 17:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\System32\drivers\COH_Mon.inf -- (COH_Mon [On_Demand | Stopped])
[2008/01/20 20:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/11/20 09:38:36 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
[2008/01/20 20:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Boot | Running])
File not found -- -- (enecir [On_Demand | Running])
[2008/11/20 09:38:36 | 00,128,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/20 20:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Boot | Running])
File not found -- -- (hpdskflt [Boot | Running])
File not found -- -- (HpqKbFiltr [On_Demand | Running])
[2008/01/20 20:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTAZL6.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2008/01/20 20:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTDPV6.SYS -- (HSF_DPV [On_Demand | Stopped])
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Boot | Running])
[2008/12/04 23:43:58 | 00,368,688 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081220.001\IDSviA64.sys -- (IDSvia64 [System | Running])
File not found -- -- (iirsp [Boot | Running])
File not found -- -- (iteatapi [Boot | Running])
File not found -- -- (iteraid [Boot | Running])
File not found -- -- (JMCR [On_Demand | Running])
[2008/01/20 20:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Boot | Running])
[2008/01/20 20:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Boot | Running])
[2008/01/20 20:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
[2008/01/20 20:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Boot | Running])
[2008/01/20 20:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Boot | Running])
[2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (Mraid35x [Boot | Running])
[2008/11/20 09:38:36 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081220.003\ENG64.SYS -- (NAVENG [On_Demand | Stopped])
[2008/11/20 09:38:36 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081220.003\EX64.SYS -- (NAVEX15 [On_Demand | Stopped])
File not found -- -- (NETw5v64 [On_Demand | Running])
File not found -- -- (nfrd960 [Boot | Running])
File not found -- -- (NVHDA [On_Demand | Running])
[2008/01/20 20:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/20 20:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Boot | Running])
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Boot | Running])
[2008/01/20 20:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Boot | Running])
File not found -- -- (ql40xx [Boot | Running])
File not found -- -- (RTL8169 [On_Demand | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2006/09/29 17:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 20:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Boot | Running])
File not found -- -- (SRTSPX [System | Running])
File not found -- -- (STHDA [On_Demand | Running])
File not found -- -- (Symc8xx [Boot | Running])
File not found -- -- (SYMDNS [On_Demand | Running])
File not found -- -- (SymEvent [On_Demand | Running])
File not found -- -- (SYMFW [On_Demand | Running])
File not found -- -- (SymIM [System | Running])
File not found -- -- (SYMNDISV [On_Demand | Running])
File not found -- -- (SYMREDRV [On_Demand | Running])
File not found -- -- (SYMTDI [System | Running])
File not found -- -- (Sym_hi [Boot | Running])
File not found -- -- (Sym_u3 [Boot | Running])
File not found -- -- (SynTP [On_Demand | Running])
[2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2008/01/20 20:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Boot | Running])
File not found -- -- (UlSata [Boot | Running])
[2008/01/20 20:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Boot | Running])
[2008/01/20 20:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Boot | Running])
[2008/01/20 20:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Boot | Running])
[2008/01/20 20:46:57 | 00,724,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTCNXT6.SYS -- (winachsf [On_Demand | Stopped])
[2008/06/25 23:35:28 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
"QPService"="C:\Program Files (x86)\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" (CyberLink Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WinDNS"="C:\Users\HMP\AppData\Roaming\Google\windsn.exe" 2 File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 13:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/18 16:31:04 | 01,082,880 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Send To Bluetooth -- %SystemDrive%\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Send to &Bluetooth Device... -- %SystemDrive%\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/14 12:33:34 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Send To Bluetooth] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{273465F0-2E3C-4EEB-B3F5-FD33E0A10812} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{AE0398E6-879C-47DA-99F7-B99E5E774F5B} (Servers: | Description: Intel® Wireless WiFi Link 5100)
{D7AC1FF6-F38C-4DFF-BF46-C7590FF80D0A} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 20:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 20:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1ebfa3-c486-11dd-bb0f-002186c0dc2a}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12e632c-c85f-11dd-91a2-002186c0dc2a}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/26 11:42:03 | 00,000,000 | ---D | C] -- C:\Users\HMP\Desktop\Logs
[2008/12/25 12:44:56 | 00,000,104 | ---- | C] () -- C:\Users\HMP\Desktop\Internet - Shortcut.lnk
[2008/12/25 12:11:04 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2008/12/25 10:30:56 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/12/25 10:30:55 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\skypePM
[2008/12/25 10:28:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2008/12/25 10:21:26 | 16,168,344 | ---- | C] () -- C:\Users\HMP\Desktop\jre-6u11-windows-i586-p.exe
[2008/12/25 09:58:10 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/24 10:22:54 | 01,823,888 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-rules.exe
[2008/12/23 00:37:06 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe
[2008/12/20 14:52:37 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\IsolatedStorage
[2008/12/15 10:50:19 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/12/14 01:16:57 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008/12/14 01:16:47 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/14 01:16:46 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\SUPERAntiSpyware.com
[2008/12/14 01:16:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2008/12/14 01:15:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2008/12/14 01:15:31 | 05,780,000 | ---- | C] () -- C:\Users\HMP\Desktop\SUPERAntiSpyware.exe
[2008/12/14 00:42:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/12/14 00:42:55 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/12/14 00:42:30 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/12/14 00:42:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/12/14 00:42:29 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/12/14 00:42:29 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/12/14 00:42:28 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/12/14 00:42:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/12/14 00:40:22 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/12/14 00:40:19 | 03,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/12/14 00:40:19 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2008/12/14 00:40:18 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2008/12/14 00:40:16 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2008/12/14 00:40:15 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2008/12/14 00:40:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2008/12/14 00:40:08 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/12/12 09:37:09 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 09:36:34 | 00,305,705 | ---- | C] () -- C:\Users\HMP\Desktop\RSIT.exe
[2008/12/12 09:17:25 | 42,917,84704 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/11 13:43:15 | 00,003,168 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2008/12/11 13:43:15 | 00,000,691 | ---- | C] () -- C:\Users\HMP\AppData\Roaming\GetValue.vbs
[2008/12/11 13:43:15 | 00,000,035 | ---- | C] () -- C:\Users\HMP\AppData\Roaming\SetValue.bat
[2008/12/11 13:42:42 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2008/12/11 13:42:42 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2008/12/11 13:42:42 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2008/12/11 13:42:42 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2008/12/11 13:42:42 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2008/12/11 13:42:42 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2008/12/11 13:42:42 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2008/12/11 13:42:42 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2008/12/11 13:42:42 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2008/12/11 13:42:40 | 00,000,000 | ---D | C] -- C:\Users\HMP\Desktop\SmitfraudFix
[2008/12/11 13:30:02 | 01,583,839 | ---- | C] () -- C:\Users\HMP\Desktop\SmitfraudFix.exe
[2008/12/11 12:07:05 | 01,714,081 | -H-- | C] () -- C:\Users\HMP\AppData\Local\IconCache.db
[2008/12/11 11:56:53 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/11 11:56:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/12/11 11:56:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/11 11:56:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2008/12/11 11:51:10 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-setup.exe
[2008/12/11 11:46:31 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\U3
[2008/12/10 16:29:38 | 00,001,930 | ---- | C] () -- C:\Users\HMP\Desktop\HijackThis.lnk
[2008/12/10 16:29:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2008/12/10 16:29:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\HMP\Desktop\HJTInstall.exe
[2008/12/10 02:31:59 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Malwarebytes
[2008/12/10 02:31:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/12/07 12:23:47 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Skype
[2008/12/07 12:23:19 | 00,002,365 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2008/12/07 12:23:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2008/12/07 12:23:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2008/12/07 12:23:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2008/12/07 11:45:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2008/12/07 02:30:55 | 00,000,000 | ---D | C] -- C:\Users\HMP\Documents\Youcam
[2008/12/06 23:49:57 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Yahoo!
[2008/12/06 23:49:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2008/12/06 23:13:13 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\CyberLink
[2008/12/06 23:13:06 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/06 23:13:06 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/06 23:13:05 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/06 23:13:05 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2008/12/06 23:13:05 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/12/06 23:13:05 | 00,000,000 | ---D | C] -- C:\ProgramData\ENU
[2008/12/06 23:13:03 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\QuickPlay
[2008/12/06 23:10:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Microsoft Games
[2008/12/06 23:09:57 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Apps
[2008/12/06 22:54:53 | 03,609,600 | ---- | C] () -- C:\Users\HMP\Desktop\WinterPlayerPack.msi
[2008/12/06 22:32:13 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2008/12/06 22:16:52 | 00,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job
[2008/12/06 22:11:45 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Macromedia
[2008/12/06 22:11:39 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Adobe
[2008/12/06 21:35:05 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/06 21:35:05 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2008/12/06 21:35:05 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/06 21:35:05 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2008/12/06 21:35:04 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2008/12/06 21:35:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/12/06 21:35:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2008/12/06 21:35:02 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2008/12/06 21:35:02 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2008/12/06 21:35:01 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2008/12/06 21:35:01 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2008/12/06 21:35:01 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2008/12/06 21:35:01 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2008/12/06 21:35:01 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2008/12/06 21:35:01 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2008/12/06 21:35:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2008/12/06 21:35:00 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2008/12/06 21:35:00 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2008/12/06 21:35:00 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2008/12/06 21:35:00 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2008/12/06 21:35:00 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/12/06 21:35:00 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2008/12/06 21:35:00 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2008/12/06 21:35:00 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2008/12/06 21:35:00 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2008/12/06 21:35:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2008/12/06 21:35:00 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2008/12/06 21:34:59 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2008/12/06 21:18:18 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/12/06 21:18:13 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/12/06 21:17:50 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/12/06 21:16:28 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/12/06 21:16:22 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008/12/06 21:16:21 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008/12/06 21:16:21 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008/12/06 21:16:21 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2008/12/06 21:16:21 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/12/06 21:16:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2008/12/06 21:16:16 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/12/06 21:16:09 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/12/06 21:16:05 | 01,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/12/06 21:15:58 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/12/06 21:15:57 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/12/06 21:15:54 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/12/06 21:15:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/12/06 21:15:54 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/12/06 21:15:53 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/12/06 21:15:50 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/12/06 21:15:50 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/12/06 21:15:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/12/06 21:15:50 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/12/06 21:15:49 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2008/12/06 21:15:47 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/12/06 21:15:46 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/12/06 21:15:43 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/12/06 21:15:39 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2008/12/06 21:15:39 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2008/12/06 21:15:39 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2008/12/06 21:15:39 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2008/12/06 21:15:39 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2008/12/06 21:15:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2008/12/06 21:15:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2008/12/06 21:15:39 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2008/12/06 21:15:37 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008/12/06 21:15:36 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/12/06 21:13:33 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2008/12/06 21:10:20 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/12/06 21:10:20 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2008/12/06 21:10:20 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2008/12/06 21:09:56 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008/12/06 21:04:57 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/12/06 21:04:57 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/12/06 21:04:57 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/12/06 21:04:50 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/12/06 21:04:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/12/06 20:58:27 | 00,000,000 | ---D | C] -- C:\Users\HMP\Documents\Bluetooth Exchange Folder
[2008/12/06 20:58:13 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Symantec
[2008/12/06 20:57:51 | 00,000,402 | -HS- | C] () -- C:\Users\HMP\Documents\desktop.ini
[2008/12/06 20:57:51 | 00,000,282 | -HS- | C] () -- C:\Users\HMP\Desktop\desktop.ini
[2008/12/06 20:57:51 | 00,000,174 | -HS- | C] () -- C:\Users\HMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 20:57:42 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Identities
[2008/12/06 20:56:05 | 00,000,554 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
[2008/12/06 20:54:19 | 00,076,064 | ---- | C] () -- C:\Users\HMP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/06 20:48:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2008/12/06 20:48:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2008/12/06 20:47:51 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2008/12/06 20:47:51 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL
[2008/12/06 20:47:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2008/12/06 20:47:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AIM6
[2008/12/06 20:47:30 | 00,000,366 | -H-- | C] () -- C:\IPH.PH
[2008/12/06 20:47:22 | 00,002,151 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2008/12/06 20:46:47 | 00,048,825 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/06 20:44:46 | 00,048,825 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/06 20:44:46 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\VirtualStore
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Videos
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Pictures
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\Documents\My Music
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\Temporary Internet Files
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\History
[2008/12/06 20:44:44 | 00,000,000 | -HSD | C] -- C:\Users\HMP\AppData\Local\Application Data
[2008/12/06 20:44:43 | 00,000,000 | --SD | C] -- C:\Users\HMP\AppData\Roaming\Microsoft
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Roaming\Media Center Programs
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Temp
[2008/12/06 20:44:43 | 00,000,000 | ---D | C] -- C:\Users\HMP\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2008/12/26 12:20:09 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEBF894-F92F-429C-A1FE-2E25A4C899D5}.job
[2008/12/26 12:13:40 | 00,048,825 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2008/12/26 12:13:40 | 00,048,825 | ---- | M] () -- C:\ProgramData\nvModes.001
[2008/12/26 12:13:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/12/26 12:13:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/12/26 12:13:04 | 42,917,84704 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/26 12:11:48 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/12/26 12:11:45 | 01,714,081 | -H-- | M] () -- C:\Users\HMP\AppData\Local\IconCache.db
[2008/12/25 12:44:56 | 00,000,104 | ---- | M] () -- C:\Users\HMP\Desktop\Internet - Shortcut.lnk
[2008/12/25 11:43:35 | 00,002,365 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2008/12/25 10:30:56 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2008/12/25 10:18:16 | 16,168,344 | ---- | M] () -- C:\Users\HMP\Desktop\jre-6u11-windows-i586-p.exe
[2008/12/24 10:20:46 | 01,823,888 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-rules.exe
[2008/12/23 00:35:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\HMP\Desktop\OTViewIt.exe
[2008/12/14 01:16:47 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/14 01:11:46 | 05,780,000 | ---- | M] () -- C:\Users\HMP\Desktop\SUPERAntiSpyware.exe
[2008/12/12 09:35:46 | 00,305,705 | ---- | M] () -- C:\Users\HMP\Desktop\RSIT.exe
[2008/12/12 09:12:00 | 00,003,168 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2008/12/12 09:12:00 | 00,000,691 | ---- | M] () -- C:\Users\HMP\AppData\Roaming\GetValue.vbs
[2008/12/12 09:12:00 | 00,000,035 | ---- | M] () -- C:\Users\HMP\AppData\Roaming\SetValue.bat
[2008/12/11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/11 12:08:06 | 01,583,839 | ---- | M] () -- C:\Users\HMP\Desktop\SmitfraudFix.exe
[2008/12/11 11:56:53 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/11 09:36:54 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HMP\Desktop\mbam-setup.exe
[2008/12/10 16:29:38 | 00,001,930 | ---- | M] () -- C:\Users\HMP\Desktop\HijackThis.lnk
[2008/12/10 16:28:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\HMP\Desktop\HJTInstall.exe
[2008/12/07 02:20:20 | 02,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/07 02:20:05 | 03,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/06 23:13:13 | 02,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/06 23:13:05 | 02,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2008/12/06 23:13:05 | 02,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2008/12/06 22:54:54 | 03,609,600 | ---- | M] () -- C:\Users\HMP\Desktop\WinterPlayerPack.msi
[2008/12/06 21:41:17 | 00,000,554 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - HMP.job
[2008/12/06 20:57:54 | 00,000,402 | -HS- | M] () -- C:\Users\HMP\Documents\desktop.ini
[2008/12/06 20:57:54 | 00,000,282 | -HS- | M] () -- C:\Users\HMP\Desktop\desktop.ini
[2008/12/06 20:57:54 | 00,000,174 | -HS- | M] () -- C:\Users\HMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/06 20:54:19 | 00,076,064 | ---- | M] () -- C:\Users\HMP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/06 20:48:53 | 00,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >



Extra Log


OTViewIt Extras logfile created on: 12/26/2008 1:40:56 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\HMP\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 51.62% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 165.64 Gb Free Space | 74.79% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.89 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMP-PC
Current User Name: HMP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[2008/01/20 20:47:45 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[2008/12/11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/12/11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/06/08 09:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2008/12/11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/11/18 16:31:04 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[2008/01/20 20:47:45 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[2008/12/11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/10/15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}"=CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}"=HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}"=HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}"=HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}"=HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}"=Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}"=JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{340F521E-3576-4E1A-B75C-EB0ACF751379}"=HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}"=PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}"=muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}"=HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}"=ESU for Microsoft Vista
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}"=Slingbox Flash Tour
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}"=HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}"=Cards_Calendar_OrderGift_DoMorePlugout
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}"=Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}"=HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}"=HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}"=HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}"=HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}"=hpphotosmartdisclabelplugin
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}"=HPPhotoSmartDiscLabel_PrintOnDisc
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}"=HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}"=HP Photosmart Essential 2.5
"{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}"=HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}"=LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow!
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}"=HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}"=VideoToolkit01
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}"=HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}"=IDT Audio
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{f32502b5-5b64-4882-bf61-77f23edcac4f}"=HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}"=HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}"=HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AIM_6"=AIM 6
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"HP Smart Web Printing"=HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}"=CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1"=QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security (Symantec Corporation)
"Yahoo! Companion"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2008 1:17:42 AM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2008 11:54:55 AM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2008 12:02:21 PM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2008 12:14:17 PM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2008 12:20:26 PM | Computer Name = HMP-PC | Source = Application Error | ID = 1000
Description = Faulting application STacSV64.exe, version 1.0.6017.13, time stamp
0x48641bea, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791ad6b,
exception code 0xc0000005, fault offset 0x0000000000003237, process id 0x1e4, application
start time 0x01c966abb2696b69.

Error - 12/25/2008 12:26:17 PM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2008 5:23:00 PM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/26/2008 12:37:35 AM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/26/2008 3:13:32 AM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/26/2008 1:40:13 PM | Computer Name = HMP-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/26/2008 3:13:41 AM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/26/2008 3:13:55 AM | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2008 3:13:55 AM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 12/26/2008 3:14:32 AM | Computer Name = HMP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2008 3:14:32 AM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/26/2008 1:39:28 PM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/26/2008 1:39:28 PM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/26/2008 1:39:45 PM | Computer Name = HMP-PC | Source = HTTP | ID = 15016
Description =

Error - 12/26/2008 1:40:10 PM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/26/2008 1:40:10 PM | Computer Name = HMP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.


< End of report >

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 26 December 2008 - 03:15 PM

Hello hmp76.

And I also wanted to ask if I make a donation to this website considering the wonderful job you guys do. I know you do this in your spare time and I comend you all for the time and effort you put into fixing problems like mine. I just want to say I really appreciate it! So thanks.

That's really kind of you.
The help you receive at Bleeping Computer is always free. Currently, neither I nor Bleeping Computer accept donations. However, if you want to show your appreciation, consider donating to Malware Removal University. MRU helps people with their malware problems in addition to training students.

From what I see your log looks very good. Malwarebytes did a good job and Kaspersky found nothing. :thumbsup:

Any Problems you're receiving? If not log looks good. Let's remove the tools we have used.

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Run Cleanup with OTViewIT

We will remove the leftover tool we have used.
  • Please double click on OTViewit.exe.
  • At the Main Screen please click the CleanUp button.
  • Follow the prompts to remove the tool we have used including OTViewIT.
Create a New System Restore Point<- Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Increase the Speed of your System

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :)


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks for your Donation! :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 hmp76

hmp76
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 26 December 2008 - 11:38 PM

Thanks EB!

I've followed all the tasks you've suggested and I've also bookmarked the links and of course BleepingComputer!

I'll be sure to donate to MRU! You have really been a big help and donating so others can learn is the first thing I'll be doing next!

I have no other problems with my computer and everything is running well. Thanks again for your help and YAY :thumbsup: :) we can close this topic!

Thanks again EB! Cheers and have a Happy New Year!

HMP76

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 27 December 2008 - 04:43 PM

Hello.

Glad I could help. Thanks for donating, that is very kind. I hope you have a Happy New Year! :thumbsup:

Since the problem seems to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users