Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thousands of pos##.tmp files and Red X on C drive


  • This topic is locked This topic is locked
10 replies to this topic

#1 astronomeric210

astronomeric210

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 19 March 2009 - 04:13 PM

I recently posted this problem on a different forum on the site and they referred me to here now. Here is the link to the previous post.

http://www.bleepingcomputer.com/forums/t/211631/red-x-on-c-drive-and-postmp-files-in-documents/

I believe I had a Vundo infection which created those files. I just want to remove them now. There are thousands of these tmp files in my c drive and my documents. There is also a red X as the icon on my C drive. Any help would be greatly appreciated. Thanks so much.




DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 17:02:00.06 on Thu 03/19/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1168 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
C:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
C:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {03DFF520-953E-478E-AB1E-CB1B9996D9EA} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies inc\notebook software\NotebookPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: bmfklntu - bmfklntu.dll
Notify: byXroNfg - byXroNfg.dll
Notify: opnmljj - opnmljj.dll
AppInit_DLLs: c:\program,files\relevantknowledge\rlai.dll,c:\program,files\relevantknowledge\rlai.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccyyVMD

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\eb2iuh14.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - cnn.com
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\eb2iuh14.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npsaidetect.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npsaix.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPSibelius.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-12-1 213008]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-7-29 206088]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$SOPHOS;MSSQL$SOPHOS;c:\program files\microsoft sql server\mssql$sophos\binn\sqlservr.exe -ssophos --> c:\program files\microsoft sql server\mssql$sophos\binn\sqlservr.exe -sSOPHOS [?]
R2 SEMScheduler;Sophos Enterprise Manager Scheduler;c:\program files\sophos enterprise manager\library\bin\schdsrvc.exe [2007-5-9 532554]
R2 Sophos Agent;Sophos Agent;c:\program files\sophos\enterprise console\remote management system\ManagementAgentNT.exe [2007-5-8 253952]
R2 Sophos Certification Manager;Sophos Certification Manager;c:\program files\sophos\enterprise console\CertificationManagerServiceNT.exe [2007-5-8 49152]
R2 Sophos EMLibUpdate Agent;Sophos EMLibUpdate Agent;c:\program files\sophos\enterprise console\remote management system\EMLibUpdateAgentNT.exe [2007-5-8 339968]
R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\enterprise console\remote management system\RouterNT.exe [2007-5-8 790528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-12 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-10-19 99248]
S2 Sophos Management Service;Sophos Management Service;c:\program files\sophos\enterprise console\MgntSvc.exe [2007-6-1 3387392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-5-31 32512]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies inc\smart board software\WebServer.exe [2007-11-2 767240]
S3 SQLAgent$SOPHOS;SQLAgent$SOPHOS;c:\program files\microsoft sql server\mssql$sophos\binn\sqlagent.exe -i sophos --> c:\program files\microsoft sql server\mssql$sophos\binn\sqlagent.EXE -i SOPHOS [?]

=============== Created Last 30 ================

2009-03-18 16:23 --d----- c:\windows\ERUNT
2009-03-18 15:16 --d----- C:\SDFix
2009-03-16 21:52 --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-03-16 21:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-16 21:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 21:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-16 21:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-08 13:43 --d----- c:\program files\GameSpy Arcade
2009-02-23 22:32 --d----- c:\program files\ATTNaturalVoices
2009-02-23 22:30 --d----- c:\program files\TextAloud
2009-02-23 22:11 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-23 22:09 --d--r-- c:\program files\Skype

==================== Find3M ====================

2009-03-19 17:02 4,888 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-19 17:02 1,114,144 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-18 16:11 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-18 16:11 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-16 16:41 740 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-03-14 20:34 85,650 a------- c:\windows\system32\0757a21c-af3e-0191-7900-f180ef33686f.exe
2009-02-22 21:07 34 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-01-29 09:13 85,265 a------- c:\windows\system32\cont_adssite-remove.exe
2009-01-19 18:28 724,992 a------- c:\windows\iun6002.exe
2009-01-07 09:47 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-21 15:05 410,984 a------- c:\windows\system32\deploytk.dll
2008-06-06 00:51 514 a------- c:\program files\nexuiz-242.lnk
2008-06-06 00:16 393,779,967 a------- c:\program files\common files\nexuiz-242.zip
2008-05-15 21:36 87,608 a------- c:\docume~1\hp_adm~1\applic~1\inst.exe
2008-05-15 21:36 47,360 a------- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys
2006-10-16 18:10 251 a------- c:\program files\wt3d.ini
1765-03-26 06:44 4,263 ---sh--- c:\windows\windllreg1c.sys
2008-12-01 00:43 874,906 a--sh--- c:\windows\system32\DMVyyccf.ini2

============= FINISH: 17:03:02.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 PM

Posted 19 March 2009 - 04:46 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 astronomeric210

astronomeric210
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 19 March 2009 - 05:52 PM

Thanks Sam, I really appreciate it. I'm gonna have to donate some cash to you folk, you are so nice. Here is the log:


OTListIt Extras logfile created on: 3/19/2009 6:47:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
3.84 Gb Paging File | 2.83 Gb Available in Paging File | 73.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.27 Gb Total Space | 99.79 Gb Free Space | 34.50% Space Free | Partition Type: NTFS
Drive D: | 8.80 Gb Total Space | 0.45 Gb Free Space | 5.10% Space Free | Partition Type: FAT32
Drive E: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICSCOMPUTER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/05/28 14:49:23 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2007/06/11 19:27:26 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/12/15 21:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 22:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/24 04:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/24 04:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/24 04:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/21 07:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/21 07:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/24 05:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/21 07:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/24 04:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/10 02:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/10 02:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/24 05:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 22:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2006/03/16 05:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
[2006/03/16 05:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
[2006/03/16 05:11:50 | 00,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
[2006/05/28 14:49:23 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2007/08/10 15:53:20 | 00,799,763 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/12/06 11:18:08 | 11,575,944 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[2009/01/09 18:57:43 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\1167189205\EE\AOLServiceHost.exe:*:Enabled:AOL
[2005/04/05 20:06:43 | 00,140,888 | ---- | M] (America Online Inc.) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
[2004/10/14 17:34:06 | 00,059,992 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
File not found -- C:\Program Files\Common Files\AOL\1167189205\EE\aolsoftware.exe:*:Enabled:AOL Services
[2007/09/07 16:55:04 | 15,995,704 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2005/11/29 21:09:30 | 00,266,240 | ---- | M] (BluetoothShareware.com) -- C:\Program Files\BluetoothPCDialer\BluetoothPCDialer.exe:*:Enabled:BluetoothPCDialer
[2008/03/12 18:12:04 | 00,287,040 | ---- | M] () -- C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA
[2008/09/26 19:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/04/30 08:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor
[2007/06/11 19:27:26 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2007/05/25 10:41:50 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled:
[2007/05/25 10:41:48 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled:
[2007/05/25 10:42:04 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled:
[2008/07/05 03:58:05 | 01,357,825 | ---- | M] (Sony Pictures Digital Networks Inc.) -- C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY!
[2007/09/17 10:19:14 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\WINDOWS\system32\bdyjjmnj.exe" = C:\WINDOWS\system32\bdy
"C:\WINDOWS\system32\fycblmwb.exe" = C:\WINDOWS\system32\fyc
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/16 09:50:55 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Documents and Settings\HP_Administrator\Desktop\nesterJ.exe:*:Disabled:nesterJ
[2007/05/25 10:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System
[2008/02/05 18:23:01 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2008/05/11 10:01:38 | 01,803,776 | ---- | M] () -- C:\Program Files\Nexuiz\nexuiz-sdl.exe:*:Enabled:Nexuiz
[2007/09/24 23:30:30 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/06/13 22:17:12 | 00,212,480 | ---- | M] () -- C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
[2008/01/29 22:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
[2008/03/31 21:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
[2008/03/27 21:00:24 | 05,844,992 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
File not found -- C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
[2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/09/23 13:16:54 | 00,387,584 | ---- | M] () -- C:\Program Files\X-Chat 2\xchat.exe:*:Enabled:X-Chat IRC Client
[2008/07/21 14:07:44 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2007/12/03 20:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
File not found -- c:\WINDOWS\Temp\~os5.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
[2008/10/30 15:49:30 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\HP_Administrator\Desktop\utorrent.exe:*:Enabled:µTorrent
[2008/11/12 16:46:24 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe:*:Disabled:Steam
File not found -- C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System
[2008/11/10 11:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2008/05/29 16:08:56 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/03/20 10:57:38 | 03,814,648 | ---- | M] (Ironclad Games) -- C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo
[2009/03/18 18:48:16 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\astronomeric210\team fortress 2\hl2.exe:*:Enabled:hl2
[2009/02/28 14:05:03 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\steamapps\astronomeric210\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
[2009/03/19 17:41:30 | 00,086,077 | ---- | M] (Valve) -- C:\Program Files\Steam\steamapps\astronomeric210\day of defeat\hl.exe:*:Enabled:Half-Life Launcher
[2009/02/24 18:45:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\important desktop stuff\utorrent.exe:*:Enabled:µTorrent
[2004/08/10 00:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/08/10 00:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2003/06/30 18:22:12 | 02,732,032 | ---- | M] (The 3DO Company) -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Might and Magic III [Geedunk]\Heroes of Might and Magic III Complete\Heroes3.exe:*:Enabled:Heroes of Might and Magic® III
[2009/03/11 19:08:20 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\steamapps\astronomeric210\insurgency\hl2.exe:*:Enabled:hl2
[2006/08/21 22:17:28 | 04,206,658 | ---- | M] (IGN Entertainment, Inc.) -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
[2009/01/29 15:01:36 | 23,975,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/01/14 22:21:21 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead
[2007/06/11 19:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled:

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128A79D-D481-448E-89E1-F697B70DEC44}" = Thomson Clinical Xpert
"{03843643-8B6C-49A3-B760-799340472BED}" = 1200Trb
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v1.12.0.84
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B97D-C991-438F-BC44-294C931E7B8B}" = SMART Essentials for Educators
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29BAD36F-F421-40F8-A128-E03382E59C70}" = Sins of a Solar Empire Demo
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{38DB8EA5-07E7-4A54-99A4-3024586763F6}" = 1200
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = USB PC Camera 301P
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}" = Bluetooth PC Dialer
"{51C65CD6-A344-41B5-81E2-3CCAC8024F68}" = Sibelius Scorch
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5F157CAB-4D6A-46D2-8988-CB5128FDF442}" = MyBot
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6EA1A75B-CACE-482F-8424-7ED10E4FC53E}" = Sophos EM Library
"{71AA1805-536A-43CB-8FA7-B89EDB975D3C}" = 1000Tour
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8CDB5489-3EA0-492D-A456-2FD64DF1FBA0}" = CNebulaX
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96C267DA-0926-4C11-B4E7-4D3EF85130D0}" = Paint.NET v3.22
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A13B690F-AF59-401A-9C12-9817F71C8AA7}" = Sophos Enterprise Console
"{A3140583-0215-4FB2-8340-6A78948F64B7}" = Microsoft Text To Speech Engine 5.1
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AD448510-B1E7-11DD-3D81-001422E6FFBA}_is1" = Mystic Galaxies mOX 0.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8A204BC-7177-470E-BBDD-47256D05B325}" = iTunes
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDAFD956-97BE-443D-8EF7-F4F094EB5766}_SAV_3DAQUARIUM" = Crawler 3D Marine & Tropical Aquarium Screensaver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = Vimicro USB PC Camera (ZC301PLH)
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D018D554-0334-46FE-B1F4-FFC9CF1B3066}" = AstroByte
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D2B09CEB-A79A-44E0-AF85-19F2D295435E}_is1" = Rise Sun
"{D37CC59E-0A8B-4C15-A663-F613A1011E40}" = 1200_Help
"{D55DD017-2C93-402C-ABEA-694D655B72D6}" = planetosxp
"{D9A8E7D7-8309-4FD0-B12A-B6BC783B0CDF}" = IMWhiteboard
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SOPHOS)
"{E1B23F70-F815-4AC9-9A94-71838509367B}" = GEAR PRO "Professional Edition" 7.00
"{E518C80C-C549-40E1-844C-669ED64195D3}" = FTP Surfer
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0757a21c-af3e-0191-7900-f180ef33686f" = Contextual Tool Adssite
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"Active GIF Creator 3.2" = Active GIF Creator 3.2
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdssiteSocial" = Socialnetworking Helper Adssite
"AIM_6" = AIM 6
"AOL Deskbar" = AOL Deskbar
"AOL Instant Messenger" = AOL Instant Messenger
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AT&T Natural Voice Crystal_is1" = AT&T Natural Voices Crystal v. 1.4
"Audacity_is1" = Audacity 1.2.6
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Blender" = Blender (remove only)
"Bmpicowiz" = Bitmap to Icon Wizard
"Buddy Icon Maker 1.0.0.1" = Buddy Icon Maker 1.0.0.1
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"Carnivores" = Carnivores
"Carnivores 2" = Carnivores 2
"Cartes du Ciel" = Cartes du Ciel
"CCleaner" = CCleaner (remove only)
"Celestia_is1" = Celestia 1.4.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"Colorizer 1.0.0.1" = Colorizer 1.0.0.1
"cont_adssite" = Contextual Tool Adssite
"CursorFX" = CursorFX
"CyberSky 4" = CyberSky 4
"Darwinia Demo2_is1" = Darwinia Demo2
"DcadsGames" = Dcads Games Collection
"DISCover" = DISCover
"EarthDesk" = EarthDesk
"Easy DVD-Video Copy" = Easy DVD-Video Copy
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"Fish Tycoon_is1" = Fish Tycoon
"FLV Player" = FLV Player 2.0, build 23
"FreeVerbix_is1" = FreeVerbix 7.3
"Funny Cursor_is1" = Funny Cursor
"GameSpy Arcade" = GameSpy Arcade
"GravitySimulator_is1" = GravitySimulator 2.0.000
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"Hallo northern sky planetarium program_is1" = HNSKY 2.3.0M
"Heroes of Might and Magic" = Heroes of Might and Magic
"Heroes of Might and Magic®" = Heroes of Might and Magic®
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8 Beta 2
"Impulse" = Impulse
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InterActual Player" = InterActual Player
"JEOPARDY!" = JEOPARDY! (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"LEGO Digital Designer" = LEGO Digital Designer
"Lexmark 2500 Series" = Lexmark 2500 Series
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.8 build 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Money2006b" = Microsoft Money 2006
"Mouse Magic CS" = Mouse Magic CS
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"Mozilla Thunderbird (2.0.0.12)" = Mozilla Thunderbird (2.0.0.12)
"MP4 Player" = MP4 Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Mumble" = Mumble and Murmur
"NAPALM_is1" = NAPALM 1.0
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OBNotes_9.0.4" = OBNotes (Palm) v 9.0.4 by Skyscape
"OBNotes_pc" = OBNotes (for Windows PCs) by Skyscape
"Orb" = Winamp Remote
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCFriendly" = PCFriendly
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"ReadPlease 2003_is1" = ReadPlease 2003/ReadPlease PLUS 2003
"RealPlayer 6.0" = RealPlayer Basic
"RegiStax_is1" = RegiStax Version 4
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Risk_is1" = Risk v1.10 Beta 2
"Roller Coaster Tycoon 2" = Roller Coaster Tycoon 2
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Sauerbraten" = Sauerbraten
"SdustSSC3_is1" = Stardust Screen Saver Control 2003 (3.0.0.66)
"SdustWC1_is1" = Stardust Wallpaper Control 2003 (1.0.0.4)
"Seinfeld Screensaver" = Seinfeld Screensaver
"SimCity 3000" = SimCity 3000
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire Demo" = Sins of a Solar Empire Demo
"smARTupdate" = smARTupdate
"Songbird 20080623" = Songbird 0.6.1 (20080623)
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 3.29
"ST5UNST #1" = WIMP
"Starcraft" = Starcraft
"StarGraft" = StarGraft
"Starry Night Sky_is1" = Starry Night Sky 1.0
"Steam App 1200" = Red Orchestra
"Steam App 13210" = Unreal Tournament 3
"Steam App 17700" = Insurgency
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 410" = Portal: The First Slice
"Steam App 440" = Team Fortress 2
"Stellarium_is1" = Stellarium 0.9.0
"SystemRequirementsLab" = System Requirements Lab
"TextAloud MP3_is1" = TextAloud
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"Verbix2008_is1" = Verbix 2008
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Page Maker_is1" = Web Page Maker V3.03
"WhiteCap" = WhiteCap
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft AutoScreenRecorder 2.0 Free" = Wisdom-soft AutoScreenRecorder 2.0 Free
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004613" = Tornado Jockey
"WT005513" = Super Granny
"WT005515" = Polar Bowler
"WT005517" = Blasterball 2 Remix
"WT005518" = Polar Golfer
"WT005519" = Ricochet Lost Worlds
"WT005520" = Blackhawk Striker 2
"WT005521" = Blasterball 2 Revolution
"WT005523" = Tradewinds
"WT005524" = Bounce Symphony
"WT005630" = Alien Outbreak 2
"WT005631" = Fairies
"WT005634" = Bejeweled 2 Deluxe
"WT005635" = Big Kahuna Reef
"WT005636" = Bookworm Deluxe
"WT005637" = Chuzzle Deluxe
"WT005639" = Family Feud
"WT005640" = Flip Words
"WT005641" = Insaniquarium Deluxe
"WT005642" = Jewel Quest
"WT005643" = Mah Jong Quest
"WT005644" = Mystery Case Files
"WT005645" = Poker Superstars
"WT005646" = SCRABBLE
"WT005647" = Slingo Deluxe
"WT005648" = Tennis Titans
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xchat" = XChat 2 (remove only)
"X-Chat 2_is1" = X-Chat 2.8.4-1
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"yRead2_is1" = yRead2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2009 2:36:03 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 10:10:20 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 10:10:20 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 10:10:20 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 10:10:20 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 10:10:20 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 10:10:20 AM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/18/2009 12:04:57 PM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/19/2009 5:28:26 PM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 3/19/2009 5:28:26 PM | Computer Name = ERICSCOMPUTER | Source = nview_info | ID = 11141121
Description =

[ Media Center Events ]
Error - 12/17/2007 12:44:23 AM | Computer Name = YOUR-4DACD0EA75 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/16/2007 11:44:23 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 3/18/2009 4:23:10 PM | Computer Name = ERICSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/18/2009 4:23:10 PM | Computer Name = ERICSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/18/2009 4:23:11 PM | Computer Name = ERICSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/18/2009 4:23:20 PM | Computer Name = ERICSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/18/2009 4:38:08 PM | Computer Name = ERICSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 3/18/2009 4:38:08 PM | Computer Name = ERICSCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 3/18/2009 4:38:08 PM | Computer Name = ERICSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/18/2009 4:38:08 PM | Computer Name = ERICSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 3/18/2009 4:41:25 PM | Computer Name = ERICSCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The Sophos Management Service service hung on starting.

Error - 3/18/2009 4:41:28 PM | Computer Name = ERICSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Sophos Management Service service terminated with the following
error: %%2147500037


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 PM

Posted 20 March 2009 - 08:41 AM

That's the extra report. The one I need to see should be saved on your desktop and named OTListIt.Txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 astronomeric210

astronomeric210
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 20 March 2009 - 02:07 PM

I am very sorry I didn't see that immediately. Thank you for your patience.

OTListIt logfile created on: 3/19/2009 6:47:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
3.84 Gb Paging File | 2.83 Gb Available in Paging File | 73.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.27 Gb Total Space | 99.79 Gb Free Space | 34.50% Space Free | Partition Type: NTFS
Drive D: | 8.80 Gb Total Space | 0.45 Gb Free Space | 5.10% Space Free | Partition Type: FAT32
Drive E: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICSCOMPUTER
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2008/07/29 21:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/12/21 15:06:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/05/25 10:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
PRC - [2008/11/12 15:54:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/09 09:59:32 | 00,532,554 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
PRC - [2007/11/02 06:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
PRC - [2006/11/20 04:42:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2007/05/08 17:37:10 | 00,253,952 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
PRC - [2007/05/08 17:35:28 | 00,049,152 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
PRC - [2007/05/08 17:36:54 | 00,339,968 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
PRC - [2007/05/08 17:34:26 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 00:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2005/12/15 21:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
PRC - [2007/08/31 15:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2008/07/29 21:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2007/09/25 02:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2008/08/08 01:03:41 | 00,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2006/03/08 07:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/08/31 14:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/07/07 03:34:59 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/06/11 19:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/30 08:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2005/09/30 00:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/20 12:05:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/03/16 05:11:54 | 00,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscUpdMgr.exe
PRC - [2006/03/16 05:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/08/03 02:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/08/10 00:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/02/20 13:22:32 | 00,356,352 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2008/09/04 18:27:30 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/07/08 18:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/02/17 11:43:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/01/03 19:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2006/03/16 05:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2008/05/02 13:25:42 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2005/02/02 19:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [1998/05/07 12:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2007/09/07 16:55:08 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/09/07 16:55:02 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/12 16:46:24 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2008/11/10 11:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2009/02/02 16:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/02 16:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/02 16:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/02 16:25:24 | 00,766,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/19 18:47:28 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/29 21:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/02/14 17:16:16 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/10 00:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/07 16:55:02 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/12/21 15:06:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/05/25 10:41:54 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe -- (lxddCATSCustConnectService [Auto | Stopped])
SRV - [2007/05/25 10:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device [Auto | Running])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe -- (MSSQL$SOPHOS [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/12 15:54:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/14 22:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
SRV - [2007/05/09 09:59:32 | 00,532,554 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe -- (SEMScheduler [Auto | Running])
SRV - [2007/11/02 06:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service [Auto | Running])
SRV - [2007/11/02 06:48:58 | 00,767,240 | ---- | M] () -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server [On_Demand | Stopped])
SRV - [2006/11/20 04:42:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2007/05/08 17:37:10 | 00,253,952 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
SRV - [2007/05/08 17:35:28 | 00,049,152 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe -- (Sophos Certification Manager [Auto | Running])
SRV - [2007/05/08 17:36:54 | 00,339,968 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe -- (Sophos EMLibUpdate Agent [Auto | Running])
SRV - [2007/06/01 10:04:22 | 03,387,392 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\MgntSvc.exe -- (Sophos Management Service [Auto | Stopped])
SRV - [2007/05/08 17:34:26 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE -- (SQLAgent$SOPHOS [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/09 17:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2008/02/05 18:23:08 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
DRV - [2003/11/05 10:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2007/08/12 22:48:57 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/06/29 20:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/04/13 19:47:38 | 00,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2005/01/08 03:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/27 20:24:28 | 00,049,664 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/10/27 20:24:30 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/06 14:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2005/12/06 14:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys -- (HSX_DP [On_Demand | Running])
DRV - [2005/06/17 09:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/03/08 16:27:12 | 04,246,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/01/11 03:48:58 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Stopped])
DRV - [2008/07/21 19:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2008/01/29 19:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2008/12/01 00:21:55 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2005/10/05 18:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2005/03/15 18:25:44 | 00,127,574 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA [On_Demand | Stopped])
DRV - [2005/08/03 01:10:12 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2007/08/31 14:58:18 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2008/11/12 15:54:00 | 06,188,320 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/03/03 17:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/03/03 17:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007/12/04 18:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/05/15 21:36:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2007/08/21 04:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2005/12/12 20:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/10 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/04/03 13:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys -- (s616bus [On_Demand | Stopped])
DRV - [2007/04/03 13:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys -- (s616mdfl [On_Demand | Stopped])
DRV - [2007/04/03 13:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys -- (s616mdm [On_Demand | Stopped])
DRV - [2007/04/03 13:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616mgmt.sys -- (s616mgmt [On_Demand | Stopped])
DRV - [2007/04/03 13:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616nd5.sys -- (s616nd5 [On_Demand | Stopped])
DRV - [2007/04/03 13:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616obex.sys -- (s616obex [On_Demand | Stopped])
DRV - [2007/04/03 13:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s616unic.sys -- (s616unic [On_Demand | Stopped])
DRV - [2009/02/17 11:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/02/17 11:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/02/17 11:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/07/07 03:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2005/12/06 14:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsx [On_Demand | Running])
DRV - [2005/05/08 15:38:36 | 02,313,725 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\usbVM303.sys -- (ZSMC303 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {605B3D3F-4F33-41D0-BA27-98238E1E839F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "cnn.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: support@burn4free-toolbar.com:1.0
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.83
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.6.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.7.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20080310
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}:1.0
FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0
FF - prefs.js..keyword.URL: "http://www1.yoog.com/search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www1.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 22:15:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/01 01:17:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2008/09/26 21:14:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/03/01 01:17:52 | 00,000,000 | ---D | M]

[2008/07/17 23:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2008/06/18 17:58:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/17 23:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\songbird@songbirdnest.com
[2009/03/14 20:43:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions
[2008/04/01 19:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{01C901F4-12C5-4515-A5DE-CC0FD4F20BCA}
[2008/06/16 15:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/02/07 20:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{1010c266-a959-401f-84c6-a23f8ea3cf61}
[2008/03/31 16:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2007/11/29 07:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2008/10/01 19:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008/06/19 21:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008/02/07 20:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{5d393167-8b1c-4ce1-8593-0ba5f39f3210}
[2008/06/19 21:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/02/07 20:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{800e72c4-0a2c-4bc5-a10a-1ee66dfd762a}
[2008/03/31 16:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2008/04/18 20:41:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/06/16 15:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/06/19 21:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/11/01 14:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/06/16 15:56:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2008/08/04 14:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/17 15:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\moveplayer@movenetworks.com
[2007/11/10 17:59:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\redshift_V2@shift-themes.com
[2008/06/16 15:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\eb2iuh14.default\extensions\youplayer@addons.mozilla.org
[2008/06/25 02:09:56 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\eb2iuh14.default\searchplugins\wikipedia-en.xml
[2009/03/12 14:47:41 | 00,000,246 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\eb2iuh14.default\searchplugins\Yoog Search.xml
[2007/08/22 00:40:00 | 00,002,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\eb2iuh14.default\searchplugins\youtube-video-search.xml
[2009/03/14 20:43:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/06/19 23:05:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/25 22:35:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
[2008/01/07 19:30:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/01/01 01:55:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2007/12/22 15:47:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2008/05/29 16:09:12 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/05/29 16:09:13 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/30 07:37:16 | 00,650,752 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\components\nsadssite.dll
[2008/09/04 07:07:16 | 00,343,552 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\components\nsbads.dll
[2008/01/18 06:06:36 | 00,278,528 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\components\nsBrowserCmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/05/29 10:24:14 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/06/25 22:35:39 | 00,001,728 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\onestep.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
[2008/12/10 20:18:41 | 00,002,390 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zumie.xml
[2009/01/08 08:14:53 | 00,002,390 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zumie168.xml
[2009/01/15 04:12:02 | 00,002,390 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zumie172.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {03DFF520-953E-478E-AB1E-CB1B9996D9EA} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" ()
O4 - HKLM..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Sites: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Program) - File not found
O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
O20 - AppInit_DLLs: (C:\Program) - File not found
O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\bmfklntu: DllName - bmfklntu.dll - File not found
O20 - Winlogon\Notify\byXroNfg: DllName - byXroNfg.dll - File not found
O20 - Winlogon\Notify\opnmljj: DllName - opnmljj.dll - File not found
O24 - Desktop Components:0 () - http://s50.photobucket.com/albums/f345/Los...aInitiative.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - ( digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\fccyyVMD) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/28 14:45:58 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/03/26 14:36:58 | 00,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{12bceb7d-d8ed-11db-8af2-001731a0f912}\Shell\AutoRun\command - "" = J:\system\viewer\Viewer.exe -- File not found
O33 - MountPoints2\{12bceb7d-d8ed-11db-8af2-001731a0f912}\Shell\View your videos\command - "" = J:\system\viewer\Viewer.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2008/03/26 14:36:58 | 00,337,144 | R--- | M] (Valve Corporation)

========== Files/Folders - Created Within 30 Days ==========

[10499 C:\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/19 18:47:27 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/03/19 16:02:56 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/03/18 16:37:18 | 21,459,64032 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/18 16:23:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/03/18 15:16:23 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/03/17 14:59:46 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/16 21:52:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009/03/16 21:51:51 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/16 21:51:50 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/16 21:51:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/16 21:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/16 21:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/13 18:28:45 | 00,001,577 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Team Fortress 2.lnk
[2009/03/08 13:43:22 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GameSpy Arcade.lnk
[2009/03/08 13:43:05 | 00,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2009/03/08 00:53:01 | 00,342,975 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Paradise_Beach_1600 x 1200.jpg
[2009/03/07 17:08:58 | 00,001,147 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Might and Magic III.lnk
[2009/03/06 07:50:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Might and Magic III [Geedunk]
[2009/03/01 01:17:43 | 00,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/02/28 21:36:35 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\SCHEDULE OF EVENTS-AROY.doc
[2009/02/27 22:53:04 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TEAM REGISTRATION ROSTER.doc
[2009/02/27 22:36:39 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AROY WAIVER.doc
[2009/02/23 22:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ATTNaturalVoices
[2009/02/23 22:30:31 | 00,001,407 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TextAloud.lnk
[2009/02/23 22:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\TextAloud
[2009/02/23 22:11:03 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/23 22:11:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
[2009/02/23 22:09:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Skype
[2009/02/23 22:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/02/23 22:09:24 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/02/23 22:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/02/20 18:44:33 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\journal.doc

========== Files - Modified Within 30 Days ==========

[10499 C:\*.tmp files]
[11 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[6001 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files]
[2009/03/19 18:47:34 | 01,122,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/03/19 18:47:33 | 00,004,916 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/03/19 18:47:28 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/03/19 16:19:13 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1367848436-2162912547-397387997-1008.job
[2009/03/19 16:02:57 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/03/18 17:04:58 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/18 17:04:41 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/03/18 16:53:50 | 00,196,115 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/18 16:37:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/18 16:37:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/18 16:37:18 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/18 16:32:46 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/18 16:11:09 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/18 16:11:09 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/18 15:06:58 | 00,000,632 | ---- | M] () -- C:\WINDOWS\Mouse Magic CS.ini
[2009/03/17 21:45:04 | 00,155,648 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/17 14:59:46 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/16 22:11:22 | 05,302,468 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2009/03/16 21:51:51 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/16 16:41:17 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2009/03/15 17:24:55 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/14 20:34:04 | 00,085,650 | ---- | M] () -- C:\WINDOWS\System32\0757a21c-af3e-0191-7900-f180ef33686f.exe
[2009/03/13 18:28:45 | 00,001,577 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Team Fortress 2.lnk
[2009/03/11 18:42:07 | 00,000,490 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/11 18:42:07 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/03/11 18:42:07 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/11 03:15:53 | 00,554,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 03:15:53 | 00,464,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 03:15:53 | 00,080,474 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 03:10:57 | 00,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:02:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 19:45:20 | 00,001,147 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Might and Magic III.lnk
[2009/03/08 13:43:22 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GameSpy Arcade.lnk
[2009/03/08 00:53:02 | 00,342,975 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Paradise_Beach_1600 x 1200.jpg
[2009/03/01 01:18:01 | 00,001,380 | -H-- | M] () -- C:\IPH.PH
[2009/03/01 01:17:43 | 00,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/02/28 23:48:03 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\SCHEDULE OF EVENTS-AROY.doc
[2009/02/28 21:56:42 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\TEAM REGISTRATION ROSTER.doc
[2009/02/28 20:07:51 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AROY WAIVER.doc
[2009/02/23 22:30:31 | 00,001,407 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TextAloud.lnk
[2009/02/23 22:11:03 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/20 19:44:02 | 00,000,099 | ---- | M] () -- C:\WINDOWS\custvoic.ini
[2009/02/20 18:44:33 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\journal.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 16959 bytes -> C:\WINDOWS\OBPeds Women's Health Notes: Nurses's Clinical Pocket Guide Setup Log.txt
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 PM

Posted 20 March 2009 - 03:16 PM

There we go! That's the one we needed. :thumbup2:


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    O2 - BHO: (no name) - {03DFF520-953E-478E-AB1E-CB1B9996D9EA} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key error. File not found
    O15 - HKLM\..Trusted Sites: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Sites: trymedia.com ([]https in Trusted sites)
    O20 - AppInit_DLLs: (C:\Program) - File not found
    O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
    O20 - AppInit_DLLs: (C:\Program) - File not found
    O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
    O20 - Winlogon\Notify\bmfklntu: DllName - bmfklntu.dll - File not found
    O20 - Winlogon\Notify\byXroNfg: DllName - byXroNfg.dll - File not found
    O20 - Winlogon\Notify\opnmljj: DllName - opnmljj.dll - File not found
    O29 - HKLM SecurityProviders - ( digeste.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\fccyyVMD) - File not found
    
    :Files
    C:\*.tmp
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log
Let me know how your computer is behaving now.

Edited by Buckeye_Sam, 20 March 2009 - 03:16 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 astronomeric210

astronomeric210
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 20 March 2009 - 04:09 PM

Here is the log. I had to delete most of the logfile listings where it says it moved those files, because the post was too long (thats how many i had there) We got rid of the pos.tmp files in my C drive but we still have to get them in my documents folder [ C:\Documents and Settings\HP_Administrator\My Documents ] Thanks so much!
Also, how do I change the C drives icon back to its original icon not this red X? Thanks!

========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03DFF520-953E-478E-AB1E-CB1B9996D9EA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03DFF520-953E-478E-AB1E-CB1B9996D9EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\trymedia.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\trymedia.com not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Program deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:Files\RelevantKnowledge\rlai.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Program deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:Files\RelevantKnowledge\rlai.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bmfklntu\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXroNfg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmljj\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digeste.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\fccyyVMD deleted successfully.
========== FILES ==========
C:\pos1.tmp moved successfully.
C:\pos10.tmp moved successfully.
C:\pos100.tmp moved successfully.
C:\pos1000.tmp moved successfully.
C:\pos1001.tmp moved successfully.
C:\pos1002.tmp moved successfully.
C:\pos1003.tmp moved successfully.
C:\pos1004.tmp moved successfully.
C:\pos1005.tmp moved successfully.
C:\pos1006.tmp moved successfully.
C:\pos1007.tmp moved successfully.
C:\pos1008.tmp moved successfully.
C:\pos1009.tmp moved successfully.
C:\pos100A.tmp moved successfully.
C:\pos100B.tmp moved successfully.
C:\pos100C.tmp moved successfully.
C:\pos100D.tmp moved successfully.
C:\pos100E.tmp moved successfully.
C:\pos100F.tmp moved successfully.
C:\pos101.tmp moved successfully.
C:\pos1010.tmp moved successfully.
C:\pos1011.tmp moved successfully.
C:\pos1012.tmp moved successfully.
C:\pos1013.tmp moved successfully.
C:\pos1014.tmp moved successfully.
C:\pos1015.tmp moved successfully.
C:\pos1016.tmp moved successfully.
C:\pos1017.tmp moved successfully.


C:\pos1ACE.tmp moved successfully.
C:\pos1ACF.tmp moved successfully.
C:\pos1AD.tmp moved successfully.
C:\pos1AD0.tmp moved successfully.
C:\pos1AD1.tmp moved successfully.
C:\pos1AD2.tmp moved successfully.
C:\pos1AD3.tmp moved successfully.
C:\pos1AD4.tmp moved successfully.
C:\pos1AD5.tmp moved successfully.
C:\pos1AD6.tmp moved successfully.
C:\pos1AD7.tmp moved successfully.
C:\pos1AD8.tmp moved successfully.
C:\pos1AD9.tmp moved successfully.
C:\pos1ADA.tmp moved successfully.
C:\pos1ADB.tmp moved successfully.
C:\pos1ADC.tmp moved successfully.
C:\pos1ADD.tmp moved successfully.
C:\pos1ADE.tmp moved successfully.
C:\pos1ADF.tmp moved successfully.
C:\pos1AE.tmp moved successfully.
C:\pos1AE0.tmp moved successfully.
C:\pos1AE1.tmp moved successfully.
C:\pos1AE2.tmp moved successfully.
C:\pos1AE3.tmp moved successfully.
C:\pos1AE4.tmp moved successfully.
C:\pos1AE5.tmp moved successfully.
C:\pos1AE6.tmp moved successfully.
C:\pos1AE7.tmp moved successfully.
C:\pos1AE8.tmp moved successfully.
C:\pos1AE9.tmp moved successfully.
C:\pos1AEA.tmp moved successfully.
C:\pos1AEB.tmp moved successfully.
C:\pos1AEC.tmp moved successfully.
C:\pos1AED.tmp moved successfully.
C:\pos1AEE.tmp moved successfully.
C:\pos1AEF.tmp moved successfully.
C:\pos1AF.tmp moved successfully.
C:\pos1AF0.tmp moved successfully.
C:\pos1AF1.tmp moved successfully.
C:\pos1AF2.tmp moved successfully.
C:\pos1AF3.tmp moved successfully.
C:\pos1AF4.tmp moved successfully.
C:\pos1AF5.tmp moved successfully.
C:\pos1AF6.tmp moved successfully.
C:\pos1AF7.tmp moved successfully.
C:\pos1AF8.tmp moved successfully.
C:\pos1AF9.tmp moved successfully.
C:\pos1AFA.tmp moved successfully.
C:\pos1AFB.tmp moved successfully.
C:\pos1AFC.tmp moved successfully.
C:\pos1AFD.tmp moved successfully.
C:\pos1AFE.tmp moved successfully.
C:\pos1AFF.tmp moved successfully.
C:\pos1B.tmp moved successfully.
C:\pos1B0.tmp moved successfully.
C:\pos1B00.tmp moved successfully.
C:\pos1B01.tmp moved successfully.
C:\pos1B02.tmp moved successfully.
C:\pos1B03.tmp moved successfully.
C:\pos1B04.tmp moved successfully.



C:\posFAB.tmp moved successfully.
C:\posFAC.tmp moved successfully.
C:\posFAD.tmp moved successfully.
C:\posFAE.tmp moved successfully.
C:\posFAF.tmp moved successfully.
C:\posFB.tmp moved successfully.
C:\posFB0.tmp moved successfully.
C:\posFB1.tmp moved successfully.
C:\posFB2.tmp moved successfully.
C:\posFB3.tmp moved successfully.
C:\posFB4.tmp moved successfully.
C:\posFB5.tmp moved successfully.
C:\posFB6.tmp moved successfully.
C:\posFB7.tmp moved successfully.
C:\posFB8.tmp moved successfully.
C:\posFB9.tmp moved successfully.
C:\posFBA.tmp moved successfully.
C:\posFBB.tmp moved successfully.
C:\posFBC.tmp moved successfully.
C:\posFBD.tmp moved successfully.
C:\posFBE.tmp moved successfully.
C:\posFBF.tmp moved successfully.
C:\posFC.tmp moved successfully.
C:\posFC0.tmp moved successfully.
C:\posFC1.tmp moved successfully.
C:\posFC2.tmp moved successfully.
C:\posFC3.tmp moved successfully.
C:\posFC4.tmp moved successfully.
C:\posFC5.tmp moved successfully.
C:\posFC6.tmp moved successfully.
C:\posFC7.tmp moved successfully.
C:\posFC8.tmp moved successfully.
C:\posFC9.tmp moved successfully.
C:\posFCA.tmp moved successfully.
C:\posFCB.tmp moved successfully.
C:\posFCC.tmp moved successfully.
C:\posFCD.tmp moved successfully.
C:\posFCE.tmp moved successfully.
C:\posFCF.tmp moved successfully.
C:\posFD.tmp moved successfully.
C:\posFD0.tmp moved successfully.
C:\posFD1.tmp moved successfully.
C:\posFD2.tmp moved successfully.
C:\posFD3.tmp moved successfully.
C:\posFD4.tmp moved successfully.
C:\posFD5.tmp moved successfully.
C:\posFD6.tmp moved successfully.
C:\posFD7.tmp moved successfully.
C:\posFD8.tmp moved successfully.
C:\posFD9.tmp moved successfully.
C:\posFDA.tmp moved successfully.
C:\posFDB.tmp moved successfully.
C:\posFDC.tmp moved successfully.
C:\posFDD.tmp moved successfully.
C:\posFDE.tmp moved successfully.
C:\posFDF.tmp moved successfully.
C:\posFE.tmp moved successfully.
C:\posFE0.tmp moved successfully.
C:\posFE1.tmp moved successfully.
C:\posFE2.tmp moved successfully.
C:\posFE3.tmp moved successfully.
C:\posFE4.tmp moved successfully.
C:\posFE5.tmp moved successfully.
C:\posFE6.tmp moved successfully.
C:\posFE7.tmp moved successfully.
C:\posFE8.tmp moved successfully.
C:\posFE9.tmp moved successfully.
C:\posFEA.tmp moved successfully.
C:\posFEB.tmp moved successfully.
C:\posFEC.tmp moved successfully.
C:\posFED.tmp moved successfully.
C:\posFEE.tmp moved successfully.
C:\posFEF.tmp moved successfully.
C:\posFF.tmp moved successfully.
C:\posFF0.tmp moved successfully.
C:\posFF1.tmp moved successfully.
C:\posFF2.tmp moved successfully.
C:\posFF3.tmp moved successfully.
C:\posFF4.tmp moved successfully.
C:\posFF5.tmp moved successfully.
C:\posFF6.tmp moved successfully.
C:\posFF7.tmp moved successfully.
C:\posFF8.tmp moved successfully.
C:\posFF9.tmp moved successfully.
C:\posFFA.tmp moved successfully.
C:\posFFB.tmp moved successfully.
C:\posFFC.tmp moved successfully.
C:\posFFD.tmp moved successfully.
C:\posFFE.tmp moved successfully.
C:\posFFF.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF62EB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~ROMFN_00000AE8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f38.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.6.0 log created on 03202009_165222

Files moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF62EB.tmp moved successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~ROMFN_00000AE8 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_13c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_614.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_f38.dat moved successfully.

Registry entries deleted on Reboot...

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 PM

Posted 20 March 2009 - 04:39 PM

Copy this into the Custom Scans/Fixes box just like before.

:Files
C:\Documents and Settings\HP_Administrator\My Documents\*.tmp

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]

:Commands
[Reboot]


Post a new log from OTListIt2 and let me know how things are working for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 astronomeric210

astronomeric210
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 20 March 2009 - 05:22 PM

I reran it with that code and all is fixed. The log did not pop up upon restart this time. I don't think its much to worry about. Thank you so much. I think my problem is fixed now. I really appreciate it you guys are awesome :thumbup2:

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 PM

Posted 21 March 2009 - 07:40 AM

That's great to hear! :)
Just one more step and then I'll post some prevention steps for you.

Run OTListIt2 and click on the CleanUp button.
Reboot when it asks you to.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 PM

Posted 10 April 2009 - 11:18 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users