Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Virtumonde", "Wild Tangent", and "Microsoft.Windows.SecurityCenter.Firewallbypass" problems


  • This topic is locked This topic is locked
34 replies to this topic

#1 Petermann

Petermann

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 14 December 2008 - 02:16 AM

My computer has been receiving pop-ups frequently and programs have been freezing and malfunctioning. I ran symantec antivirus and either cleaned or deleted any problems, ran spybot and deleted problems (but, Wild Tangent could not be removed), and tried a few other things people suggested (defrag, Ccleaner, tried to manually uninstall Virtumonde, uninstalling old Javas). But my computer still has problems. Every time I run Spybot, the same problems reappear, albeit in different quantities.

Here is the Log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-14 01:54:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 157 GB (68%) free of 231 GB
Total RAM: 958 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:04, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Winamp\winampa.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: (no name) - {4f573ea1-f6e7-4832-8b05-fc15c99994df} - C:\WINDOWS\system32\haditapo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CPM44c22ab7] Rundll32.exe "c:\windows\system32\yopareza.dll",a
O4 - HKLM\..\Run: [noyomeluva] Rundll32.exe "C:\WINDOWS\system32\nifodiyu.dll",s
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3860] command /c del "C:\WINDOWS\system32\zazovera.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2221] cmd /c del "C:\WINDOWS\system32\zazovera.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3646] command /c del "c:\windows\system32\yopareza.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7962] cmd /c del "c:\windows\system32\yopareza.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [SpybotDeletingB292] command /c del "C:\WINDOWS\system32\zazovera.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD272] cmd /c del "C:\WINDOWS\system32\zazovera.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9887] command /c del "c:\windows\system32\yopareza.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5051] cmd /c del "c:\windows\system32\yopareza.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [noyomeluva] Rundll32.exe "C:\WINDOWS\system32\nifodiyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [noyomeluva] Rundll32.exe "C:\WINDOWS\system32\nifodiyu.dll",s (User 'NETWORK SERVICE')
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://osgoode.yorku.ca/qp2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189123119046
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://deed.osgoode.yorku.ca/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\sonudodu.dll C:\WINDOWS\system32\vinelewe.dll c:\windows\system32\jimejise.dll c:\windows\system32\sorusodi.dll c:\windows\system32\ropenoya.dll c:\windows\system32\yopareza.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yopareza.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yopareza.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-31 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f573ea1-f6e7-4832-8b05-fc15c99994df}]
C:\WINDOWS\system32\haditapo.dll [2008-09-11 62149]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-22 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-17 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-23 180269]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-23 544768]
"PCDrProfiler"= []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-01-24 81920]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-02-23 35328]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-27 124656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"CPM44c22ab7"=c:\windows\system32\yopareza.dll []
"noyomeluva"=C:\WINDOWS\system32\nifodiyu.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]
"SpybotDeletingA3860"=command /c del C:\WINDOWS\system32\zazovera.dll_old []
"SpybotDeletingC2221"=cmd /c del C:\WINDOWS\system32\zazovera.dll_old []
"SpybotDeletingA3646"=command /c del c:\windows\system32\yopareza.dll_old []
"SpybotDeletingC7962"=cmd /c del c:\windows\system32\yopareza.dll_old []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-02 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB292"=command /c del C:\WINDOWS\system32\zazovera.dll_old []
"SpybotDeletingD272"=cmd /c del C:\WINDOWS\system32\zazovera.dll_old []
"SpybotDeletingB9887"=command /c del c:\windows\system32\yopareza.dll_old []
"SpybotDeletingD5051"=cmd /c del c:\windows\system32\yopareza.dll_old []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\sonudodu.dll C:\WINDOWS\system32\vinelewe.dll c:\windows\system32\jimejise.dll c:\windows\system32\sorusodi.dll c:\windows\system32\ropenoya.dll c:\windows\system32\yopareza.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-07 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yopareza.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yopareza.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
C:\WINDOWS\system32\vinelewe.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Disabled:logonui"
"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"="C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe:*:Disabled:SPBBCSvc"
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"="C:\Program Files\Windows Live\Messenger\usnsvc.exe:*:Disabled:usnsvc"
"C:\HP\KBD\KBD.EXE"="C:\HP\KBD\KBD.EXE:*:Enabled:KBD"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:atiptaxx"
"C:\WINDOWS\system32\attrib.exe"="C:\WINDOWS\system32\attrib.exe:*:Enabled:attrib"
"C:\WINDOWS\system32\cmd.exe"="C:\WINDOWS\system32\cmd.exe:*:Enabled:cmd"
"C:\WINDOWS\system32\find.exe"="C:\WINDOWS\system32\find.exe:*:Enabled:find"
"C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\VACFix.exe"="C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\VACFix.exe:*:Enabled:VACFix"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dc07964-3d83-11da-89ba-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dc07967-3d83-11da-89ba-806d6172696f}]
shell\AutoRun\command - F:\install.EXE id= ver=1.0.0.0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}]
shell\AutoRun\command - explorer.exe http://"www.iwantitall.ca"


======List of files/folders created in the last 1 months======

2008-12-14 01:54:40 ----D---- C:\Program Files\trend micro
2008-12-14 01:54:39 ----D---- C:\rsit
2008-12-14 01:05:49 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-12-14 01:05:33 ----D---- C:\Program Files\Uniblue
2008-12-14 01:05:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-13 23:47:12 ----SH---- C:\WINDOWS\system32\arevozaz.ini
2008-12-13 19:37:25 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-13 19:36:57 ----A---- C:\rapport.txt
2008-12-13 19:36:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-12-13 19:36:38 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\swsc.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\swreg.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\Process.exe
2008-12-13 19:36:37 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-12-13 19:35:16 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-13 11:47:13 ----SH---- C:\WINDOWS\system32\erogadag.ini
2008-12-12 23:15:39 ----SH---- C:\WINDOWS\system32\irezepup.ini
2008-12-12 12:03:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 11:15:33 ----SH---- C:\WINDOWS\system32\ezukekak.ini
2008-11-21 21:34:13 ----A---- C:\WINDOWS\system32\TDSSchet.dll
2008-11-17 08:24:32 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-16 09:06:17 ----A---- C:\WINDOWS\vpc32.INI

======List of files/folders modified in the last 1 months======

2008-12-14 01:54:40 ----D---- C:\Program Files
2008-12-14 01:23:44 ----SHD---- C:\WINDOWS\Installer
2008-12-14 01:23:44 ----HD---- C:\Config.Msi
2008-12-14 01:23:31 ----D---- C:\Program Files\Java
2008-12-14 01:23:10 ----D---- C:\WINDOWS\Temp
2008-12-14 01:23:10 ----D---- C:\WINDOWS\system32
2008-12-14 01:22:05 ----D---- C:\Program Files\Common Files
2008-12-14 00:58:12 ----D---- C:\WINDOWS
2008-12-14 00:46:26 ----A---- C:\WINDOWS\WININIT.INI
2008-12-14 00:36:47 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 00:08:20 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Skype
2008-12-13 23:47:09 ----N---- C:\WINDOWS\system32\zazovera.dll_old
2008-12-13 23:47:08 ----N---- C:\WINDOWS\system32\yopareza.dll_old
2008-12-13 21:41:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 20:48:11 ----D---- C:\WINDOWS\Prefetch
2008-12-13 20:45:16 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-13 20:44:31 ----D---- C:\WINDOWS\Downloaded Program Files
2008-12-13 19:53:44 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-13 19:33:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 19:33:06 ----D---- C:\WINDOWS\system32\Restore
2008-12-13 18:49:39 ----D---- C:\WINDOWS\inf
2008-12-13 18:45:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 18:24:39 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-12-13 11:47:11 ----ASH---- C:\WINDOWS\system32\gadagore.dll
2008-12-12 23:15:33 ----N---- C:\WINDOWS\system32\pupezeri.dll
2008-12-12 11:15:30 ----N---- C:\WINDOWS\system32\kakekuze.dll
2008-12-11 23:15:17 ----ASH---- C:\WINDOWS\system32\fatemoko.dll
2008-12-11 11:14:56 ----ASH---- C:\WINDOWS\system32\vafedewe.dll
2008-12-11 11:14:55 ----N---- C:\WINDOWS\system32\kojofaba.dll
2008-12-11 11:14:55 ----ASH---- C:\WINDOWS\system32\dugiwise.dll
2008-12-10 12:23:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 00:05:25 ----D---- C:\WINDOWS\Debug
2008-12-10 00:00:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-09 23:55:14 ----D---- C:\WINDOWS\wt
2008-12-09 16:28:01 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 10:13:02 ----D---- C:\WINDOWS\system32\dllcache
2008-11-17 08:24:36 ----D---- C:\WINDOWS\Help
2008-11-17 08:21:23 ----D---- C:\Program Files\McAfee
2008-11-16 09:06:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-16 09:01:03 ----D---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-10-18 55168]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-07 1235968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 2f3b101c-87f9-429c-a453-4e296c68397b;2f3b101c-87f9-429c-a453-4e296c68397b; \??\F:\Player\cds300.dll []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-07 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-27 31472]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-21 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-27 1805040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-02 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-27 115952]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


Here is the Info:

info.txt logfile of random's system information tool 1.04 2008-12-14 01:55:07

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barnyard Invasion from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5253F22E-D4B6-49B7-9106-28D9C5395F22\Uninstall.exe"
Bejeweled 2 Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7978E9A8-5A11-4406-BA8F-866E120352DF\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0B99A43B-A792-4003-9295-604BC687B6F6\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B41503CB-5FE0-47E0-87C1-47BA8E660BCC\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bookworm Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\47298745-7194-4142-AFDA-8BE2EDFDF82E\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CodeBaby Player (Remove Only) 1.0.2.15-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.15.inf,DefaultUninstall,5
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crystal Maze from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
Digby's Donuts from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\ED8E7ECA-9D6A-46BA-BF46-D97774AA7117\Uninstall.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FATE Demo from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\663A22CB-3C2B-4302-9A14-BC5DAFAB2071\Uninstall.exe"
FATE from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\01929F2A-2200-4042-8EFD-EEF933E9195C\Uninstall.exe"
Flip Words from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1\Uninstall.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet 5400 series-->C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\010D7E30-8019-4477-AE7C-BFBBDE570CB9\Uninstall.exe"
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Jewel Quest from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1E728F26-D920-45F1-9E97-4A5690B07A7F\Uninstall.exe"
LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mah Jong Quest from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3295A049-B970-4CC5-847C-7ABF14B9F8F1\Uninstall.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 1.48-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Office 2003 Tour-->MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Polar Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Polar Golfer from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe"
Proofing Client 6.1-->"C:\Program Files\RealTimeImage\Proofing Client\uninst.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BA910432-2C22-4BB8-9D13-46170F52C5AC\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Ricochet Lost Worlds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\27C7083E-4ECB-4C88-ACC1-0EDA88C00257\Uninstall.exe"
Safari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}
SCRABBLE Blast from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\95A4B97A-C363-41DD-B907-BD4AB9E4FF16\Uninstall.exe"
SCRABBLE from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D3203C96-6C76-43D6-A3D0-5DD6A0732E83\Uninstall.exe"
SCRABBLE Rack Attack from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6E4D87E1-83A3-4029-A9E4-2F360442E1FC\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\703E3900-69DA-47C9-9768-C6514098F149\Uninstall.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C1241092-7183-480A-A289-B5920C7C56D0\Uninstall.exe"
Slyder from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicStage 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
Swarm from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A9C7B4D4-A866-4696-B115-77B65D0A641A\Uninstall.exe"
Symantec AntiVirus-->MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
Tradewinds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Universal Media Player-->C:\WINDOWS\unvise32.exe C:\Program Files\Universal Media Player\uninstal.log
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Worms Armageddon-->C:\WINDOWS\IsUninst.exe -f"c:\MicroProse\Worms Armageddon\Uninst.isu"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------


Can someone help me? Thanks!

- Petermann

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 16 December 2008 - 07:23 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Petermann

Petermann
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 19 December 2008 - 02:56 AM

Hi EB,

No problem about the delay.

Here are the OTViewIt.Txt, Extras.Txt, and Kaspersky's Log.

OTVIEWIT.TXT:

OTViewIt logfile created on: 19/12/2008 2:09:40 AM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 493.18 Mb Available Physical Memory | 51.45% Memory free
2.26 Gb Paging File | 1.42 Gb Available in Paging File | 63.02% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.36 Gb Free Space | 69.38% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.66 Gb Free Space | 22.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/06/07 17:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/06/07 17:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/03/24 20:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2006/03/24 20:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2006/04/11 20:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/05/27 04:40:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/12/14 03:12:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/06/21 01:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/05/27 04:40:32 | 01,805,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2005/08/23 18:13:25 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/01/23 21:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2006/02/19 01:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2005/01/24 19:58:02 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
[2006/02/23 14:10:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2006/03/24 20:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2006/05/27 04:40:42 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2005/01/24 18:36:52 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/12/14 03:12:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/07/02 11:22:53 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
[2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
[2004/09/07 08:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[2005/06/07 23:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[1998/05/07 04:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2008/11/14 21:54:28 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/09/20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/19 02:05:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/06/07 17:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/03/24 20:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2006/03/24 20:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2006/05/27 04:40:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2007/01/26 23:18:42 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/12/14 03:12:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/06/21 01:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2005/01/26 15:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/26 15:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/03/02 20:49:14 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
[2006/05/27 04:40:36 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2006/04/11 20:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2005/01/26 15:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/24 18:36:52 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Running])
[2006/05/27 04:40:32 | 01,805,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/04/20 06:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 09:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/06/07 17:44:36 | 01,235,968 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/11/05 10:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
[2008/10/15 14:45:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/10/15 14:45:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/04/14 16:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/01/31 19:48:56 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/01/31 19:48:57 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/01/31 19:48:53 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/03/09 13:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/11/20 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081212.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/20 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081212.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 04:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 06:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2005/12/19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005/12/19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2005/10/18 08:55:42 | 00,055,168 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/01/25 01:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])
[2006/04/11 20:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006/01/31 13:29:20 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2006/01/24 20:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2006/01/24 20:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/08/04 00:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (289711 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9979 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{089FD14D-132B-48FC-8861-0048AE113215} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4A368E80-174F-4872-96B5-0B27DDD11DB2} (HKLM) -- C:\Program Files\SpywareGuard\dlprotect.dll ()
{4f573ea1-f6e7-4832-8b05-fc15c99994df} (HKLM) -- C:\WINDOWS\system32\holuyibi.dll ()
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"47f1192b"=rundll32.exe "C:\WINDOWS\system32\zazovera.dll",b File not found
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CPM44c22ab7"=Rundll32.exe "c:\windows\system32\mipumuju.dll",a ()
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"noyomeluva"=Rundll32.exe "C:\WINDOWS\system32\foburune.dll",s File not found
"PCDrProfiler"= File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SMSERIAL"=sm56hlpr.exe (Motorola Inc.)
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"noyomeluva"=Rundll32.exe "C:\WINDOWS\system32\foburune.dll",s File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"noyomeluva"=Rundll32.exe "C:\WINDOWS\system32\foburune.dll",s File not found

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register C:\Program Files\DivX\DivX Web Player\npdivx32.dll"="C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Web Player\npdivx32.dll",DllRegisterServer File not found

========== (O4) Startup Folders ==========

[2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
[2005/05/02 10:25:36 | 00,036,864 | ---- | M] (NeoPlanet) -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk = C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe
[2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add To HP Organize...: C:\Program Files\Hewlett-Packard\HP Organize\bin [2005/08/23 19:07:12 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\MenuExt\]
Add To HP Organize...: C:\Program Files\Hewlett-Packard\HP Organize\bin [2005/08/23 19:07:12 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007/08/31 16:40:04 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/21 00:14:56 | 00,000,735 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/21 00:14:56 | 00,000,735 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05D96F71-87C6-11D3-9BE4-00902742D6E0}: http://osgoode.yorku.ca/qp2.cab -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebook.com/controls/Facebo...toUploader3.cab -- Reg Error: Key does not exist or could not be opened.
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1189123119046 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{E008A543-CEFB-4559-912F-C27C2B89F13B}: http://deed.osgoode.yorku.ca/dwa7W.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{61D1CE01-5D3E-4726-AAD6-94990011C379} (Servers: | Description: 1394 Net Adapter)
{B79CD0E0-7DB7-4724-A9D0-ED3179536593} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{CF209B0A-9F03-49E0-BE1F-6C8C9551FE25} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\windows\system32\sonudodu.dll c:\windows\system32\jimejise.dll c:\windows\system32\sorusodi.dll c:\windows\system32\ropenoya.dll c:\windows\system32\yopareza.dll C:\WINDOWS\system32\seyohehu.dll c:\windows\system32\gikatuma.dll c:\windows\system32\rapepute.dll c:\windows\system32\mipumuju.dll
>File not found -- c:\windows\system32\sonudodu.dll
>File not found -- c:\windows\system32\jimejise.dll
>File not found -- c:\windows\system32\sorusodi.dll
>File not found -- c:\windows\system32\ropenoya.dll
>File not found -- c:\windows\system32\yopareza.dll
>[2008/09/16 10:45:43 | 00,065,744 | -HS- | M] () -- C:\WINDOWS\system32\seyohehu.dll
>File not found -- c:\windows\system32\gikatuma.dll
>File not found -- c:\windows\system32\rapepute.dll
>[2008/12/19 00:28:40 | 00,098,049 | -HS- | M] () -- c:\WINDOWS\system32\mipumuju.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\mipumuju.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\mipumuju.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" (HKLM) -- C:\Program Files\SpywareGuard\spywareguard.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/08/23 18:28:20 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc07964-3d83-11da-89ba-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc07964-3d83-11da-89ba-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc07964-3d83-11da-89ba-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}\Shell\AutoRun\command]
""=C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/19 02:04:59 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/12/19 00:28:39 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\unebodal.ini
[2008/12/18 23:25:43 | 00,362,571 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\On Being a Happy Healthy Ethical Person in an Unhappy Unhealthy and Unethical Profession.pdf
[2008/12/18 13:51:56 | 02,569,312 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\DivXWebPlayerInstaller.exe
[2008/12/18 12:28:25 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\owusekev.ini
[2008/12/18 00:28:05 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\etadovuz.ini
[2008/12/17 12:28:09 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\idiyiriy.ini
[2008/12/16 23:45:43 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\anejosep.ini
[2008/12/16 12:59:08 | 00,000,681 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2008/12/16 12:59:08 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2008/12/16 12:59:08 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard.lnk
[2008/12/16 12:59:08 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2008/12/16 12:56:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/16 12:55:10 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2008/12/16 12:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/12/16 12:23:31 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/16 12:23:31 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/16 12:23:21 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/16 12:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/16 12:22:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/16 12:21:49 | 02,062,665 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\spywareguardsetup.exe
[2008/12/16 12:20:56 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\HP_Owner\Desktop\spywareblastersetup41.exe
[2008/12/16 12:20:00 | 23,804,784 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\aaw2008.exe
[2008/12/16 11:45:33 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\utudeyar.ini
[2008/12/15 19:40:55 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Christmas List.doc
[2008/12/15 19:08:42 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\iravewid.ini
[2008/12/15 07:08:53 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ativamot.ini
[2008/12/14 11:47:24 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\eromadik.ini
[2008/12/14 03:24:24 | 00,036,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry 2.reg
[2008/12/14 03:18:41 | 00,786,372 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry.reg
[2008/12/14 01:54:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/14 01:54:39 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 01:54:14 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
[2008/12/14 01:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
[2008/12/14 01:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2008/12/14 01:05:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/12/13 23:47:12 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\arevozaz.ini
[2008/12/13 21:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\DESKTOP NOTES
[2008/12/13 19:53:09 | 10,051,13344 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/13 19:37:25 | 00,003,402 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/12/13 19:36:38 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/12/13 19:36:38 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2008/12/13 19:36:37 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/12/13 19:36:37 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/12/13 19:36:37 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/12/13 19:36:37 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/12/13 19:36:37 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/12/13 19:36:37 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/12/13 19:36:37 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/12/13 19:36:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/12/13 19:36:37 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/12/13 19:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
[2008/12/13 19:09:59 | 01,660,419 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix.exe
[2008/12/13 11:47:13 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\erogadag.ini
[2008/12/12 23:15:39 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\irezepup.ini
[2008/12/12 11:15:33 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ezukekak.ini
[2008/11/24 20:51:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Law Firm Resume
[2008/11/21 21:34:13 | 00,002,351 | ---- | C] () -- C:\WINDOWS\System32\TDSSchet.dll
[2008/11/21 21:34:07 | 00,000,527 | ---- | C] () -- C:\WINDOWS\System32\TDSSduht.dat
[2008/11/21 16:46:10 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/11/21 16:46:10 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/19 02:10:45 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lokolafe
[2008/12/19 02:05:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/12/19 00:28:45 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\unebodal.ini
[2008/12/19 00:28:40 | 00,098,049 | -HS- | M] () -- C:\WINDOWS\System32\mipumuju.dll
[2008/12/19 00:28:39 | 00,083,031 | -HS- | M] () -- C:\WINDOWS\System32\ladobenu.dll
[2008/12/18 23:25:44 | 00,362,571 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\On Being a Happy Healthy Ethical Person in an Unhappy Unhealthy and Unethical Profession.pdf
[2008/12/18 20:28:16 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\My Sharing Folders.lnk
[2008/12/18 20:25:17 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/12/18 13:52:22 | 00,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\DivX Movies.lnk
[2008/12/18 13:51:58 | 02,569,312 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\DivXWebPlayerInstaller.exe
[2008/12/18 12:28:25 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\owusekev.ini
[2008/12/18 12:28:20 | 00,096,000 | -HS- | M] () -- C:\WINDOWS\System32\gejekoyu.dll
[2008/12/18 12:28:20 | 00,085,280 | ---- | M] () -- C:\WINDOWS\System32\vekesuwo.dll
[2008/12/18 09:00:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/18 09:00:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/18 09:00:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/18 08:59:41 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/18 00:28:05 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\etadovuz.ini
[2008/12/18 00:28:01 | 00,089,812 | -HS- | M] () -- C:\WINDOWS\System32\zuvodate.dll
[2008/12/18 00:27:59 | 00,095,454 | -HS- | M] () -- C:\WINDOWS\System32\muyinepa.dll
[2008/12/17 14:36:28 | 00,001,107 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/12/17 12:28:09 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\idiyiriy.ini
[2008/12/17 12:28:05 | 00,089,740 | -HS- | M] (VMware, Inc.) -- C:\WINDOWS\System32\yiriyidi.dll
[2008/12/16 23:45:43 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\anejosep.ini
[2008/12/16 23:45:34 | 00,095,296 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lojupaja.dll
[2008/12/16 23:45:34 | 00,089,842 | -HS- | M] () -- C:\WINDOWS\System32\pesojena.dll
[2008/12/16 12:59:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2008/12/16 12:59:08 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2008/12/16 12:59:08 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard.lnk
[2008/12/16 12:55:10 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2008/12/16 12:23:31 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/16 12:23:31 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/16 12:22:09 | 23,804,784 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\aaw2008.exe
[2008/12/16 12:22:01 | 02,062,665 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\spywareguardsetup.exe
[2008/12/16 12:21:17 | 02,869,536 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\HP_Owner\Desktop\spywareblastersetup41.exe
[2008/12/16 11:45:33 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\utudeyar.ini
[2008/12/16 10:45:27 | 00,097,416 | -HS- | M] (ABBYY (BIT Software)) -- C:\WINDOWS\System32\rezakaju.dll
[2008/12/16 10:45:27 | 00,065,744 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gomuzidi.dll
[2008/12/16 01:16:16 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Christmas List.doc
[2008/12/15 21:21:00 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/15 19:09:23 | 00,000,121 | -HS- | M] () -- C:\WINDOWS\System32\iravewid.ini
[2008/12/15 19:08:37 | 00,096,463 | -HS- | M] (VMware, Inc.) -- C:\WINDOWS\System32\geligehu.dll
[2008/12/15 19:08:37 | 00,066,787 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mekaboge.dll
[2008/12/15 19:08:36 | 00,088,200 | -HS- | M] (VMware, Inc.) -- C:\WINDOWS\System32\diwevari.dll
[2008/12/15 07:08:53 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ativamot.ini
[2008/12/15 07:08:48 | 00,091,212 | -HS- | M] (ESET) -- C:\WINDOWS\System32\yumaluso.dll
[2008/12/15 07:08:47 | 00,085,608 | -HS- | M] (ESET) -- C:\WINDOWS\System32\tomavita.dll
[2008/12/14 23:38:09 | 02,642,902 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2008/12/14 11:47:24 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\eromadik.ini
[2008/12/14 11:47:20 | 00,091,255 | -HS- | M] (ESET) -- C:\WINDOWS\System32\tarozahi.dll
[2008/12/14 11:47:20 | 00,085,243 | -HS- | M] (ESET) -- C:\WINDOWS\System32\kidamore.dll
[2008/12/14 03:24:45 | 00,036,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry 2.reg
[2008/12/14 03:20:44 | 00,786,372 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry.reg
[2008/12/14 01:54:14 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
[2008/12/13 23:47:12 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\arevozaz.ini
[2008/12/13 20:40:16 | 00,289,711 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/13 19:37:26 | 00,003,402 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/12/13 19:37:19 | 00,289,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081213-204016.backup
[2008/12/13 19:10:26 | 01,660,419 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix.exe
[2008/12/13 11:47:19 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\erogadag.ini
[2008/12/13 11:47:11 | 00,085,602 | -HS- | M] (ESET) -- C:\WINDOWS\System32\gadagore.dll
[2008/12/12 23:15:39 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\irezepup.ini
[2008/12/12 23:15:33 | 00,085,582 | ---- | M] (ESET) -- C:\WINDOWS\System32\pupezeri.dll
[2008/12/12 14:04:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/12 11:15:33 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ezukekak.ini
[2008/12/12 11:15:30 | 00,084,582 | ---- | M] (ESET) -- C:\WINDOWS\System32\kakekuze.dll
[2008/12/12 00:57:43 | 00,078,336 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2008/12/11 23:15:17 | 00,084,740 | -HS- | M] (ESET) -- C:\WINDOWS\System32\fatemoko.dll
[2008/12/11 11:14:56 | 00,062,149 | -HS- | M] (ESET) -- C:\WINDOWS\System32\vafedewe.dll
[2008/12/11 11:14:55 | 00,089,371 | -HS- | M] (ESET) -- C:\WINDOWS\System32\dugiwise.dll
[2008/12/11 11:14:55 | 00,084,550 | ---- | M] (ESET) -- C:\WINDOWS\System32\kojofaba.dll
[2008/12/09 23:58:37 | 00,265,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081212-031159.backup
[2008/11/21 21:34:13 | 00,002,351 | ---- | M] () -- C:\WINDOWS\System32\TDSSchet.dll
[2008/11/21 21:34:07 | 00,000,527 | ---- | M] () -- C:\WINDOWS\System32\TDSSduht.dat
[2008/11/21 16:46:10 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/11/21 16:46:10 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
< End of report >


EXTRAS.TXT:

OTViewIt Extras logfile created on: 19/12/2008 2:09:40 AM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 493.18 Mb Available Physical Memory | 51.45% Memory free
2.26 Gb Paging File | 1.42 Gb Available in Paging File | 63.02% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.36 Gb Free Space | 69.38% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.66 Gb Free Space | 22.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/03/09 03:11:22 | 00,231,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/03/09 00:28:06 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/03/09 02:41:32 | 00,087,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/16 23:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 21:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/03/09 03:04:24 | 00,181,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 09:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/03/09 00:38:02 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 15:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 15:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/03/09 02:40:10 | 00,063,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 04:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
[2008/04/13 19:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe:*:Enabled:services
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
[2006/04/11 20:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe:*:Disabled:SPBBCSvc
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe:*:Disabled:usnsvc
[2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE:*:Enabled:KBD
[2005/06/07 23:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:atiptaxx
[2008/04/13 19:12:12 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe:*:Enabled:attrib
[2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe:*:Enabled:cmd
[2004/08/04 00:00:00 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\find.exe:*:Enabled:find
[2008/10/01 14:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\VACFix.exe:*:Enabled:VACFix
[2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass
[2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer
[2008/04/13 19:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2007/08/31 16:40:02 | 22,879,528 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 04:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/31 16:40:02 | 01,828,176 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 11:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{044146E4-A924-458A-9948-4B9C7C7D9321}"=LightScribe 1.4.31.1
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}"=IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}"=DocumentViewer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}"=Microsoft Plus! Dancer LE
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2C3D719A-92C7-4323-89CC-C937D0267B84}"=muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}"=HP Deskjet Printer Preload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{34F85A4D-03CC-428A-80A4-880228646518}"=Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}"=HPDeskjet5400Series
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}"=NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}"=HP PSC & OfficeJet 5.3.B
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}"=MP3 Player Utilities 1.48
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.5
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}"=HP Photosmart Essential
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}"=AiOSoftware
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}"=c3100_Help
"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}"=Symantec AntiVirus
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.0
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}"=HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}"=Office 2003 Tour
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}"=HP Photosmart Cameras 5.0
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}"=Fax
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}"=HP Organize
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}"=CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}"=Uniblue RegistryBooster 2009
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}"=HP Deskjet 5400 series
"{EB8C9964-09AC-48bf-8B98-027609C78251}"=C3100
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"010D7E30-8019-4477-AE7C-BFBBDE570CB9"=Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only)
"01929F2A-2200-4042-8EFD-EEF933E9195C"=FATE from Hewlett-Packard Desktops (remove only)
"0B99A43B-A792-4003-9295-604BC687B6F6"=Big Kahuna Reef from Hewlett-Packard Desktops (remove only)
"1E728F26-D920-45F1-9E97-4A5690B07A7F"=Jewel Quest from Hewlett-Packard Desktops (remove only)
"27C7083E-4ECB-4C88-ACC1-0EDA88C00257"=Ricochet Lost Worlds from Hewlett-Packard Desktops (remove only)
"3295A049-B970-4CC5-847C-7ABF14B9F8F1"=Mah Jong Quest from Hewlett-Packard Desktops (remove only)
"36317AE4-57EC-4F3E-B828-009A3DD96BE8"=Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F"=Super Granny from Hewlett-Packard Desktops (remove only)
"46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1"=Flip Words from Hewlett-Packard Desktops (remove only)
"47298745-7194-4142-AFDA-8BE2EDFDF82E"=Bookworm Deluxe from Hewlett-Packard Desktops (remove only)
"5253F22E-D4B6-49B7-9106-28D9C5395F22"=Barnyard Invasion from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62"=Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1"=Boggle Supreme from Hewlett-Packard Desktops (remove only)
"663A22CB-3C2B-4302-9A14-BC5DAFAB2071"=FATE Demo from Hewlett-Packard Desktops (remove only)
"6E4D87E1-83A3-4029-A9E4-2F360442E1FC"=SCRABBLE Rack Attack from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149"=Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"7978E9A8-5A11-4406-BA8F-866E120352DF"=Bejeweled 2 Deluxe from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603"=Blasterball 2 from Hewlett-Packard Desktops (remove only)
"95A4B97A-C363-41DD-B907-BD4AB9E4FF16"=SCRABBLE Blast from Hewlett-Packard Desktops (remove only)
"A9C7B4D4-A866-4696-B115-77B65D0A641A"=Swarm from Hewlett-Packard Desktops (remove only)
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"ATI Display Driver"=ATI Display Driver
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1"=Polar Golfer from Hewlett-Packard Desktops (remove only)
"B41503CB-5FE0-47E0-87C1-47BA8E660BCC"=Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
"BA910432-2C22-4BB8-9D13-46170F52C5AC"=Puzzle Express from Hewlett-Packard Desktops (remove only)
"C1241092-7183-480A-A289-B5920C7C56D0"=Slingo Deluxe from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A"=Slyder from Hewlett-Packard Desktops (remove only)
"CCleaner"=CCleaner (remove only)
"CodeBaby Player (Remove Only)1.0.2.15"=CodeBaby Player (Remove Only) 1.0.2.15
"D11F7128-8CBD-408B-8BF8-034604DEDD42"=Bounce Symphony from Hewlett-Packard Desktops (remove only)
"D3203C96-6C76-43D6-A3D0-5DD6A0732E83"=SCRABBLE from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292"=Crystal Maze from Hewlett-Packard Desktops (remove only)
"ED8E7ECA-9D6A-46BA-BF46-D97774AA7117"=Digby's Donuts from Hewlett-Packard Desktops (remove only)
"F5215F01-DFC0-475D-A910-6F1AF94E807E"=Tradewinds from Hewlett-Packard Desktops (remove only)
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 5.3
"HP Game Console"=HP Game Console and games
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPOCR"=OCR Software by I.R.I.S 7.0
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Install WeatherBug"=Remove WeatherBug Installer
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"InterActual Player"=InterActual Player
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.1-05-13-31-01"=OpenMG Limited Patch 4.1-05-13-31-01
"Proofing Client"=Proofing Client 6.1
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SMSERIAL"=Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SpywareGuard_is1"=SpywareGuard v2.2
"Uniblue RegistryBooster 2009"=Uniblue RegistryBooster 2009
"Universal Media Player"=Universal Media Player
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Worms Armageddon"=Worms Armageddon
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/12/2008 10:02:26 AM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\rundll32.exe
by: Invalid : (15) scan. Action: Delete failed. Action Description: The file
was left unchanged.

Error - 18/12/2008 10:02:28 AM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\rundll32.exe
by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 18/12/2008 10:12:21 AM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/12/2008 10:12:38 AM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/12/2008 9:00:30 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/12/2008 2:05:59 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 19/12/2008 2:06:57 AM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/12/2008 3:06:03 AM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/12/2008 3:08:51 AM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/12/2008 3:09:30 AM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.


< End of report >


I'm still waiting on the KASPERSKY'S LOG. I'll post that in a few hours when the scan is finished.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 19 December 2008 - 08:05 AM

Hello.

I'm still waiting on the KASPERSKY'S LOG. I'll post that in a few hours when the scan is finished.

No Problem. Post it back once it is done. I'll be waiting. I need some time to look over your log after anyways.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Petermann

Petermann
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 19 December 2008 - 09:40 AM

Hi EB,

Here's the Kaspersky's log. I will be away for just over one week. Is it possible to put this on pause until I return? I can post a message when I am available (most likely Dec 29).


KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 19, 2008 04:54:32
Records in database: 1479562
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 104811
Threat name 9
Infected objects 14
Suspicious objects 0
Duration of the scan 02:44:51

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A80002\49EB3B4C.VBN Infected: Trojan.Win32.Monder.absu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08C00000\49FED9F3.VBN Infected: Rootkit.Win32.Clbd.lc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F40000\49FF64DB.VBN Infected: Backdoor.Win32.TDSS.asz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F40001\49FF6FAC.VBN Infected: Backdoor.Win32.TDSS.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F40002\49FF7DBD.VBN Infected: Rootkit.Win32.Clbd.lc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B640002\4B6DB951.VBN Infected: Trojan.Win32.Monder.absu 1
C:\hp\bin\wbug\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\WINDOWS\system32\dugiwise.dll Infected: Trojan.Win32.Monder.acio 1
C:\WINDOWS\system32\haditapo.dll.tmp Infected: Trojan.Win32.Monder.acxy 1
C:\WINDOWS\system32\rezakaju.dll Infected: Trojan.Win32.Monder.acxs 1
C:\WINDOWS\system32\vafedewe.dll Infected: Trojan.Win32.Monder.acxy 1
C:\WINDOWS\system32\vinelewe.dll Infected: Trojan.Win32.Monder.acxy 1
D:\I386\Apps\APP12451\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
The selected area was scanned.


Thanks

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 19 December 2008 - 04:18 PM

Hello Petermann.

Here's the Kaspersky's log. I will be away for just over one week. Is it possible to put this on pause until I return? I can post a message when I am available (most likely Dec 29).

One week.. what do you mean by pause? You are going to be away for 10 days (Almost 2 weeks). To make everything fair and organized, I think the topic will be closed. However, once you are back please Send Me a Message so I know. Please include the address of this thread in your request so I can add it in my subscriptions again.

If you come back, I will need to see a new OTViewIT log and Kaspersky scan please.

Tell me how you feel, so I know and we can close it, until you come back. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Petermann

Petermann
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 19 December 2008 - 04:38 PM

Hi EB,

The weather has changed my plans, so I'll be around for a few more days. Can we proceed and hope to cleanse the computer by Monday?

Thanks

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 19 December 2008 - 06:43 PM

Hello Petermann.

Hi EB,

The weather has changed my plans, so I'll be around for a few more days. Can we proceed and hope to cleanse the computer by Monday?

Thanks

Okay. Sure, I need some time to analyze these logs (I'll analyze it soon, need to leave soon, just saw your post). It won't take very long but I the coaches will need to check them, and they are very busy too. I'll probably reply by tomorrow. Hopefully if things go well and we get a few posts in, we may get this machine fixed before you leave on Monday :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 21 December 2008 - 12:03 PM

Hello again.

Sorry for the delay.

You are heavily infected with Vundo/Virtumonde. There are also some backdoors that your Symantec found and also I spot a TDSServ infection files. That probably means it was on your machine.

Posted ImageBackdoor Threat
Unfortunately One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

We'll continue so please follow the steps below:


I didn't see any sign of Wild Tangent from the logs, do you still get an errors relating to it? If, so please tell me.

Just want you to have an understanding of what the program Wild Tangent is:

WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.

It may be removed already but just wanted to let you know what it is :)

Let's begin to disinfect.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..


Please post back with:
-Combofix log
-GMER log
-Wild Tangent question
-Fresh OTViewIT log


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 22 December 2008 - 09:54 AM

Hello.

From your PM you said you will not be back until the 30th. To be fair, I'm going to close off this topic. If you come back please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 31 December 2008 - 03:59 PM

Hello.

User replied to open topic upon request.

Please post back with the logs when you are ready.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 Petermann

Petermann
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 01 January 2009 - 02:19 PM

Hi Extremeboy,

Thanks for opening it up again.

I don't think I have any Wild Tangent errors. I could not find any programs when I went to remove them.

Here are the 4 logs:


COMBOFIX.TXT LOG:


ComboFix 08-12-29.02 - HP_Owner 2008-12-30 16:38:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.344 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\anejosep.ini
c:\windows\system32\arevozaz.ini
c:\windows\system32\ativamot.ini
c:\windows\system32\diwevari.dll
c:\windows\system32\dugiwise.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ekotolas.ini
c:\windows\system32\erogadag.ini
c:\windows\system32\eromadik.ini
c:\windows\system32\etadovuz.ini
c:\windows\system32\ezukekak.ini
c:\windows\system32\fatemoko.dll
c:\windows\system32\gadagore.dll
c:\windows\system32\gafilumu.dll
c:\windows\system32\getovojo.dll
c:\windows\system32\gomuzidi.dll
c:\windows\system32\idiyiriy.ini
c:\windows\system32\iravewid.ini
c:\windows\system32\irezepup.ini
c:\windows\system32\kakekuze.dll
c:\windows\system32\kidamore.dll
c:\windows\system32\kojofaba.dll
c:\windows\system32\libinisu.dll
c:\windows\system32\mekaboge.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\owusekev.ini
c:\windows\system32\pesojena.dll
c:\windows\system32\Process.exe
c:\windows\system32\pupezeri.dll
c:\windows\system32\sakadadu.dll
c:\windows\system32\sayiwido.dll
c:\windows\system32\sokazoya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sunimuju.dll
c:\windows\system32\tarozahi.dll
c:\windows\system32\TDSSbjak.log
c:\windows\system32\TDSSchet.dll
c:\windows\system32\TDSSduht.dat
c:\windows\system32\titeyota.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tomavita.dll
c:\windows\system32\unebodal.ini
c:\windows\system32\utudeyar.ini
c:\windows\system32\uvapemey.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\vafedewe.dll
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yemepavu.dll
c:\windows\system32\yiriyidi.dll
c:\windows\system32\yumaluso.dll
c:\windows\system32\zuzogomi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 16:36 . 2008-12-30 16:36 1,393 --a------ c:\windows\imsins.BAK
2008-12-30 16:35 . 2008-12-30 16:35 <DIR> d-------- c:\windows\LastGood
2008-12-16 12:59 . 2008-12-30 16:29 <DIR> d-------- c:\program files\SpywareGuard
2008-12-16 12:56 . 2008-12-16 12:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 12:55 . 2008-12-16 12:58 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-16 12:23 . 2008-12-16 12:23 <DIR> d-------- c:\program files\Lavasoft
2008-12-16 12:23 . 2008-12-16 12:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-16 12:22 . 2008-12-16 12:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 03:12 . 2008-12-14 03:12 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-14 01:54 . 2008-12-14 01:55 <DIR> d-------- C:\rsit
2008-12-14 01:54 . 2008-12-14 01:55 <DIR> d-------- c:\program files\trend micro
2008-12-14 01:05 . 2008-12-14 01:05 <DIR> d-------- c:\program files\Uniblue
2008-12-14 01:05 . 2008-12-14 01:05 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Uniblue
2008-12-14 01:05 . 2008-12-14 01:05 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-13 19:36 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-12 12:03 . 2008-12-14 03:12 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-21 16:46 . 2008-11-21 16:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 16:46 . 2008-11-21 16:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-17 08:24 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-16 09:06 . 2008-11-16 09:06 0 --a------ c:\windows\vpc32.INI
2008-11-14 12:30 . 2008-11-14 12:31 <DIR> d-------- c:\program files\iTunes
2008-11-14 12:30 . 2008-11-14 12:30 <DIR> d-------- c:\program files\iPod
2008-11-14 12:30 . 2008-11-14 12:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-14 12:27 . 2008-11-14 12:27 <DIR> d-------- c:\program files\QuickTime
2008-11-14 12:20 . 2008-11-14 12:20 <DIR> d-------- c:\program files\Safari
2008-11-14 12:19 . 2008-11-14 12:19 <DIR> d-------- c:\program files\Bonjour
2008-11-12 22:12 . 2006-01-31 13:29 107,696 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-12 22:12 . 2006-01-31 13:29 87,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-12 22:11 . 2008-12-30 16:28 <DIR> d-------- c:\program files\Symantec AntiVirus
2008-11-12 22:11 . 2008-11-12 22:14 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-12 16:48 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:48 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 21:29 3,645 ----a-w c:\windows\viassary-hp.reg
2008-12-20 03:58 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Skype
2008-12-18 18:52 --------- d-----w c:\program files\DivX
2008-12-17 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 06:38 --------- d-----w c:\program files\LimeWire
2008-12-14 08:12 --------- d-----w c:\program files\Java
2008-12-13 23:24 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer
2008-12-10 05:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 13:21 --------- d-----w c:\program files\McAfee
2008-11-16 14:06 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-14 17:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-13 03:13 --------- d-----w c:\program files\Symantec
2008-11-13 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\SET17.tmp
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-21 05:14 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-21 05:14 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-21 05:14 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-21 05:14 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-21 05:14 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-21 05:14 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-21 05:14 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-21 05:14 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-16 15:45 65,744 --sha-w c:\windows\system32\seyohehu.dll.tmp
2008-09-16 15:45 65,744 --sha-w c:\windows\system32\holuyibi.dll.tmp
2008-09-16 00:09 66,787 --sha-w c:\windows\system32\vohiwuhe.dll.tmp
2008-09-16 00:09 66,787 --sha-w c:\windows\system32\sowimudu.dll.tmp
2008-09-16 00:09 66,787 --sha-w c:\windows\system32\gazizisa.dll.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-11 16:15 62,149 --sha-w c:\windows\system32\haditapo.dll.tmp
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-03-03 03:14 370 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2008-09-21 10:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092120080922\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-30_16.36.28.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
- 2008-11-13 06:29:41 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-30 21:34:42 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-13 06:29:17 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-30 21:39:06 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-13 06:29:17 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-30 21:39:06 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-13 06:29:17 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-30 21:39:06 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-13 06:29:17 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-30 21:39:07 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-13 06:29:17 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-30 21:39:07 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-13 06:29:17 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-30 21:39:07 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-13 06:29:17 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-30 21:39:06 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-13 06:29:17 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-30 21:39:07 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-13 06:29:17 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-30 21:39:05 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-13 06:29:17 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-30 21:39:04 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f573ea1-f6e7-4832-8b05-fc15c99994df}]
c:\windows\system32\zuzogomi.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-23 180269]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 124656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"noyomeluva"="c:\windows\system32\sayiwido.dll" [BU]
"47f1192b"="c:\windows\system32\zazovera.dll" [BU]
"CPM44c22ab7"="c:\windows\system32\sakadadu.dll" [BU]
"SMSERIAL"="sm56hlpr.exe" [2005-01-23 c:\windows\sm56hlpr.exe]
"PCDrProfiler"="" [BU]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2005-08-23 36864]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-23 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\HP\\KBD\\KBD.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\WINDOWS\\system32\\attrib.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\WINDOWS\\system32\\find.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\SmitfraudFix\\VACFix.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\SpywareGuard\\sgbhp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\ALCXMNTR.EXE"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-12 99376]
S3 2f3b101c-87f9-429c-a453-4e296c68397b;2f3b101c-87f9-429c-a453-4e296c68397b;\??\f:\player\cds300.dll []
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-05-27 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}]
\Shell\AutoRun\command - explorer.exe http://"www.iwantitall.ca"
.
Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\55a9dlt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 16:42:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\KB955839.log 755 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-30 16:43:40
ComboFix-quarantined-files.txt 2008-12-30 21:43:27

Pre-Run: 167,599,443,968 bytes free
Post-Run: 167,577,239,552 bytes free

328 --- E O F --- 2008-12-30 21:37:49





HERE IS THE GMER.TXT LOG:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-30 17:04:26
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 854AE708 ZwAlertResumeThread
SSDT 8541BE88 ZwAlertThread
SSDT 854C4B28 ZwAllocateVirtualMemory
SSDT 85607208 ZwConnectPort
SSDT 85582F30 ZwCreateMutant
SSDT 855955F0 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF220BCB0]
SSDT 8505ECA0 ZwFreeVirtualMemory
SSDT 856244B0 ZwImpersonateAnonymousToken
SSDT 855BEE78 ZwImpersonateThread
SSDT 85938948 ZwMapViewOfSection
SSDT 85582F68 ZwOpenEvent
SSDT 855BBDC8 ZwOpenProcessToken
SSDT 85979118 ZwOpenThreadToken
SSDT 8509F0E0 ZwQueryValueKey
SSDT 85443E90 ZwResumeThread
SSDT 85431E88 ZwSetContextThread
SSDT 854B5C60 ZwSetInformationProcess
SSDT 8540C0F0 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF220BF10]
SSDT 85486CF0 ZwSuspendProcess
SSDT 8540CBA0 ZwSuspendThread
SSDT 85605728 ZwTerminateProcess
SSDT 85425910 ZwTerminateThread
SSDT 854B60B0 ZwUnmapViewOfSection
SSDT 854BBCF0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F54 805047F0 5 Bytes [ 60, 5C, 4B, 85, F0 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F5A 805047F6 2 Bytes [ 40, 85 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort2 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort3 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs EE58C400

---- EOF - GMER 1.0.14 ----



HERE IS THE OTVIEWIT.TXT LOG:

OTViewIt logfile created on: 30/12/2008 5:08:26 PM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 375.06 Mb Available Physical Memory | 39.13% Memory free
2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.11% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.08 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.66 Gb Free Space | 22.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/06/07 17:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/03/24 20:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2005/06/07 17:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/03/24 20:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2006/04/11 20:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/05/27 04:40:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/12/14 03:12:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/06/21 01:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/05/27 04:40:32 | 01,805,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2005/08/23 18:13:25 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/01/23 21:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2006/02/19 01:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2005/01/24 19:58:02 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
[2006/02/23 14:10:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2006/03/24 20:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2006/05/27 04:40:42 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2005/01/24 18:36:52 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
[2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/12/14 03:12:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/07/02 11:22:53 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2004/09/07 08:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[2005/06/07 23:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[1998/05/07 04:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2008/12/19 02:05:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/06/07 17:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/03/24 20:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2006/03/24 20:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2006/05/27 04:40:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2007/01/26 23:18:42 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/12/14 03:12:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/06/21 01:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2005/01/26 15:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/26 15:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/03/02 20:49:14 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
[2006/05/27 04:40:36 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2006/04/11 20:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2005/01/26 15:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/24 18:36:52 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Running])
[2006/05/27 04:40:32 | 01,805,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/04/20 06:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 09:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/06/07 17:44:36 | 01,235,968 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/11/05 10:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
[2008/10/15 14:45:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/10/15 14:45:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/04/14 16:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/30 16:48:15 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2006/01/31 19:48:56 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/01/31 19:48:57 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/01/31 19:48:53 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/03/09 13:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/11/20 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/20 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 04:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 06:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2005/12/19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005/12/19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2005/10/18 08:55:42 | 00,055,168 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/01/25 01:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])
[2006/04/11 20:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006/01/31 13:29:20 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2006/01/24 20:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2006/01/24 20:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/08/04 00:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{089FD14D-132B-48FC-8861-0048AE113215} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4A368E80-174F-4872-96B5-0B27DDD11DB2} (HKLM) -- C:\Program Files\SpywareGuard\dlprotect.dll ()
{4f573ea1-f6e7-4832-8b05-fc15c99994df} (HKLM) -- C:\WINDOWS\system32\zuzogomi.dll File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"47f1192b"=rundll32.exe "C:\WINDOWS\system32\zazovera.dll",b File not found
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CPM44c22ab7"=Rundll32.exe "C:\WINDOWS\system32\sakadadu.dll",a File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"noyomeluva"=Rundll32.exe "C:\WINDOWS\system32\sayiwido.dll",s File not found
"PCDrProfiler"= File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SMSERIAL"=sm56hlpr.exe (Motorola Inc.)
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register C:\Program Files\DivX\DivX Web Player\npdivx32.dll"="C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Web Player\npdivx32.dll",DllRegisterServer File not found

========== (O4) Startup Folders ==========

[2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
[2005/05/02 10:25:36 | 00,036,864 | ---- | M] (NeoPlanet) -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk = C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe
[2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add To HP Organize...: C:\Program Files\Hewlett-Packard\HP Organize\bin [2005/08/23 19:07:12 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\Software\Microsoft\Internet Explorer\MenuExt\]
Add To HP Organize...: C:\Program Files\Hewlett-Packard\HP Organize\bin [2005/08/23 19:07:12 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007/08/31 16:40:04 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/21 00:14:56 | 00,000,735 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/21 00:14:56 | 00,000,735 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1052224083-4007168653-2721374520-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05D96F71-87C6-11D3-9BE4-00902742D6E0}: http://osgoode.yorku.ca/qp2.cab -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebook.com/controls/Facebo...toUploader3.cab -- Reg Error: Key does not exist or could not be opened.
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1189123119046 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{E008A543-CEFB-4559-912F-C27C2B89F13B}: http://deed.osgoode.yorku.ca/dwa7W.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{61D1CE01-5D3E-4726-AAD6-94990011C379} (Servers: | Description: 1394 Net Adapter)
{B79CD0E0-7DB7-4724-A9D0-ED3179536593} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{CF209B0A-9F03-49E0-BE1F-6C8C9551FE25} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" (HKLM) -- C:\Program Files\SpywareGuard\spywareguard.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/08/23 18:28:20 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bdc736-ba16-11db-8cc5-0013d4768db6}\Shell\AutoRun\command]
""=C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/30 17:05:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/30 16:48:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/30 16:48:15 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/30 16:48:15 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/30 16:48:15 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/30 16:48:14 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/30 16:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\gmer
[2008/12/30 16:36:44 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/30 16:21:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/30 16:21:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/30 16:21:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/30 16:21:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/30 16:21:45 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/30 16:21:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/30 16:21:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/30 16:21:45 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/30 16:21:45 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/30 16:21:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/30 16:21:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/30 16:21:08 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Download and Run Scan with GMER.doc
[2008/12/30 16:18:46 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\gmer.zip
[2008/12/30 16:10:29 | 02,887,980 | R--- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2008/12/19 09:36:57 | 00,006,029 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Kaspersky log.html
[2008/12/19 02:04:59 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/12/18 23:25:43 | 00,362,571 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\On Being a Happy Healthy Ethical Person in an Unhappy Unhealthy and Unethical Profession.pdf
[2008/12/18 13:51:56 | 02,569,312 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\DivXWebPlayerInstaller.exe
[2008/12/16 12:59:08 | 00,000,681 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2008/12/16 12:59:08 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2008/12/16 12:59:08 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard.lnk
[2008/12/16 12:59:08 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2008/12/16 12:56:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/16 12:55:10 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2008/12/16 12:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/12/16 12:23:31 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/16 12:23:31 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/16 12:23:21 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/16 12:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/16 12:22:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/16 12:21:49 | 02,062,665 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\spywareguardsetup.exe
[2008/12/16 12:20:56 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\HP_Owner\Desktop\spywareblastersetup41.exe
[2008/12/16 12:20:00 | 23,804,784 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\aaw2008.exe
[2008/12/15 19:40:55 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Christmas List.doc
[2008/12/14 03:24:24 | 00,036,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry 2.reg
[2008/12/14 03:18:41 | 00,786,372 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry.reg
[2008/12/14 01:54:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/14 01:54:39 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 01:54:14 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
[2008/12/14 01:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
[2008/12/14 01:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2008/12/14 01:05:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/12/13 21:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\DESKTOP NOTES
[2008/12/13 19:53:09 | 10,051,13344 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/13 19:36:38 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2008/12/13 19:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
[2008/12/13 19:09:59 | 01,660,419 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix.exe

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/30 16:56:11 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/30 16:53:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/30 16:52:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/30 16:52:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/30 16:52:41 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/30 16:48:15 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/30 16:48:15 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/30 16:48:15 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/30 16:47:34 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2008/12/30 16:42:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/30 16:36:49 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/30 16:28:16 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/30 16:26:13 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lokolafe
[2008/12/30 16:21:08 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Download and Run Scan with GMER.doc
[2008/12/30 16:18:46 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\gmer.zip
[2008/12/30 16:10:35 | 02,887,980 | R--- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2008/12/20 13:55:16 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\My Sharing Folders.lnk
[2008/12/19 22:17:04 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/12/19 14:04:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/19 09:36:57 | 00,006,029 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kaspersky log.html
[2008/12/19 02:05:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/12/18 23:25:44 | 00,362,571 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\On Being a Happy Healthy Ethical Person in an Unhappy Unhealthy and Unethical Profession.pdf
[2008/12/18 13:52:22 | 00,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\DivX Movies.lnk
[2008/12/18 13:51:58 | 02,569,312 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\DivXWebPlayerInstaller.exe
[2008/12/17 14:36:28 | 00,001,107 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/12/16 12:59:08 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2008/12/16 12:59:08 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2008/12/16 12:59:08 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareGuard.lnk
[2008/12/16 12:55:10 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2008/12/16 12:23:31 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/16 12:23:31 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/16 12:22:09 | 23,804,784 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\aaw2008.exe
[2008/12/16 12:22:01 | 02,062,665 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\spywareguardsetup.exe
[2008/12/16 12:21:17 | 02,869,536 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\HP_Owner\Desktop\spywareblastersetup41.exe
[2008/12/16 01:16:16 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Christmas List.doc
[2008/12/15 21:21:00 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 23:38:09 | 02,642,902 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2008/12/14 03:24:45 | 00,036,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry 2.reg
[2008/12/14 03:20:44 | 00,786,372 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner Backup Registry.reg
[2008/12/14 01:54:14 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
[2008/12/13 19:37:19 | 00,289,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081213-204016.backup
[2008/12/13 19:10:26 | 01,660,419 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix.exe
[2008/12/12 00:57:43 | 00,078,336 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2008/12/09 23:58:37 | 00,265,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081212-031159.backup
< End of report >



HERE IS THE EXTRAS.TXT LOG:

OTViewIt Extras logfile created on: 30/12/2008 5:08:27 PM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 375.06 Mb Available Physical Memory | 39.13% Memory free
2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.11% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.08 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.66 Gb Free Space | 22.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/23 18:32:40 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/03/09 03:11:22 | 00,231,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/03/09 00:28:06 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/03/09 02:41:32 | 00,087,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/16 23:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 21:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/03/09 03:04:24 | 00,181,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 09:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/03/09 00:38:02 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 15:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 15:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/03/09 02:40:10 | 00,063,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 04:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
[2006/04/11 20:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe:*:Disabled:SPBBCSvc
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe:*:Disabled:usnsvc
[2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE:*:Enabled:KBD
[2005/06/07 23:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:atiptaxx
[2008/04/13 19:12:12 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe:*:Enabled:attrib
[2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe:*:Enabled:cmd
[2004/08/04 00:00:00 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\find.exe:*:Enabled:find
[2008/10/01 14:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\VACFix.exe:*:Enabled:VACFix
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse
[2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe:*:Enabled:sgbhp
[2007/08/31 16:40:02 | 22,879,528 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe:*:Enabled:aawservice
[2005/06/21 01:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe:*:Enabled:LSSrvc
[2006/03/24 20:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe:*:Enabled:ccEvtMgr
[2008/12/14 03:12:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs
[2004/09/07 08:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE:*:Enabled:ALCXMNTR

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 04:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/31 16:40:02 | 01,828,176 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 11:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{044146E4-A924-458A-9948-4B9C7C7D9321}"=LightScribe 1.4.31.1
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}"=IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}"=DocumentViewer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}"=Microsoft Plus! Dancer LE
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2C3D719A-92C7-4323-89CC-C937D0267B84}"=muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}"=HP Deskjet Printer Preload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{34F85A4D-03CC-428A-80A4-880228646518}"=Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}"=HPDeskjet5400Series
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}"=NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}"=HP PSC & OfficeJet 5.3.B
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}"=MP3 Player Utilities 1.48
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.5
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}"=HP Photosmart Essential
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}"=AiOSoftware
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}"=c3100_Help
"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}"=Symantec AntiVirus
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.0
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}"=HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}"=Office 2003 Tour
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}"=HP Photosmart Cameras 5.0
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}"=Fax
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}"=HP Organize
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}"=CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}"=Uniblue RegistryBooster 2009
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}"=HP Deskjet 5400 series
"{EB8C9964-09AC-48bf-8B98-027609C78251}"=C3100
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"010D7E30-8019-4477-AE7C-BFBBDE570CB9"=Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only)
"01929F2A-2200-4042-8EFD-EEF933E9195C"=FATE from Hewlett-Packard Desktops (remove only)
"0B99A43B-A792-4003-9295-604BC687B6F6"=Big Kahuna Reef from Hewlett-Packard Desktops (remove only)
"1E728F26-D920-45F1-9E97-4A5690B07A7F"=Jewel Quest from Hewlett-Packard Desktops (remove only)
"27C7083E-4ECB-4C88-ACC1-0EDA88C00257"=Ricochet Lost Worlds from Hewlett-Packard Desktops (remove only)
"3295A049-B970-4CC5-847C-7ABF14B9F8F1"=Mah Jong Quest from Hewlett-Packard Desktops (remove only)
"36317AE4-57EC-4F3E-B828-009A3DD96BE8"=Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F"=Super Granny from Hewlett-Packard Desktops (remove only)
"46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1"=Flip Words from Hewlett-Packard Desktops (remove only)
"47298745-7194-4142-AFDA-8BE2EDFDF82E"=Bookworm Deluxe from Hewlett-Packard Desktops (remove only)
"5253F22E-D4B6-49B7-9106-28D9C5395F22"=Barnyard Invasion from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62"=Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1"=Boggle Supreme from Hewlett-Packard Desktops (remove only)
"663A22CB-3C2B-4302-9A14-BC5DAFAB2071"=FATE Demo from Hewlett-Packard Desktops (remove only)
"6E4D87E1-83A3-4029-A9E4-2F360442E1FC"=SCRABBLE Rack Attack from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149"=Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"7978E9A8-5A11-4406-BA8F-866E120352DF"=Bejeweled 2 Deluxe from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603"=Blasterball 2 from Hewlett-Packard Desktops (remove only)
"95A4B97A-C363-41DD-B907-BD4AB9E4FF16"=SCRABBLE Blast from Hewlett-Packard Desktops (remove only)
"A9C7B4D4-A866-4696-B115-77B65D0A641A"=Swarm from Hewlett-Packard Desktops (remove only)
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"ATI Display Driver"=ATI Display Driver
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1"=Polar Golfer from Hewlett-Packard Desktops (remove only)
"B41503CB-5FE0-47E0-87C1-47BA8E660BCC"=Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
"BA910432-2C22-4BB8-9D13-46170F52C5AC"=Puzzle Express from Hewlett-Packard Desktops (remove only)
"C1241092-7183-480A-A289-B5920C7C56D0"=Slingo Deluxe from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A"=Slyder from Hewlett-Packard Desktops (remove only)
"CCleaner"=CCleaner (remove only)
"CodeBaby Player (Remove Only)1.0.2.15"=CodeBaby Player (Remove Only) 1.0.2.15
"D11F7128-8CBD-408B-8BF8-034604DEDD42"=Bounce Symphony from Hewlett-Packard Desktops (remove only)
"D3203C96-6C76-43D6-A3D0-5DD6A0732E83"=SCRABBLE from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292"=Crystal Maze from Hewlett-Packard Desktops (remove only)
"ED8E7ECA-9D6A-46BA-BF46-D97774AA7117"=Digby's Donuts from Hewlett-Packard Desktops (remove only)
"F5215F01-DFC0-475D-A910-6F1AF94E807E"=Tradewinds from Hewlett-Packard Desktops (remove only)
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 5.3
"HP Game Console"=HP Game Console and games
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPOCR"=OCR Software by I.R.I.S 7.0
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Install WeatherBug"=Remove WeatherBug Installer
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"InterActual Player"=InterActual Player
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.1-05-13-31-01"=OpenMG Limited Patch 4.1-05-13-31-01
"Proofing Client"=Proofing Client 6.1
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SMSERIAL"=Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SpywareGuard_is1"=SpywareGuard v2.2
"Uniblue RegistryBooster 2009"=Uniblue RegistryBooster 2009
"Universal Media Player"=Universal Media Player
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Worms Armageddon"=Worms Armageddon
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/12/2008 2:11:37 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\lejorude.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 20/12/2008 2:11:39 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Vundo in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed. Action Description: The file was left unchanged.



Error - 20/12/2008 2:11:40 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Vundo in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 20/12/2008 2:19:38 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 20/12/2008 2:19:59 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/12/2008 4:08:24 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\zuvodate.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 30/12/2008 4:08:25 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\zuvodate.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 30/12/2008 4:08:36 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\zuvodate.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 30/12/2008 5:35:04 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Vundo in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed. Action Description: The file was left unchanged.



Error - 30/12/2008 5:35:06 PM | Computer Name = YOUR-27E1513D96 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Vundo in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed : Leave Alone failed. Action Description:


[ System Events ]
Error - 30/12/2008 5:16:45 PM | Computer Name = YOUR-27E1513D96 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB958620).

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft Office Word 2003 (KB956357).

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Windows Malicious Software Removal Tool - December 2008
(KB890830).

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Cumulative Security Update for Internet Explorer 7 for Windows
XP (KB958215).

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft Office Excel 2003 (KB958436).

Error - 30/12/2008 5:37:49 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Windows XP (KB955839).

Error - 30/12/2008 5:41:06 PM | Computer Name = YOUR-27E1513D96 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB958439).


< End of report >

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 01 January 2009 - 02:41 PM

Hello again.

Before we go any further, I see you ran Combofix twice. I need to see the previous Combofix log to see what it took out and see if anything special is required to deal with the infections you may have.

The Previous Combofix log can be found at C:\Qoobox\Combofix2.txt<-This one

Please post back with:
-Combofix2 log
-Problems you still have


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Petermann

Petermann
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 01 January 2009 - 03:32 PM

When I ran Combofix the first time, it seemed to freeze so I closed it. There was no report. I ran it a second time and it didn't freeze that time. Should I run it again?

I have not run a virus scan or spybot to see if they detect anything. The antivirus system does tell me a couple times during the day that it has either cleaned a virus or that I need to reboot the computer to get rid of it.

I use Firefox, but still receive pop-ups in Internet Explorer.

When I start my computer, I am notified that there are errors in loading 3 modules:
C:\WINDOWS\system32\sakadadu.dll
C:\WINDOWS\system32\sayiwido.dll
C:\WINDOWS\system32\zazovera.dll

I am also told that "the exception unknown software exception (0xc000001e) occurred in the application at location 0x00ab2d24". It tells me to click OK to terminate the program or CANCEL to debug the program. I click OK

What should I do next?

Thanks.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 02 January 2009 - 12:35 PM

Hello.

That's fine, thanks for letting me know. The Combofix we downloaded is outdated now, we need to uninstall it and download a fresh copy.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
Uninstalling ComboFix remove all components related to it from your computer.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users