Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot open anything!!!


  • This topic is locked This topic is locked
41 replies to this topic

#1 xlil_fortune_cookiex

xlil_fortune_cookiex

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 26 April 2009 - 12:34 AM

i am at my wits end with everything! XP will allow me to click on the program but will not open anything. all windows will open real quick, flash and close itself. link on websites also do not work once i get on an open page. i cannot get anything to open or run without restarting my computer. i cannot download anything, and i ran all antimalware progs and fixed the registry errors that it picked up. no clue as to whats wrong!! i ran hijack this. and this is the log of issues. please help me!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:24 AM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10458 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 27 April 2009 - 11:08 AM

Hi xlil_fortune_cookiex,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world. We are going to install a good free antivirus the next round.
  • This is a test. Go to start => Run => type regedit in the run box and click OK. Tell me what you see.

  • If you have another computer you can use please download http://OTListIt2 by OldTimer.
  • Use a flash drive to transfer it to the infected computer.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 29 April 2009 - 04:49 PM

Is anybody there? I'll wait another day before closing the topic.

#4 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 April 2009 - 02:26 AM

ok im gonna try this real quick. oh ok so i see all the hkey folders. class root current user, local machines, users, current config. and no i dont have another computer. i wish i did tho. what do i do now?

Edited by xlil_fortune_cookiex, 30 April 2009 - 02:29 AM.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 30 April 2009 - 03:03 PM

To remove temporary files, disable browser add-ons, and reset all the changed settings:
  • Close all the open windows.
  • Go to start > Control Panel.
  • Open Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Click Reset again and OK.
Now see if you can download the scanner I mentioned.

If you couldn't try this:
Start in Safe Mode Using the F8 key:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode with Networking menu item.
  • Press the Enter key.
  • Log to your usual account. And then try to download the scanner and run it.


#6 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 02 May 2009 - 03:23 AM

ok this is otlist txt.

OTListIt logfile created on: 5/2/2009 4:19:03 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OL0KYPL5
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.39 Mb Total Physical Memory | 732.98 Mb Available Physical Memory | 72.26% Memory free
2.39 Gb Paging File | 2.24 Gb Available in Paging File | 93.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.49 Gb Total Space | 155.44 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
Drive D: | 8.80 Gb Total Space | 0.45 Gb Free Space | 5.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUSH
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/05/02 04:18:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OL0KYPL5\OTListIt2[1].exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/27 19:53:05 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Stopped])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Stopped])
SRV - [2005/11/08 17:51:54 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/07/07 21:21:39 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/10/12 22:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Stopped])
SRV - [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped])
SRV - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Stopped])
SRV - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Stopped])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2009/04/03 22:26:55 | 00,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/09/19 00:59:37 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Stopped])
DRV - [2005/09/04 23:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\DRIVERS\WG11TND5.sys -- (AR5523 [On_Demand | Stopped])
DRV - [2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
DRV - [2006/10/27 01:05:25 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped])
DRV - [2007/11/16 18:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/04/01 12:43:02 | 00,066,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\EAPPkt.sys -- (EAPPkt [Auto | Stopped])
DRV - [2005/11/08 17:51:40 | 00,007,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys -- (ELacpi [On_Demand | Running])
DRV - [2005/11/08 17:51:18 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELhid.sys -- (ELhid [System | Stopped])
DRV - [2005/11/08 17:51:22 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELkbd.sys -- (ELkbd [System | Running])
DRV - [2005/11/08 17:51:38 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELmon.sys -- (ELmon [System | Stopped])
DRV - [2005/11/08 17:51:20 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELmou.sys -- (ELmou [System | Running])
DRV - [2008/07/26 11:26:54 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Stopped])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/06 14:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Stopped])
DRV - [2005/12/06 14:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys -- (HSX_DP [On_Demand | Stopped])
DRV - [2006/02/07 12:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2005/10/12 22:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/02/11 12:40:40 | 05,028,352 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Stopped])
DRV - [2008/10/16 20:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Stopped])
DRV - [2008/07/26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Stopped])
DRV - [2008/07/26 15:25:48 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008/07/26 15:26:22 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2008/07/26 15:26:44 | 04,658,584 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
DRV - [2008/01/14 06:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\system32\DRIVERS\ManyCam.sys -- (ManyCam [On_Demand | Stopped])
DRV - [2005/10/05 18:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Stopped])
DRV - [2004/08/10 00:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Stopped])
DRV - [2004/08/10 00:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Stopped])
DRV - [2005/11/02 16:47:26 | 00,010,368 | R--- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/10 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 20:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/12/26 02:47:30 | 00,272,128 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\DRIVERS\wg111v2.sys -- (RTLWUSB [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/10/02 09:57:12 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt [On_Demand | Stopped])
DRV - [2006/10/27 01:01:21 | 00,664,064 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/12/06 14:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsx [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-500\S-1-5-21-3590612388-1098884098-2099720072-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/10 01:48:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 12:35:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/04 13:32:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 17:03:54 | 00,000,000 | ---D | M]

[2009/04/23 22:38:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/19 19:28:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{021FF008-47F6-4E06-A114-CF7173B1E5D9}
[2009/02/04 13:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/09 17:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/14 12:35:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/23 22:38:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/01/23 01:05:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\Access Privileges Test
[2009/02/04 13:32:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/04 13:32:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/18 01:03:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/18 01:03:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/18 01:03:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/18 01:03:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/18 01:03:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/18 01:03:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/11/18 01:03:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Key error. File not found
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKU\S-1-5-21-3590612388-1098884098-2099720072-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-500..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html (Google Inc.)
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html (Google Inc.)
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html (Google Inc.)
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/14 00:22:04 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/05/02 04:17:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/05/02 04:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/05/02 04:15:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/04/29 12:01:23 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/29 00:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\temp
[2009/04/28 17:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/26 01:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/25 23:35:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/25 18:19:42 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/25 18:11:34 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2009/04/25 18:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2009/04/25 18:11:12 | 00,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2009/04/25 12:11:50 | 00,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/04/25 12:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/23 23:50:36 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009/04/23 16:25:29 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2009/04/23 16:24:33 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/04/18 16:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/04/15 16:37:49 | 00,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/04/15 16:37:49 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
[2009/04/15 16:37:49 | 00,001,473 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk
[2009/04/15 16:33:37 | 00,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/04/15 16:33:30 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/04/15 16:24:48 | 00,025,974 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2009/04/15 16:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/04/14 16:56:22 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 16:56:21 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 16:56:21 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 16:56:21 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 16:56:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 16:56:21 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 16:56:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 16:56:21 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 16:56:20 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 16:54:39 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/12 17:30:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/12 00:50:57 | 00,000,000 | ---D | C] -- C:\Program Files\FormatFactory
[2009/04/12 00:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/04/11 23:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2009/04/11 23:52:16 | 00,294,912 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009/04/11 23:52:13 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2009/04/11 23:52:13 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2009/04/11 23:52:13 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/04/11 23:52:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/04/11 23:52:13 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX
[2009/04/11 23:52:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL
[2009/04/11 23:52:12 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/04/11 23:52:12 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/04/11 23:52:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/04/11 23:52:12 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2009/04/11 23:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2009/04/11 23:36:59 | 00,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2009/04/10 21:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2009/04/10 14:35:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/04/10 14:35:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/04/10 14:35:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/04/10 14:35:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/04/10 14:31:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/10 14:19:47 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/04/10 13:50:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/10 13:50:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/04/06 21:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/04/06 21:03:35 | 00,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2009/04/06 21:03:35 | 00,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2009/04/06 21:03:35 | 00,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2009/04/06 21:03:26 | 00,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2009/04/06 21:03:24 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/04/06 17:50:20 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/06 17:36:32 | 00,000,454 | ---- | C] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2009/04/04 03:33:54 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/04/03 22:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2009/04/03 22:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/03 22:23:48 | 00,479,298 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2009/04/03 22:23:48 | 00,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/04/03 22:23:48 | 00,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2009/04/03 22:23:48 | 00,000,000 | ---D | C] -- C:\Program Files\DAP
[2009/02/19 21:42:03 | 00,047,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\PROCMON20.SYS
[2008/07/26 14:42:52 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/10 20:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 20:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 20:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/31 18:22:11 | 00,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2006/10/27 01:01:21 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/27 01:01:21 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0749.sys
[2006/09/19 10:01:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/19 09:42:13 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/19 09:20:54 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/19 01:18:24 | 00,011,911 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2006/09/19 00:57:40 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/09/19 00:57:40 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/06/14 00:47:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/14 00:28:05 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/14 00:24:12 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/14 00:24:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/14 00:22:15 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/14 00:20:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/14 00:10:01 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/14 00:09:25 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/13 23:57:40 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/13 23:54:24 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/13 23:33:17 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:02:00 | 00,000,670 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 16:52:36 | 00,000,272 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/05/02 04:16:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/02 04:16:26 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/02 04:15:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/02 04:15:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/05/02 04:14:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/02 04:04:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/05/01 12:00:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/29 19:56:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/29 14:01:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/29 01:02:57 | 00,000,670 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/29 01:02:57 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/04/29 01:02:57 | 00,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/29 00:51:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/28 01:28:42 | 00,113,152 | ---- | M] () -- C:\WINDOWS\VFIND.exe
[2009/04/26 22:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/04/26 01:13:19 | 00,556,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/26 01:13:19 | 00,466,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/26 01:13:19 | 00,079,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/25 18:50:55 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2009/04/25 12:11:50 | 00,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/04/18 20:34:53 | 00,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2009/04/18 20:33:51 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/15 16:33:37 | 00,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/04/10 22:44:58 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/04/10 14:19:47 | 00,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2009/04/10 13:50:15 | 00,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/04/10 13:42:28 | 00,294,912 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009/04/06 21:03:25 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/04/06 17:36:32 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 03:33:54 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/04/03 22:23:48 | 00,479,298 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2009/04/03 22:23:48 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/04/03 22:23:48 | 00,050,688 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >

and this is the extra.txt:

OTListIt Extras logfile created on: 5/2/2009 4:19:03 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OL0KYPL5
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.39 Mb Total Physical Memory | 732.98 Mb Available Physical Memory | 72.26% Memory free
2.39 Gb Paging File | 2.24 Gb Available in Paging File | 93.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.49 Gb Total Space | 155.44 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
Drive D: | 8.80 Gb Total Space | 0.45 Gb Free Space | 5.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUSH
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/02/20 14:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/09/03 18:39:00 | 00,114,688 | ---- | M] (FrostWire Group) -- C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
[2006/04/18 17:32:26 | 00,483,328 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe:*:Enabled:NETGEAR WG111v2 Smart Wizard
[2006/01/25 15:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe:*:Enabled:NETGEAR Smart Wizard
[2007/03/16 01:46:10 | 00,190,072 | ---- | M] () -- C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/04/03 15:23:58 | 03,558,648 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}" = HP Deskjet 5700
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C335F7A-1985-4C0C-AC7A-B33397981E2F}" = ErrorFix
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"CCleaner" = CCleaner (remove only)
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"FormatFactory" = FormatFactory 1.85
"FrostWire" = FrostWire 4.17.2
"HijackThis" = HijackThis 2.0.2
"HP Game Console" = HP Game Console
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"IrfanView" = IrfanView (remove only)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSNINST" = MSN
"PPLive" = PPLive 1.9
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT004613" = Tornado Jockey
"WT005513" = Super Granny
"WT005515" = Polar Bowler
"WT005517" = Blasterball 2 Remix
"WT005518" = Polar Golfer
"WT005519" = Ricochet Lost Worlds
"WT005520" = Blackhawk Striker 2
"WT005521" = Blasterball 2 Revolution
"WT005523" = Tradewinds
"WT005524" = Bounce Symphony
"WT005631" = Fairies
"WT005632" = Snowy The Bears Adventure
"WT005634" = Bejeweled 2 Deluxe
"WT005635" = Big Kahuna Reef
"WT005636" = Bookworm Deluxe
"WT005637" = Chuzzle Deluxe
"WT005638" = Diner Dash
"WT005639" = Family Feud
"WT005640" = Flip Words
"WT005641" = Insaniquarium Deluxe
"WT005642" = Jewel Quest
"WT005643" = Mah Jong Quest
"WT005644" = Mystery Case Files
"WT005645" = Poker Superstars
"WT005646" = SCRABBLE
"WT005647" = Slingo Deluxe
"WT005648" = Tennis Titans
"WT006069" = FATE
"WT006072" = Ancient Sudoku
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2009 4:05:16 AM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 4:05:21 AM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 4:05:27 AM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 4:18:25 AM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 9.0.0.2136, faulting module
unknown, version 0.0.0.0, fault address 0x1e1e1e1e.

Error - 4/30/2009 12:45:40 PM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 12:45:45 PM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 12:45:51 PM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 12:45:56 PM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 4/30/2009 12:46:02 PM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x0003e819.

Error - 5/1/2009 4:32:09 AM | Computer Name = LUSH | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 9.0.0.2136, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x0001500a.

[ System Events ]
Error - 5/1/2009 1:35:02 PM | Computer Name = LUSH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Updater Service
service to connect.

Error - 5/1/2009 1:35:02 PM | Computer Name = LUSH | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%2

Error - 5/1/2009 1:35:02 PM | Computer Name = LUSH | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10045

Error - 5/1/2009 1:35:10 PM | Computer Name = LUSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep ftsata2 Lbd

Error - 5/2/2009 4:04:21 AM | Computer Name = LUSH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Updater Service
service to connect.

Error - 5/2/2009 4:04:21 AM | Computer Name = LUSH | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%2

Error - 5/2/2009 4:04:21 AM | Computer Name = LUSH | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10045

Error - 5/2/2009 4:04:24 AM | Computer Name = LUSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep ftsata2 Lbd

Error - 5/2/2009 4:16:46 AM | Computer Name = LUSH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/2/2009 4:16:48 AM | Computer Name = LUSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep Fips ftsata2 intelppm Lbd


< End of report >

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 03 May 2009 - 10:24 AM

Please provide some feedback about the steps you take so that I understand what is going on at the other end. Thanks.

Note 1: You have downloaded and run OTListIt2 from the Temporary Internet Files. It means you have not save it on your desktop and when we empty the tempirary files it will be removed. Please download the tools and save them to your desktop.

Note 2: There no antivirus installed on the computer. We are going to run ComboFix and the next round install a good free antivirus. Please don't use the computer unless is needed for the disinfection untill an antivirus is installed.

Note 3: Downloading ComboFix and Recavery Console could be done in Safe Mode with Networking but installing Recovery Console and running Combofix should be done in normale mode.
  • Restart the computer in Safe Mode with Networking again.
    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.

  • Restart the computer in normal mode.

    Posted Image


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.

    Posted Image

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review. Tell me also about the current condition of the computer.

#8 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 03 May 2009 - 01:16 PM

ok a few things:

1. i went into safe mode to redownload and save to desktop the otlist.exe. i then ran it under safe mode. i however did not get both logs at the end. i only got the one otlistit.txt log. and this is it:

OTListIt logfile created on: 5/3/2009 1:36:26 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.39 Mb Total Physical Memory | 536.20 Mb Available Physical Memory | 52.86% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.49 Gb Total Space | 154.36 Gb Free Space | 86.97% Space Free | Partition Type: NTFS
Drive D: | 8.80 Gb Total Space | 0.45 Gb Free Space | 5.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUSH
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/08/14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2006/02/07 11:40:02 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/02/07 11:36:06 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/03/04 10:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/03 09:32:14 | 18,085,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/10/12 22:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/01/25 15:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2006/04/06 21:19:28 | 00,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
PRC - [2009/04/03 22:26:55 | 00,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/04/03 22:26:55 | 00,124,536 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2005/11/08 17:51:54 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2006/04/18 17:32:26 | 00,483,328 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
PRC - [2008/08/14 17:11:14 | 00,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/05/03 13:16:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/27 19:53:05 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/11/08 17:51:54 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/07/07 21:21:39 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/10/12 22:30:24 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/04/03 22:26:55 | 00,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/09/19 00:59:37 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/09/04 23:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\DRIVERS\WG11TND5.sys -- (AR5523 [On_Demand | Stopped])
DRV - File not found -- -- (catchme [Disabled | Running])
DRV - [2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
DRV - [2006/10/27 01:05:25 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped])
DRV - [2007/11/16 18:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/04/01 12:43:02 | 00,066,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\EAPPkt.sys -- (EAPPkt [Auto | Running])
DRV - [2005/11/08 17:51:40 | 00,007,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys -- (ELacpi [On_Demand | Running])
DRV - [2005/11/08 17:51:18 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELhid.sys -- (ELhid [System | Running])
DRV - [2005/11/08 17:51:22 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELkbd.sys -- (ELkbd [System | Running])
DRV - [2005/11/08 17:51:38 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELmon.sys -- (ELmon [System | Running])
DRV - [2005/11/08 17:51:20 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELmou.sys -- (ELmou [System | Running])
DRV - [2008/07/26 11:26:54 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/06 14:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2005/12/06 14:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys -- (HSX_DP [On_Demand | Running])
DRV - [2006/02/07 12:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/12 22:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/02/11 12:40:40 | 05,028,352 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2008/10/16 20:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2008/07/26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/07/26 15:25:48 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Running])
DRV - [2008/07/26 15:26:22 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008/07/26 15:26:44 | 04,658,584 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Running])
DRV - [2008/01/14 06:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\system32\DRIVERS\ManyCam.sys -- (ManyCam [On_Demand | Running])
DRV - [2005/10/05 18:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2004/08/10 00:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2004/08/10 00:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2005/11/02 16:47:26 | 00,010,368 | R--- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/10 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 20:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/12/26 02:47:30 | 00,272,128 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\DRIVERS\wg111v2.sys -- (RTLWUSB [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/10/02 09:57:12 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt [On_Demand | Running])
DRV - [2006/10/27 01:01:21 | 00,664,064 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2005/12/06 14:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsx [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 FB 8E 6A BE CB C9 01 [binary data]
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\S-1-5-21-3590612388-1098884098-2099720072-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\S-1-5-21-3590612388-1098884098-2099720072-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/10 01:48:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 12:35:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/04 13:32:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 17:03:54 | 00,000,000 | ---D | M]

[2008/07/07 21:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2008/07/07 21:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/23 16:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\75nw7elx.default\extensions
[2009/04/04 03:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\75nw7elx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/27 14:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\75nw7elx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/19 10:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\75nw7elx.default\extensions\ChoiceGuard@Microsoft
[2008/11/27 14:53:46 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\75nw7elx.default\searchplugins\aim-search.xml
[2009/04/23 22:38:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/19 19:28:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{021FF008-47F6-4E06-A114-CF7173B1E5D9}
[2009/02/04 13:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/09 17:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/14 12:35:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/23 22:38:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/01/23 01:05:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\Access Privileges Test
[2009/02/04 13:32:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/04 13:32:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/18 01:03:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/18 01:03:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/18 01:03:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/18 01:03:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/18 01:03:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/18 01:03:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/11/18 01:03:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Key error. File not found
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot (PC Utility Inc.)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetup = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupIDPage = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupSecurityPage = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoWorkgroupContents = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoEntireNetwork = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSharingControl = 0
O7 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\WINDOWS\system32\mclsp.dll (McAfee, Inc.)
O15 - HKU\S-1-5-21-3590612388-1098884098-2099720072-1008\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/14 00:22:04 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{fc3055c5-6bbd-11dd-92a2-001731ab962c}\Shell - "" = AutoRun
O33 - MountPoints2\{fc3055c5-6bbd-11dd-92a2-001731ab962c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc3055c5-6bbd-11dd-92a2-001731ab962c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/05/03 13:35:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\temp
[2009/05/03 13:25:06 | 10,637,39392 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/03 13:23:18 | 04,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2009/05/03 13:22:39 | 03,012,596 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2009/05/03 13:16:47 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/02 04:15:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/28 17:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/28 17:03:48 | 00,001,487 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2009/04/28 16:57:18 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Format Factory.lnk
[2009/04/27 02:31:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Unused Desktop Shortcuts
[2009/04/26 01:07:52 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/04/26 01:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/25 23:35:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/25 18:19:42 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/25 18:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix
[2009/04/25 18:11:34 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2009/04/25 18:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2009/04/25 18:11:12 | 00,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2009/04/25 12:11:50 | 00,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/04/25 12:02:51 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2009/04/25 12:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/25 03:15:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\AdobeStockPhotos
[2009/04/23 23:50:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView.lnk
[2009/04/23 23:50:36 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009/04/23 16:25:29 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2009/04/23 16:24:33 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/04/18 16:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/04/18 03:13:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Incomplete
[2009/04/15 16:37:49 | 00,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/04/15 16:37:49 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
[2009/04/15 16:37:49 | 00,001,473 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk
[2009/04/15 16:37:49 | 00,000,999 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/04/15 16:33:37 | 00,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/04/15 16:33:30 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/04/15 16:24:48 | 00,025,974 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2009/04/15 16:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/04/14 16:56:22 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 16:56:21 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 16:56:21 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 16:56:21 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 16:56:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 16:56:21 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 16:56:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 16:56:21 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 16:56:20 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 16:54:39 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/12 17:30:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/12 00:51:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\FFOutput
[2009/04/12 00:50:57 | 00,000,000 | ---D | C] -- C:\Program Files\FormatFactory
[2009/04/12 00:15:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Any Video Converter
[2009/04/12 00:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/04/11 23:53:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Search Settings
[2009/04/11 23:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2009/04/11 23:52:16 | 00,294,912 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009/04/11 23:52:13 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2009/04/11 23:52:13 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2009/04/11 23:52:13 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/04/11 23:52:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/04/11 23:52:13 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX
[2009/04/11 23:52:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL
[2009/04/11 23:52:12 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/04/11 23:52:12 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/04/11 23:52:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/04/11 23:52:12 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2009/04/11 23:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2009/04/11 23:37:44 | 00,001,579 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ManyCam 2.4.lnk
[2009/04/11 23:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ManyCam
[2009/04/11 23:36:59 | 00,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2009/04/11 16:06:25 | 00,009,993 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\econ 101 summery.rtf
[2009/04/11 15:50:08 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Econ 101 summery.doc
[2009/04/11 02:01:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Search
[2009/04/10 21:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2009/04/10 14:35:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/04/10 14:35:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/04/10 14:35:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/04/10 14:35:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/04/10 14:31:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/10 14:19:47 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/04/10 13:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search
[2009/04/10 13:50:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/10 13:50:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/04/07 21:08:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Albums
[2009/04/06 21:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/04/06 21:03:35 | 00,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2009/04/06 21:03:35 | 00,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2009/04/06 21:03:35 | 00,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2009/04/06 21:03:26 | 00,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2009/04/06 21:03:24 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/04/06 17:50:20 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/06 17:36:32 | 00,000,454 | ---- | C] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2009/04/04 03:43:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TweakNow RegCleaner
[2009/04/04 03:33:54 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/04/03 22:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2009/04/03 22:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/03 22:23:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Completed Downloads
[2009/04/03 22:23:48 | 00,479,298 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2009/04/03 22:23:48 | 00,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/04/03 22:23:48 | 00,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2009/04/03 22:23:48 | 00,000,000 | ---D | C] -- C:\Program Files\DAP
[2009/02/19 21:42:03 | 00,047,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\PROCMON20.SYS
[2008/07/26 14:42:52 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/10 20:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 20:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 20:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/31 18:22:11 | 00,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2006/10/27 01:01:21 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/27 01:01:21 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0749.sys
[2006/09/19 10:01:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/19 09:42:13 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/19 09:20:54 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/19 01:18:24 | 00,011,911 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2006/09/19 00:57:40 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/09/19 00:57:40 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/06/14 00:47:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/14 00:28:05 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/14 00:24:12 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/14 00:24:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/14 00:22:15 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/14 00:20:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/14 00:10:01 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/14 00:09:25 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/13 23:57:40 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/13 23:54:24 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/13 23:33:17 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:02:00 | 00,000,670 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 16:52:36 | 00,000,272 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/05/03 13:32:16 | 00,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/03 13:31:57 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/03 13:31:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/03 13:31:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/05/03 13:31:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/03 13:31:22 | 10,637,39392 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/03 13:31:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/03 13:31:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/05/03 13:31:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/05/03 13:23:31 | 04,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2009/05/03 13:22:52 | 03,012,596 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2009/05/03 13:16:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/03 12:00:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\VFIND.exe
[2009/04/29 19:56:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/29 14:01:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/29 01:02:57 | 00,000,670 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/29 01:02:57 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/04/28 17:03:48 | 00,001,487 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2009/04/28 16:57:18 | 00,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Format Factory.lnk
[2009/04/26 22:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/04/26 01:20:40 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/04/26 01:13:19 | 00,556,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/26 01:13:19 | 00,466,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/26 01:13:19 | 00,079,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/25 23:38:29 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2009/04/25 18:50:55 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2009/04/25 12:11:50 | 00,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/04/25 12:02:51 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2009/04/23 23:50:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView.lnk
[2009/04/18 20:34:53 | 00,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2009/04/18 20:33:51 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/15 16:33:37 | 00,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/04/11 23:37:44 | 00,001,579 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ManyCam 2.4.lnk
[2009/04/11 16:06:25 | 00,009,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\econ 101 summery.rtf
[2009/04/11 15:57:05 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Econ 101 summery.doc
[2009/04/10 22:44:58 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/04/10 14:19:47 | 00,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2009/04/10 13:50:15 | 00,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/04/10 13:42:28 | 00,294,912 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009/04/06 21:03:25 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/04/06 17:36:32 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 03:33:54 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/04/03 22:23:48 | 00,479,298 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2009/04/03 22:23:48 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/04/03 22:23:48 | 00,050,688 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >


2. ok i then still under safe mode downloaded and saved to desktop both the combofix and the sp2 microsoft bootdisk
3. i then rebooted in normal mode and dragged the sp2 install icon to the combofix icon and it asked me if i accepted the terms and i said yes and it ran the program but did not say anything about recovery consol, no scan option or install option. this is the combofix log:


ComboFix 09-05-02.4 - HP_Administrator 05/03/2009 13:28.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.614 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-02 08:17 . 2009-05-02 08:17 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-02 08:16 . 2009-05-02 08:16 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-28 21:03 . 2009-04-28 21:03 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-26 05:07 . 2009-04-26 05:07 -------- d-----w c:\program files\Trend Micro
2009-04-26 03:35 . 2009-04-26 03:35 -------- dc-h--w c:\windows\ie8
2009-04-25 22:11 . 2009-04-25 22:23 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\ErrorFix
2009-04-25 22:11 . 2009-04-25 22:38 -------- d-----w c:\program files\ErrorFix
2009-04-25 22:11 . 2009-04-25 22:11 -------- d-----w c:\program files\Downloaded Installers
2009-04-25 16:02 . 2009-04-25 16:03 -------- d-----w c:\program files\CCleaner
2009-04-24 03:50 . 2009-04-24 03:50 -------- d-----w c:\program files\IrfanView
2009-04-23 20:25 . 2009-04-23 20:32 -------- d-----w C:\32788R22FWJFW.1.tmp
2009-04-23 20:24 . 2009-04-23 20:25 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-18 20:58 . 2009-04-18 20:58 -------- d-----w c:\program files\Veoh Networks
2009-04-15 20:33 . 2009-04-15 20:33 -------- d-----w c:\program files\Logitech
2009-04-15 20:24 . 2008-07-26 19:25 627864 -c--a-w c:\windows\system32\drivers\lvrs.sys
2009-04-15 20:24 . 2008-07-26 18:46 25974 -c--a-w c:\windows\system32\Repository.reg
2009-04-15 20:24 . 2008-07-26 15:26 23832 ----a-w c:\windows\system32\drivers\lvuvcflt.sys
2009-04-15 20:23 . 2009-04-26 02:35 -------- d-----w c:\program files\Common Files\LogiShrd
2009-04-14 20:56 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 20:56 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 20:56 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 20:56 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 20:56 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 20:56 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 20:56 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 20:56 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 20:56 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 20:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-12 21:30 . 2009-04-12 21:30 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-12 04:50 . 2009-04-28 20:57 -------- d-----w c:\program files\FormatFactory
2009-04-12 04:15 . 2009-04-12 04:32 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Any Video Converter
2009-04-12 04:14 . 2009-04-12 04:32 -------- d-----w c:\program files\Any Video Converter
2009-04-12 03:53 . 2009-04-12 03:53 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Search Settings
2009-04-12 03:52 . 2009-04-12 03:52 -------- d-----w c:\program files\Search Settings
2009-04-12 03:52 . 2009-04-10 17:42 294912 ----a-w c:\windows\system32\TubeFinder.exe
2009-04-12 03:52 . 2008-06-04 21:42 101888 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-04-12 03:52 . 2008-06-04 21:42 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-04-12 03:52 . 2008-06-04 21:42 9728 ----a-w c:\windows\system32\PCCLPFR.DLL
2009-04-12 03:52 . 2008-06-04 21:42 141312 ----a-w c:\windows\system32\MSCMCFR.DLL
2009-04-12 03:52 . 2008-06-04 21:42 32768 ----a-w c:\windows\system32\CMDLGFR.DLL
2009-04-12 03:52 . 2009-04-12 03:59 -------- d-----w c:\program files\Free FLV Converter
2009-04-12 03:37 . 2009-04-12 03:37 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\ManyCam
2009-04-12 03:36 . 2009-04-12 03:37 -------- d-----w c:\program files\ManyCam 2.4
2009-04-11 06:01 . 2009-04-11 06:01 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Windows Search
2009-04-11 01:51 . 2009-04-11 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\GroupPolicy
2009-04-10 18:31 . 2009-04-15 20:33 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-04-10 17:50 . 2009-04-10 17:50 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search
2009-04-10 17:50 . 2009-04-10 17:50 -------- d-----w c:\program files\Windows Desktop Search
2009-04-10 17:50 . 2009-04-10 17:50 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-08 01:08 . 2009-04-08 01:08 -------- d-----w c:\documents and settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage
2009-04-08 01:07 . 2009-04-08 01:07 -------- d-----w c:\documents and settings\HP_Administrator\Local Settings\Application Data\HP
2009-04-07 01:03 . 2009-04-07 01:03 -------- d-----w c:\documents and settings\HP_Administrator\Local Settings\Application Data\LogMeIn
2009-04-07 01:03 . 2009-04-07 01:03 -------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2009-04-07 01:03 . 2008-10-17 00:35 28984 ----a-w c:\windows\system32\LMIport.dll
2009-04-07 01:03 . 2008-07-24 22:46 47640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2009-04-07 01:03 . 2008-10-17 00:35 83288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2009-04-07 01:03 . 2008-10-17 00:35 87352 ----a-w c:\windows\system32\LMIinit.dll
2009-04-06 21:50 . 2009-02-13 15:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-04 07:43 . 2009-04-04 07:46 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\TweakNow RegCleaner
2009-04-04 02:26 . 2009-04-09 10:40 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-04-04 02:23 . 2009-05-03 17:32 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 02:23 . 2009-04-04 02:23 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-04-04 02:23 . 2009-04-06 21:36 -------- d-----w c:\program files\DAP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 17:31 . 2005-08-31 04:17 6 -c-ha-w c:\windows\Tasks\SA.DAT
2009-05-03 17:31 . 2009-04-10 18:35 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-05-03 17:31 . 2009-04-10 18:35 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-05-03 16:00 . 2009-04-25 22:19 444 ----a-w c:\windows\Tasks\ErrorFix Scan.job
2009-04-29 23:56 . 2007-12-14 23:12 284 -c--a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-29 18:01 . 2009-01-28 19:01 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-28 21:03 . 2006-10-27 03:01 -------- d-----w c:\program files\DivX
2009-04-27 02:00 . 2009-03-13 06:36 406 ----a-w c:\windows\Tasks\SmartDefrag.job
2009-04-26 05:12 . 2006-09-19 14:03 -------- d-----w c:\program files\Common Files\AOL
2009-04-25 16:08 . 2006-09-19 05:36 -------- d-----w c:\program files\Yahoo!
2009-04-24 02:38 . 2006-06-14 03:40 -------- d-----w c:\program files\Java
2009-04-20 10:24 . 2006-06-14 04:16 -------- d-----w c:\program files\Common Files\Adobe
2009-04-19 00:31 . 2005-08-31 04:01 67 -csha-w c:\windows\Fonts\desktop.ini
2009-04-14 14:11 . 2009-02-20 06:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 01:45 . 2006-06-14 03:59 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-11 01:45 . 2006-06-14 03:53 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-11 01:44 . 2006-06-14 04:10 -------- d-----w c:\program files\Sonic
2009-04-10 18:34 . 2006-06-14 03:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 01:00 . 2008-12-04 18:21 -------- d-----w c:\program files\FrostWire
2009-04-06 21:36 . 2009-04-06 21:36 454 ----a-w c:\windows\Tasks\Wise Disk Cleaner 4.job
2009-04-06 20:59 . 2006-09-19 14:03 -------- d-----w c:\program files\Viewpoint
2009-04-06 19:32 . 2009-02-20 06:09 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-02-20 06:09 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-20 13:34 . 2008-09-14 04:09 -------- d-----w c:\program files\IObit
2009-03-20 13:26 . 2009-03-19 01:05 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 14:24 . 2006-06-14 04:08 84984 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 01:05 . 2009-03-19 00:59 -------- d-----w c:\program files\Microsoft
2009-03-19 01:04 . 2009-03-19 01:04 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-19 01:04 . 2008-03-22 14:13 -------- d-----w c:\program files\Windows Live
2009-03-19 01:03 . 2009-03-19 01:03 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 00:59 . 2009-03-19 00:59 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 00:51 . 2009-03-19 00:51 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-10 05:48 . 2009-03-10 05:48 -------- d-----w c:\program files\MSBuild
2009-03-10 05:48 . 2009-03-10 05:48 -------- d-----w c:\program files\Reference Assemblies
2009-03-09 09:19 . 2008-12-24 23:27 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2004-08-10 04:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 04:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 04:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 04:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 04:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 04:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 04:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 04:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 01:42 . 2009-02-20 01:42 47816 -c----w c:\windows\system32\drivers\PROCMON20.SYS
2009-02-11 16:40 . 2006-06-14 03:50 5028352 -c--a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-02-09 12:10 . 2004-08-10 04:00 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 22:08 . 2009-03-19 01:04 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 11:11 . 2004-08-10 04:00 110592 ------w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-10 11:00 2145280 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-10 11:00 2023936 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-10 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 13:32 . 2006-06-14 03:50 18085888 ----a-w c:\windows\RTHDCPL.EXE
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-29_04.52.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-03 17:31 . 2009-05-03 17:31 16384 c:\windows\Temp\Perflib_Perfdata_e98.dat
+ 2009-05-03 17:31 . 2009-05-03 17:31 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
- 2006-10-24 02:51 . 2009-04-14 21:50 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-10-24 02:51 . 2009-04-29 07:00 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-10-24 02:51 . 2009-04-14 21:50 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"ErrorFix"="c:\program files\ErrorFix\ErrorFix.exe" [2009-04-25 37307656]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-04-04 2811392]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-13 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2006-10-26 884840]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-1-19 745472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe"=
"c:\\Program Files\\NETGEAR\\WG111T\\wlan111t.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R0 Lbd;Lbd; [x]
R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-04-04 288368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
S3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2002-10-02 13532]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc3055c5-6bbd-11dd-92a2-001731ab962c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-05-03 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe [2009-04-25 11:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: c:\windows\system32\mclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 13:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1412)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll

- - - - - - - > 'explorer.exe'(7792)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\searchindexer.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-03 13:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 17:35
ComboFix2.txt 2009-04-29 04:56
ComboFix3.txt 2009-04-26 02:28
ComboFix4.txt 2009-04-25 20:47
ComboFix5.txt 2009-05-03 17:28

Pre-Run: 165,720,612,864 bytes free
Post-Run: 165,730,893,824 bytes free

352 --- E O F --- 2009-04-29 07:01

4. ok so after the combofix deleted the file i am able to open IE windows and programs but somtimes IE will still crash and recovery will reload the window. things are still slow on my pc lagging and crashing. when im not using the pc sometimes the graphics on the desktop go off or start distorting like the icons or task bar gets moved around and the desktop starts glitching

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 03 May 2009 - 02:00 PM

Thanks for the detailed feedback. :thumbup2:

Looks ComboFix is run before many times.
From now on we operate in normal mode unless it is mentioned.
  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 10
    Java™ 6 Update 7

  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • Please open OTListTt2.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      explorer.exe
      
      :otli
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Key error. File not found
      O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
      
      :commands
      [resethosts]
      [start explorer]
      [emptytemp]
      [Reboot]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • You are missing one important program on that computer: An antivirus.
    This is somewhat suicidal in today's digital world.
    You need to install an antivirus program as soon as you can. I recommend this good free antivirus:


    Avira
    • Download the installer. Install and update it.
    • In the left pane click Status. In the right pane click Scan system now.
    • After the scan finished let it remove what it finds and then Click Report.
    • You can get the last report also by clicking on Reports on the left pane.
    • In the right window under Action double-click on the last Scan listed (you see also the corresponding Dat/Time).
    • A window opens, click on Report file.
    • Copy and paste the content of the report to your reply.
Please include in your next reply:
  • The OTListIt2 log.
  • The log of MBAM.
  • The Avira log.
  • Any comment or feedback about how it went.


#10 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 03 May 2009 - 11:55 PM

otlistit2:
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF6C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully.
C:\Program Files\DAP\dapieloader.dll unregistered successfully.
C:\Program Files\DAP\dapieloader.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Explorer started successfully
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\temp\Perflib_Perfdata_129c.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1194.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_500.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05032009_210632

Files moved on Reboot...
File C:\Documents and Settings\HP_Administrator\Local Settings\temp\Perflib_Perfdata_129c.dat not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_1194.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_500.dat not found!

Registry entries deleted on Reboot...

MBAM log:

Malwarebytes' Anti-Malware 1.36
Database version: 2072
Windows 5.1.2600 Service Pack 3

5/3/2009 9:45:32 PM
mbam-log-2009-05-03 (21-45-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 209895
Time elapsed: 32 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280 (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-29 00-52-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-29 01-04-190.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-29 03-07-380.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-29 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-29 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-29 14-00-390.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-04-30 12-11-390.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-01 04-34-460.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-01 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-01 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-01 13-35-500.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-02 04-04-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-02 04-26-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-02 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-02 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 08-04-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 13-09-520.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 13-25-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 13-31-340.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\Logs\2009-05-03 21-08-590.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\ErrorFix\QuarantineW\2009-04-29 13-20-280\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

AVG results:

"C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.3.30.1\inst.exe";"Trojan horse Agent2.CEG";"Moved to Virus Vault"

I COULDNT GET AVIRA FOR SOME REASON WHEN I DOWNLOADED IT AND SAVED IT TO MY DESKTOP THE COMPUTER WOULDNT OPEN IT. IT SAID I NEEDED TO SELECT A PROGRAM TO OPEN IT WITH. SO I DECIDED TO DOWNLOAD AVG BUT COULDNT FIND THE LOG FOR THE RESULTS. SO I JUST COPY AND PASTED THE VIRUS INFO ON HERE. OTHER THEN THAT, EVERYTHING SEEMS TO BE NORMAL SO FAR. NOTHING HAS CRASHED YET. I WILL LET YOU KNOW THOUGH. MAYBE AFTER YOU LOOK AT THE SCAN RESULTS YOU CAN TELL ME WHAT ELS TO REMOVE. THINGS ARE KIND OF RUNNING SLOW BUT IT COULD JUST BE ME.

#11 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 04 May 2009 - 12:01 AM

ok an update, IE is still crashing, and things are running slow. so it wasnt just me.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 04 May 2009 - 04:56 AM

So to sum up you can now open applications and download things in normal mode. The remaining issues are crashing IE and slowness.

Lets first attend to the crashing IE. You are using IE8 while it is still in development and the issue of conflicting with other software is unknown. I recommend you uninstall IE8 and revert back to IE7. Then we see if the problem still exists.

#13 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 04 May 2009 - 11:26 PM

oh ok so i uninstalled IE 8 and reinstalled IE 7. but my pc still freezes or it wont open anything when i click on icons. like it wont open an IE window or any programs. it acts like its busy or somethin.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 AM

Posted 05 May 2009 - 12:08 AM

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Disconnect from the Internet and close all running programs.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.


#15 xlil_fortune_cookiex

xlil_fortune_cookiex
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 May 2009 - 01:03 AM

it wont let me send the whole log cus its way too much for the website. how do i resize it and send it to you?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users