Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect to 64.111.208.122


  • This topic is locked This topic is locked
10 replies to this topic

#1 ecomm123

ecomm123

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 May 2009 - 08:56 AM

Help - I am getting constant redirect to above ip addr. This just started this AM.

This may be related - For Info I was also infected yesterday with a Trojan that attempted to contact 91.212.65.17. I think I stopped all attempts from accessing this IP Addr. ThreatExpert reports this caused an autorun.inf file. Scanned with AVG 8.5 - removed the autorun.inf files. But I am still getting attempts to access 91.212.65.17. I have used ZoneAlarm free to block any access to this IP.

Two dds.scr text files have been uploaded as attachments.

Thanks

Ecomm123 (Hank)

Edited to place DDS reports IN-Line ~ Maurice

@Ecomm123
Please always put your report copies Inline (within body of reply text box). Don't use the attachment option. Thanks.

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 9:42:54.89 on Sun 05/10/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1400 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MigoMobile\MigoMobile PC Backup\DR\CBP\DCSchdler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MigoMobile\MigoMobile PC Backup\mgService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MigoMobile\MigoMobile PC Backup\DR\Fsloader.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MigoMobile\MigoMobile PC Backup\mgCtrl.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcback~1.lnk - c:\program files\migomobile\migomobile pc backup\mgCtrl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239897430375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
TCP: NameServer = 85.255.112.236,85.255.112.97
TCP: {81FD6DC7-C5B3-4FEB-AFD1-D8A953250015} = 85.255.112.236,85.255.112.97
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2009-4-16 77472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2009-4-16 155648]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-16 353672]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-16 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-14 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mgService;MigoMobile PCBackup Backup/Copy Engine;c:\program files\migomobile\migomobile pc backup\mgService.exe [2008-12-15 252992]
R2 Real time Backup Loader;Real time Backup Loader;c:\program files\migomobile\migomobile pc backup\dr\FsLoader.exe [2009-4-14 90112]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 efbDisk;efbDisk; [x]
S2 Backup Scheduler;Backup Scheduler;c:\program files\migomobile\migomobile pc backup\dr\cbp\DCSchdlerSRVC.exe [2009-4-14 98304]
S2 gupdate1c9c066fcf2094c;Google Update Service (gupdate1c9c066fcf2094c);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-20 33176]
S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-05-03 21:59 <DIR> --d----- c:\program files\Unlocker
2009-04-23 17:20 227 a------- c:\windows\HP_CounterReport_Update_HPSU.ini
2009-04-22 19:18 53,200 a---h--- c:\windows\system32\mlfcache.dat
2009-04-22 19:16 <DIR> --d----- c:\program files\Bonjour
2009-04-22 08:45 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-21 08:30 <DIR> --d----- c:\program files\Trend Micro
2009-04-20 12:05 28 a------- c:\windows\pdf995.ini
2009-04-20 12:02 59 a------- c:\windows\wpd99.drv
2009-04-20 12:02 249,856 a------- c:\windows\system32\pdfmona.dll
2009-04-20 12:02 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-04-20 12:02 <DIR> --d----- C:\pdf995
2009-04-17 10:55 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\GARMIN
2009-04-17 10:32 9,606 a------- c:\windows\system32\NEWSOFT
2009-04-17 10:32 264 a------- c:\windows\setup.iss
2009-04-17 10:32 11,776 a------- c:\windows\system32\pmsbfn32.dll
2009-04-17 10:32 <DIR> --d----- c:\program files\common files\NewSoft
2009-04-17 10:31 <DIR> --d----- c:\program files\common files\PDFView
2009-04-17 10:31 <DIR> --d----- c:\program files\NewSoft
2009-04-17 10:31 <DIR> --d----- c:\windows\system32\Color
2009-04-17 10:18 412 a------- c:\windows\MAXLINK.INI
2009-04-17 10:18 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-04-17 10:18 <DIR> --d----- c:\program files\ScanSoft
2009-04-17 09:32 <DIR> --d----- c:\program files\common files\CANON
2009-04-17 09:28 <DIR> --d----- c:\program files\Canon
2009-04-16 23:59 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-04-16 23:59 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2009-04-16 23:59 3,518,464 a------- c:\windows\system32\cdintf300.dll
2009-04-16 22:06 <DIR> --d----- c:\program files\Alex Feinman
2009-04-16 22:04 <DIR> --d----- c:\program files\Astonsoft
2009-04-16 21:52 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-16 21:52 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-16 14:11 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-04-16 14:11 350,192 a------- c:\windows\system32\vsconfig.xml
2009-04-16 13:39 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-16 13:19 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-16 13:18 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-04-16 13:15 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-04-16 13:15 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-16 13:15 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-04-16 13:13 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-04-16 13:13 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-04-16 13:13 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-04-16 13:13 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-04-16 13:12 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 13:12 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 13:12 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 12:26 <DIR> --d----- c:\windows\system32\scripting
2009-04-16 12:26 <DIR> --d----- c:\windows\system32\en
2009-04-16 12:26 <DIR> --d----- c:\windows\l2schemas
2009-04-16 12:26 <DIR> --d----- c:\windows\system32\bits
2009-04-16 12:22 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-16 12:20 <DIR> --d----- c:\windows\network diagnostic
2009-04-16 12:09 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-16 12:09 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-04-16 12:09 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-16 12:09 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-04-16 11:46 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-04-16 11:46 <DIR> --d----- c:\program files\Belarc
2009-04-16 11:44 <DIR> --d----- c:\windows\pss
2009-04-16 09:35 16,640 a----r-- c:\windows\system32\drivers\PalmUSBD.sys
2009-04-16 09:20 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-04-16 09:20 <DIR> --d----- c:\windows\SHELLNEW
2009-04-16 09:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 09:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-16 09:14 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-16 09:14 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-16 09:08 155,648 a------- c:\windows\system32\drivers\DCDisk.sys
2009-04-16 09:08 77,472 a------- c:\windows\system32\drivers\dcsnap.sys
2009-04-16 09:03 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-16 08:47 <DIR> --d----- C:\HankBackup_Firefox_Thunderbird
2009-04-16 01:14 <DIR> --d----- C:\SystemRoot
2009-04-16 01:13 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-16 01:07 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinBatch
2009-04-16 01:04 <DIR> --d----- c:\program files\Microsoft
2009-04-16 01:04 <DIR> --d----- C:\temp
2009-04-16 01:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 01:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-16 00:54 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-16 00:52 1,998 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX332AA-ABA m7580n_YC_0Pavi_QMXF624_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.07_T060802_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#090414_N_Z14F12F20_G10DE01D1.MRK
2009-04-16 00:51 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2009-04-16 00:50 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-04-16 00:50 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2009-04-16 00:50 <DIR> --d----- c:\documents and settings\HP_Administrator
2009-04-16 00:48 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-16 00:45 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-16 00:45 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-04-16 00:45 6,144 a------- c:\windows\system32\kbd106.dll
2009-04-16 00:45 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-04-16 00:45 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-16 00:45 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-16 00:45 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-16 00:44 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-04-16 00:15 <DIR> --dshr-- c:\windows\system32\dllcache
2009-04-15 16:46 <DIR> --d----- C:\Garmin
2009-04-15 16:32 <DIR> --d----- c:\program files\Macromedia
2009-04-15 16:32 <DIR> --d----- c:\program files\common files\Macromedia
2009-04-15 16:00 0 a------- c:\windows\QuickInstall.INI
2009-04-15 15:59 <DIR> --d----- c:\program files\LinkeSOFT
2009-04-15 15:54 <DIR> --d----- c:\program files\common files\DataViz
2009-04-15 15:54 <DIR> --d----- c:\program files\Documents To Go
2009-04-15 15:53 53,248 a------- c:\windows\PalmDevC.dll
2009-04-15 15:51 <DIR> --d----- c:\program files\Palm
2009-04-15 15:51 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-15 15:19 <DIR> --d----- c:\program files\PowerQuest
2009-04-15 09:33 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Helios
2009-04-15 09:01 <DIR> --d----- c:\program files\TextPad 5
2009-04-15 08:59 <DIR> --d----- c:\program files\IrfanView
2009-04-15 08:46 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-15 07:28 <DIR> --d----- c:\documents and settings\hp_administrator\HoldArea
2009-04-14 18:50 <DIR> --d----- c:\program files\Zone Labs
2009-04-14 18:50 <DIR> --d----- c:\windows\Internet Logs
2009-04-14 18:50 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\AVGTOOLBAR
2009-04-14 18:49 <DIR> --d----- c:\program files\AVG
2009-04-14 18:36 <DIR> --d----- c:\documents and settings\hp_administrator\ncftp
2009-04-14 18:36 <DIR> --d----- c:\documents and settings\hp_administrator\InstallAnywhere
2009-04-14 18:36 <DIR> --d----- c:\documents and settings\hp_administrator\.idl
2009-04-14 18:36 <DIR> --ds---- c:\documents and settings\hp_administrator\UserData
2009-04-14 18:22 <DIR> --dshr-- C:\cmdcons
2009-04-14 18:22 <DIR> --d----- c:\windows\setup.pss
2009-04-14 18:13 244 a------- c:\windows\system\hpsysdrv.dat
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zenturi
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Visio
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pdf995
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCTV4Me
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Metacafe
2009-04-14 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-04-14 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-04-14 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN
2009-04-14 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\espionServerData
2009-04-14 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DataViz
2009-04-14 17:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-14 16:44 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-04-14 16:43 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-04-14 15:55 1,024 ----h--- C:\diskfile1
2009-04-14 15:53 0 ----hr-- C:\tasks.ini
2009-04-14 15:53 14,336 ----h--- C:\logicinf.bin
2009-04-14 15:53 30,972 ---shr-- C:\FARSBOOT.BIO
2009-04-14 15:53 512 ---shr-- C:\FARSBOOT.BIN
2009-04-14 15:53 388 ---shr-- C:\DCMBRBIN
2009-04-14 15:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MigoMobile
2009-04-14 15:52 <DIR> --d----- c:\program files\MigoMobile

==================== Find3M ====================

2009-04-16 12:30 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-26 18:39 20 a---h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:04 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 04:11 3,068,416 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-20 04:10 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-02-20 04:10 81,920 -------- c:\windows\system32\ieencode.dll
2009-02-20 04:10 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2006-07-17 06:43 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 9:43:15.64 ===============

ATTACH.TXT :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 12:49:12 AM
System Uptime: 5/9/2009 8:27:23 PM (13 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 223.975 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.749 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
M: is CDROM (CDFS)
N: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14061186&REV_86\4&DC268A3&0&4080
Manufacturer: D-Link
Name: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14061186&REV_86\4&DC268A3&0&4080
Service: FETNDISB

==== System Restore Points ===================

RP1: 4/16/2009 12:54:38 AM - Software Distribution Service 3.0
RP2: 4/16/2009 1:03:02 AM - Installed Java™ 6 Update 13
RP3: 4/16/2009 1:03:31 AM - Installed MSN Toolbar Setup
RP4: 4/16/2009 9:03:18 AM - Removed TourSetup
RP5: 4/16/2009 9:03:53 AM - Removed Microsoft Office Standard Edition 2003
RP6: 4/16/2009 9:08:05 AM - Installed PC Backup
RP7: 4/16/2009 9:14:21 AM - Installed AVG Free 8.5
RP8: 4/16/2009 9:17:56 AM - Avg8 Update
RP9: 4/16/2009 9:19:48 AM - Installed Microsoft Office Professional Edition 2003
RP10: 4/16/2009 9:33:57 AM - Installed Palm Desktop by ACCESS
RP11: 4/16/2009 11:50:24 AM - Software Distribution Service 3.0
RP12: 4/16/2009 12:11:56 PM - Software Distribution Service 3.0
RP13: 4/16/2009 1:38:59 PM - Software Distribution Service 3.0
RP14: 4/16/2009 2:17:15 PM - Software Distribution Service 3.0
RP15: 4/16/2009 10:06:39 PM - Installed ISO Recorder
RP16: 4/16/2009 10:19:13 PM - Software Distribution Service 3.0
RP17: 4/17/2009 12:00:17 AM - Software Distribution Service 3.0
RP18: 4/17/2009 9:34:56 AM - Installed PhotoStudio
RP19: 4/17/2009 10:18:24 AM - Installed ScanSoft OmniPage SE 4
RP20: 4/17/2009 10:31:39 AM - Installed PageManager
RP21: 4/17/2009 10:32:32 AM - Installed Presto! PageManager PDF Writer
RP22: 4/17/2009 10:32:37 AM - Printer Driver PageManager PDF Writer Installed
RP23: 4/17/2009 10:41:33 AM - Installed Garmin City Navigator North America NT 2008
RP24: 4/18/2009 12:00:26 AM - Software Distribution Service 3.0
RP25: 4/18/2009 6:36:56 AM - Avg8 Update
RP26: 4/19/2009 8:30:56 PM - System Checkpoint
RP27: 4/20/2009 12:00:16 AM - Software Distribution Service 3.0
RP28: 4/20/2009 12:02:36 PM - Printer Driver PDF995 Printer Driver Installed
RP29: 4/21/2009 12:00:14 AM - Software Distribution Service 3.0
RP30: 4/21/2009 8:21:19 AM - PC Decrapifier Restore Point
RP31: 4/21/2009 8:34:05 AM - Configured Customer Experience Enhancement
RP32: 4/21/2009 8:34:23 AM - Configured easy Internet sign-up
RP33: 4/22/2009 12:00:15 AM - Software Distribution Service 3.0
RP34: 4/22/2009 7:02:36 PM - Removed Adobe Reader 7.0.5
RP35: 4/22/2009 7:09:57 PM - Installed Adobe Reader 9.1.
RP36: 4/22/2009 7:17:05 PM - Installed Safari
RP37: 4/23/2009 7:04:25 AM - Software Distribution Service 3.0
RP38: 4/23/2009 5:20:29 PM - Installed HP Product Assistant
RP39: 4/23/2009 5:21:48 PM - Removed HPSU306Stub
RP40: 4/23/2009 5:21:52 PM - Removed HP Software Update
RP41: 4/23/2009 5:57:39 PM - Installed HP Update
RP42: 4/24/2009 12:00:14 AM - Software Distribution Service 3.0
RP43: 4/25/2009 12:02:55 AM - System Checkpoint
RP44: 4/26/2009 1:02:56 AM - System Checkpoint
RP45: 4/27/2009 12:00:14 AM - Software Distribution Service 3.0
RP46: 4/28/2009 12:00:15 AM - Software Distribution Service 3.0
RP47: 4/29/2009 12:00:17 AM - Software Distribution Service 3.0
RP48: 4/30/2009 3:13:44 PM - System Checkpoint
RP49: 5/1/2009 12:00:14 AM - Software Distribution Service 3.0
RP50: 5/2/2009 12:36:02 AM - System Checkpoint
RP51: 5/3/2009 12:00:15 AM - Software Distribution Service 3.0
RP52: 5/3/2009 1:24:10 AM - Avg8 Update
RP53: 5/4/2009 5:33:22 AM - System Checkpoint
RP54: 5/5/2009 12:00:14 AM - Software Distribution Service 3.0
RP55: 5/6/2009 12:00:38 AM - System Checkpoint
RP56: 5/7/2009 7:53:20 AM - System Checkpoint
RP57: 5/8/2009 12:00:14 AM - Software Distribution Service 3.0
RP58: 5/8/2009 1:13:57 AM - Avg8 Update
RP59: 5/9/2009 1:28:01 AM - System Checkpoint
RP60: 5/9/2009 8:25:50 PM - Software Distribution Service 3.0
RP61: 5/9/2009 9:21:46 PM - PC Decrapifier Restore Point
RP62: 5/10/2009 12:00:14 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Alien Outbreak 2
Ancient Sudoku
AnswerWorks 5.0 English Runtime
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Free 8.5
Bejeweled 2 Deluxe
Belarc Advisor 7.2
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bonjour
Bookworm Deluxe
Bounce Symphony
BufferChm
CameraDrivers
CameraUserGuides
Canon CanoScan 8800F User Registration
Canon MP Navigator EX 1.0
Canon Utilities Solution Menu
CanoScan 8800F
Chuzzle Deluxe
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
D-Link PCI Fast Ethernet Adapter
Data Fax SoftModem with SmartCP
DeepBurner v1.9.0.228
Destinations
DeviceManagementQFolder
Diner Dash
DISCover
DocProc
DocumentViewer
Enhanced Multimedia Keyboard Solution
Fairies
Family Feud
FATE
Fax
Fax_CDA
FileZilla Client 3.2.4.1
Flip Words
Garmin City Navigator North America NT 2008
Garmin MapSource
getPlus® for Adobe
Google Earth
Google Earth Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Solution Center and Imaging Support Tools 6.1
HP Update
HP Web Helper
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe
InstallMgr
InstantShareDevices
ISO Recorder
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 13
Jewel Quest
LightScribe 1.4.84.1
LiveUpdate 2.7 (Symantec Corporation)
Mah Jong Quest
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Away Mode
Microsoft Default Manager
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.10)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Mystery Case Files
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
NVIDIA Drivers
OptionalContentQFolder
Otto
Palm Desktop by ACCESS
PanoStandAlone
PC-Doctor 5 for Windows
PC Backup
Pdf995
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
Presto! PageManager 7.15.16
PS8200
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2008
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
Safari
Scan
ScannerCopy
ScanSoft OmniPage SE 4
SCRABBLE
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny
Tennis Titans
Toolbox
Tornado Jockey
Tradewinds
TrayApp
Unload
Unlocker 1.8.5
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC 9.0 Runtime
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
ZoneAlarm

==== Event Viewer Messages From Past Week ========

5/7/2009 6:24:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
5/7/2009 6:24:29 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c9c066fcf2094c) service failed to start due to the following error: The system cannot find the path specified.
5/5/2009 9:35:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

==== End Of File ===========================

Edited by Maurice Naggar, 10 May 2009 - 09:12 AM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:16 AM

Posted 10 May 2009 - 09:25 AM

Hello Hank,

Remember to not use the attachment option when posting your reports. Always copy and paste the contents IN-LINE.
Start with the following.

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=
Please download & save Malwarebytes Anti-Malware from
http://www.download.com/Malwarebytes-Anti-..._4-10804572.htm or
http://www.besttechie.net/tools/mbam-setup.exe or
http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

=

Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

=

Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTListIt2 by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • contents of the MBAM scan log
  • contents of Sysclean.log
  • the contents of OTListIt.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 ecomm123

ecomm123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 May 2009 - 10:11 AM

I'm down to the Malwarebytes step. Downloaded MBAM and installed twice. MBAM will not start.
Suggestions?

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:16 AM

Posted 10 May 2009 - 10:17 AM

You should have the Mbam-setup exe on your desktop. Do a RIGHT-Click on it, and RENAME it to something like ALPHA.exe

Close any open window that is showing.
Then run Alpha
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 ecomm123

ecomm123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 May 2009 - 10:26 AM

Malwarebytes still will not run

#6 ecomm123

ecomm123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 May 2009 - 08:12 PM

Finally got Malwarebytes to run using rename trick. Log follows:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/10/2009 9:08:17 PM
mbam-log-2009-05-10 (21-08-17).txt

Scan type: Quick Scan
Objects scanned: 91159
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.236,85.255.112.97 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.236,85.255.112.97 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.236,85.255.112.97 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________________________________
TrendMicro Damage clean up engine logs follow:
SYSCLEAN.LOG: 2009-05-10, 21:30:26, Running scanner "C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN"...
2009-05-10, 22:31:37, Scanner "C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN" has finished running.
2009-05-10, 22:31:37, VSCANTM Log:

2009-05-10, 22:31:37, Files Detected:
Copyright 1990 - 2006 Trend Micro Inc.
Report Date : 5/10/2009 21:30:27
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 119 (394819/394819 Patterns) (2009/05/08) (611900)

Command Line: C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\DCE\lpt$vpn.119

144026 files have been read.
144026 files have been checked.
143988 files have been scanned.
447732 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 5/10/2009 22:31:36 1 hour 1 minute 8 seconds (3668.53 seconds) has elapsed.(25.471 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-05-10, 22:31:37, Files Clean:
Copyright 1990 - 2006 Trend Micro Inc.
Report Date : 5/10/2009 21:30:27
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 119 (394819/394819 Patterns) (2009/05/08) (611900)

Command Line: C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\DCE\lpt$vpn.119

144026 files have been read.
144026 files have been checked.
143988 files have been scanned.
447732 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 5/10/2009 22:31:36 1 hour 1 minute 8 seconds (3668.53 seconds) has elapsed.(25.471 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-05-10, 22:31:37, Clean Fail:
Copyright 1990 - 2006 Trend Micro Inc.
Report Date : 5/10/2009 21:30:27
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 119 (394819/394819 Patterns) (2009/05/08) (611900)

Command Line: C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\DCE\lpt$vpn.119

144026 files have been read.
144026 files have been checked.
143988 files have been scanned.
447732 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 5/10/2009 22:31:36 1 hour 1 minute 8 seconds (3668.53 seconds) has elapsed.(25.471 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-05-10, 22:31:37, Running scanner "C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN"...
2009-05-10, 22:47:33, Scanner "C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN" has finished running.
2009-05-10, 22:47:33, VSCANTM Log:

2009-05-10, 22:47:33, Files Detected:
Copyright 1990 - 2006 Trend Micro Inc.
Report Date : 5/10/2009 22:31:38
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 119 (394819/394819 Patterns) (2009/05/08) (611900)

Command Line: C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\DCE\lpt$vpn.119

15590 files have been read.
15590 files have been checked.
15590 files have been scanned.
95916 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 5/10/2009 22:47:33 15 minutes 53 seconds (952.52 seconds) has elapsed.(61.098 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-05-10, 22:47:33, Files Clean:
Copyright 1990 - 2006 Trend Micro Inc.
Report Date : 5/10/2009 22:31:38
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 119 (394819/394819 Patterns) (2009/05/08) (611900)

Command Line: C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\DCE\lpt$vpn.119

15590 files have been read.
15590 files have been checked.
15590 files have been scanned.
95916 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 5/10/2009 22:47:33 15 minutes 53 seconds (952.52 seconds) has elapsed.(61.098 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-05-10, 22:47:33, Clean Fail:
Copyright 1990 - 2006 Trend Micro Inc.
Report Date : 5/10/2009 22:31:38
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 119 (394819/394819 Patterns) (2009/05/08) (611900)

Command Line: C:\Documents and Settings\HP_Administrator\Desktop\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\DCE\lpt$vpn.119

15590 files have been read.
15590 files have been checked.
15590 files have been scanned.
95916 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 5/10/2009 22:47:33 15 minutes 53 seconds (952.52 seconds) has elapsed.(61.098 msec/file)

________________________________________________

OTListIt.txt Follows

OTListIt logfile created on: 5/10/2009 11:00:19 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.64% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 224.28 Gb Free Space | 77.53% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.75 Gb Free Space | 8.51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CN-799943-A
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2009/05/08 01:13:29 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/22 11:50:10 | 00,176,128 | ---- | M] () -- C:\Program Files\MigoMobile\MigoMobile PC Backup\DR\CBP\DCSchdler.exe
PRC - [2005/12/15 22:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/04/16 01:03:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/09/30 00:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/08 07:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/03 02:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2006/03/20 12:05:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2008/12/15 18:55:14 | 00,252,992 | ---- | M] (MigoMobile, by Data Transfer LLC) -- C:\Program Files\MigoMobile\MigoMobile PC Backup\mgService.exe
PRC - [2006/02/14 00:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
PRC - [2009/05/08 01:13:41 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/08 01:13:32 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/10/22 11:50:32 | 00,090,112 | ---- | M] () -- C:\Program Files\MigoMobile\MigoMobile PC Backup\DR\Fsloader.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/05/08 01:13:40 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2009/05/08 01:13:26 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/05/08 01:13:40 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/05/08 01:13:35 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2006/09/20 08:35:26 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/10/30 16:59:34 | 00,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/07 13:19:27 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/15 15:54:16 | 00,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
PRC - [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2005/12/15 21:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/12/15 18:55:14 | 00,093,248 | ---- | M] (MigoMobile, by Data Transfer LLC) -- C:\Program Files\MigoMobile\MigoMobile PC Backup\mgCtrl.exe
PRC - [2005/12/15 22:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [1998/05/07 12:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2005/08/27 04:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/05/10 21:43:57 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2004/07/15 11:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/08 01:13:26 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/05/08 01:13:29 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/10/22 11:50:10 | 00,098,304 | ---- | M] () -- C:\Program Files\MigoMobile\MigoMobile PC Backup\DR\CBP\DCSchdlerSRVC.exe -- (Backup Scheduler [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/12/15 22:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - File not found -- -- (gupdate1c9c066fcf2094c [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])
SRV - [2009/04/16 01:03:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/03/24 04:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/12/15 18:55:14 | 00,252,992 | ---- | M] (MigoMobile, by Data Transfer LLC) -- C:\Program Files\MigoMobile\MigoMobile PC Backup\mgService.exe -- (mgService [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/02/14 00:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/10/22 11:50:32 | 00,090,112 | ---- | M] () -- C:\Program Files\MigoMobile\MigoMobile PC Backup\DR\Fsloader.exe -- (Real time Backup Loader [Auto | Running])
SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Disabled | Stopped])
SRV - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/03/09 17:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/05/08 01:13:40 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/08 01:13:40 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/08 01:13:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2008/10/22 11:50:08 | 00,155,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk [System | Running])
DRV - [2008/10/22 11:50:08 | 00,077,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap [Boot | Running])
DRV - [2007/05/16 11:20:32 | 00,043,008 | ---- | M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2007/03/08 22:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2006/04/13 19:47:38 | 00,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/27 20:24:28 | 00,049,664 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/10/27 20:24:30 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/12/06 14:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2005/12/06 14:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys -- (HSX_DP [On_Demand | Running])
DRV - [2005/06/17 09:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/03/08 16:27:12 | 04,246,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/13 14:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2005/10/05 18:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/02/14 00:05:00 | 03,642,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/03/03 17:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/03/03 17:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2005/12/12 20:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/10 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/08/19 13:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/12/06 14:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsx [On_Demand | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [Disabled | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\S-1-5-21-1686019118-2362335421-1889487030-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\S-1-5-21-1686019118-2362335421-1889487030-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.delawareonline.com/apps/pbcs.dll/frontpage"
FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 07:23:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 07:23:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2006/05/31 10:34:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/04/22 19:10:25 | 00,000,000 | ---D | M]

[2009/04/15 00:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/04/15 00:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/10 10:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\vwf85yw5.default\extensions
[2009/04/15 07:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\vwf85yw5.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2009/05/02 08:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\vwf85yw5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/15 07:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\vwf85yw5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/15 15:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\vwf85yw5.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009/05/05 08:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\vwf85yw5.default\extensions\foxmarks@kei.com
[2008/07/28 10:42:14 | 00,000,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\vwf85yw5.default\searchplugins\cuil.xml
[2009/04/15 07:47:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 07:23:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 07:23:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 07:23:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 07:23:39 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/29 07:23:39 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/29 07:23:39 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 07:23:39 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/29 07:23:39 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 07:23:39 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 07:23:39 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (618526 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16469 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd (Hewlett-Packard Co.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" ()
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Backup Tray Control.lnk = C:\Program Files\MigoMobile\MigoMobile PC Backup\mgCtrl.exe (MigoMobile, by Data Transfer LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1686019118-2362335421-1889487030-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1239897430375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/31 10:47:06 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{e138e3f4-2a85-11de-9f68-001731b0153c}\Shell - "" = AutoRun
O33 - MountPoints2\{e138e3f4-2a85-11de-9f68-001731b0153c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e138e3f4-2a85-11de-9f68-001731b0153c}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/10 21:44:51 | 00,532,626 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2009/05/10 21:43:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/10 21:23:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\DCE
[2009/05/10 21:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009/05/10 20:36:40 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\alpha.exe
[2009/05/10 20:32:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
[2009/05/10 20:22:05 | 00,004,288 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/10 20:21:19 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/05/10 20:21:19 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/05/10 20:21:19 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/05/10 20:21:19 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/05/10 20:21:19 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/05/10 20:21:19 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/05/10 20:21:19 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/05/10 20:21:19 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/05/10 20:21:19 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/05/10 20:21:19 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/05/10 20:21:19 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/05/10 20:21:19 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/05/10 20:21:19 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/05/10 20:21:19 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/05/10 20:21:12 | 01,883,662 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe
[2009/05/10 20:10:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/10 20:10:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/10 11:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/10 11:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/10 09:41:59 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/05/03 21:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/05/03 21:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\U3
[2009/05/02 08:48:37 | 03,925,567 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\FileZilla_3.2.4.1_win32-setup.exe
[2009/05/02 08:48:21 | 00,000,794 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FileZilla.lnk
[2009/04/24 19:42:50 | 00,002,483 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Access 2003.lnk
[2009/04/24 19:42:42 | 00,002,509 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/04/24 19:42:18 | 00,002,495 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2009/04/23 17:20:40 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/22 19:18:00 | 00,053,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/22 19:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2009/04/22 19:17:19 | 00,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/04/22 19:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/04/22 19:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/22 19:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/22 19:12:33 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/04/22 19:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/22 19:10:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/04/22 19:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/04/22 13:59:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/04/22 08:45:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/04/21 09:02:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\PC Analysis x Cleanup logs
[2009/04/21 08:30:51 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/04/21 08:30:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/21 08:15:36 | 00,001,072 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to procexp.exe.lnk
[2009/04/21 08:13:14 | 00,001,118 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to pc-decrapifier-2.0.0.exe.lnk
[2009/04/20 15:08:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Adobe Reader 9 Installer
[2009/04/20 15:06:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/04/20 15:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/04/20 12:07:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2009/04/20 12:05:32 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/04/20 12:05:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\pdf995
[2009/04/20 12:02:29 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/04/20 12:02:28 | 00,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2009/04/20 12:02:28 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/04/20 12:02:27 | 00,000,000 | ---D | C] -- C:\pdf995
[2009/04/18 16:48:12 | 00,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/17 10:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\GARMIN
[2009/04/17 10:34:12 | 00,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon CanoScan 8800F User Registration.LNK
[2009/04/17 10:32:54 | 00,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Presto! PageManager 7.15.lnk
[2009/04/17 10:32:40 | 00,009,606 | ---- | C] () -- C:\WINDOWS\System32\NEWSOFT
[2009/04/17 10:32:27 | 00,000,264 | ---- | C] () -- C:\WINDOWS\setup.iss
[2009/04/17 10:32:14 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/04/17 10:32:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft
[2009/04/17 10:31:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PDFView
[2009/04/17 10:31:40 | 00,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2009/04/17 10:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Color
[2009/04/17 10:18:53 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/17 10:18:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ScanSoft
[2009/04/17 10:18:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2009/04/17 10:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2009/04/17 09:34:59 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/04/17 09:32:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009/04/17 09:31:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2009/04/17 09:31:03 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/04/17 09:28:39 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/04/17 07:59:38 | 00,001,618 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Quicken 2008.lnk
[2009/04/16 23:59:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2009/04/16 23:59:41 | 01,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2009/04/16 23:59:39 | 03,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2009/04/16 23:29:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Quicken
[2009/04/16 22:09:16 | 00,001,587 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TextPad (2).lnk
[2009/04/16 22:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2009/04/16 22:04:47 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DeepBurner.lnk
[2009/04/16 22:04:41 | 00,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2009/04/16 21:52:41 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/04/16 21:52:41 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/04/16 14:11:14 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/04/16 13:51:10 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/16 13:39:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/04/16 13:19:29 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/16 13:18:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/04/16 13:16:29 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/04/16 13:16:11 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 13:16:11 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 13:16:11 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 13:16:11 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 13:16:11 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 13:16:11 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 13:16:11 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 13:16:10 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/16 13:16:10 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 13:16:10 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 13:16:09 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/16 13:16:08 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/16 13:15:49 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/04/16 13:15:47 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/04/16 13:15:42 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/04/16 13:13:15 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/04/16 13:13:10 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/04/16 13:13:01 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/04/16 13:13:00 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/04/16 13:12:26 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 13:12:26 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 13:12:25 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 13:08:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/16 12:26:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/04/16 12:26:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/16 12:26:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/16 12:26:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/16 12:26:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/04/16 12:22:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/04/16 12:20:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/04/16 12:17:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/04/16 12:10:03 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/04/16 12:09:49 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/04/16 12:08:40 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/04/16 11:46:23 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2009/04/16 11:46:21 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/04/16 11:46:21 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc
[2009/04/16 11:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/16 09:35:33 | 00,016,640 | R--- | C] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys
[2009/04/16 09:34:40 | 00,001,524 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/16 09:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Albums
[2009/04/16 09:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Arcsoft
[2009/04/16 09:34:25 | 00,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk
[2009/04/16 09:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/04/16 09:20:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/04/16 09:20:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/04/16 09:19:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/04/16 09:17:07 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/04/16 09:14:33 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/16 09:14:33 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/16 09:14:28 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/16 09:14:27 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/16 09:14:25 | 35,943,645 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/16 09:14:25 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/16 09:14:25 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/16 09:14:25 | 00,051,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/16 09:14:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/16 09:08:23 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2009/04/16 09:08:23 | 00,077,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys
[2009/04/16 09:03:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/16 08:47:00 | 00,000,000 | ---D | C] -- C:\HankBackup_Firefox_Thunderbird
[2009/04/16 01:14:03 | 00,000,000 | ---D | C] -- C:\SystemRoot
[2009/04/16 01:13:42 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/04/16 01:07:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
[2009/04/16 01:04:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/16 01:04:04 | 00,000,000 | ---D | C] -- C:\temp
[2009/04/16 01:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2009/04/16 00:54:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/04/16 00:53:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Palm OS Desktop
[2009/04/16 00:53:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\PCBackup
[2009/04/16 00:52:40 | 00,001,998 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX332AA-ABA m7580n_YC_0Pavi_QMXF624_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.07_T060802_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#090414_N_Z14F12F20_G10DE01D1.MRK
[2009/04/16 00:52:37 | 21,459,64032 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/16 00:50:39 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2009/04/16 00:50:36 | 00,000,087 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2009/04/16 00:50:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/04/16 00:50:33 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini
[2009/04/16 00:50:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files
[2009/04/16 00:50:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\History
[2009/04/16 00:50:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2009/04/16 00:50:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2009/04/16 00:50:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2009/04/16 00:50:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data
[2009/04/16 00:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp
[2009/04/16 00:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2009/04/16 00:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2009/04/16 00:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2009/04/16 00:50:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2009/04/16 00:48:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/04/16 00:45:28 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/04/16 00:45:23 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/04/16 00:45:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/04/16 00:45:19 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/04/16 00:45:17 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/04/16 00:45:03 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/04/16 00:45:00 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/16 00:44:51 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/04/16 00:15:24 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/04/15 18:47:04 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/15 17:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Garmin
[2009/04/15 17:08:58 | 00,001,474 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MapSource.lnk
[2009/04/15 16:46:34 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/04/15 16:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ThursNite300
[2009/04/15 16:32:11 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2009/04/15 16:32:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/04/15 16:04:47 | 00,000,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Secret!.lnk
[2009/04/15 16:00:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/04/15 15:59:58 | 00,000,000 | ---D | C] -- C:\Program Files\LinkeSOFT
[2009/04/15 15:57:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
[2009/04/15 15:54:25 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
[2009/04/15 15:54:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DataViz
[2009/04/15 15:54:18 | 00,000,000 | ---D | C] -- C:\Program Files\Documents To Go
[2009/04/15 15:53:33 | 00,053,248 | ---- | C] (PalmSource, Inc) -- C:\WINDOWS\PalmDevC.dll
[2009/04/15 15:51:58 | 00,000,000 | ---D | C] -- C:\Program Files\Palm
[2009/04/15 15:51:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/04/15 15:44:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HotSync
[2009/04/15 15:43:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2009/04/15 15:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2009/04/15 09:33:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Helios
[2009/04/15 09:01:52 | 00,000,000 | ---D | C] -- C:\Program Files\TextPad 5
[2009/04/15 08:59:20 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView Thumbnails.lnk
[2009/04/15 08:59:13 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009/04/15 08:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\FileZilla
[2009/04/15 08:56:16 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/04/15 08:46:51 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/15 07:56:27 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/04/15 00:10:37 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/14 23:15:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/14 23:15:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
[2009/04/14 23:15:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/04/14 23:03:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Google
[2009/04/14 18:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
[2009/04/14 18:50:39 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/04/14 18:50:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/04/14 18:50:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
[2009/04/14 18:49:57 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/14 18:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/14 18:36:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2009/04/14 18:33:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\USAA DOcuments
[2009/04/14 18:33:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Temp
[2009/04/14 18:33:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stuff
[2009/04/14 18:33:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\StockStuff
[2009/04/14 18:33:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Shooting
[2009/04/14 18:28:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Shared Downloads
[2009/04/14 18:25:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HP
[2009/04/14 18:23:18 | 00,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2009/04/14 18:23:11 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2009/04/14 18:22:57 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/14 18:22:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2009/04/14 18:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\OldDriveD_Restored
[2009/04/14 18:13:30 | 00,000,244 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/04/14 18:10:44 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/04/14 18:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Web Sites
[2009/04/14 17:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Books I'm Reading
[2009/04/14 17:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2009/04/14 17:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\IBD
[2009/04/14 17:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DRP
[2009/04/14 17:27:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DelTech
[2009/04/14 17:27:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Bills
[2009/04/14 17:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/04/14 17:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/14 17:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/04/14 17:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/14 17:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visio
[2009/04/14 17:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/04/14 17:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/04/14 17:26:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/04/14 17:26:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/14 17:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/04/14 17:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCTV4Me
[2009/04/14 17:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/04/14 17:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/04/14 17:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/04/14 17:26:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/04/14 17:26:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2009/04/14 17:26:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/14 17:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/04/14 17:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/04/14 17:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/04/14 17:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/14 17:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/04/14 17:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/04/14 17:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/04/14 17:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/14 17:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/04/14 17:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/14 17:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/14 17:24:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/14 16:45:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/04/14 16:45:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/04/14 16:44:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/04/14 16:43:11 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/04/14 16:43:05 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/04/14 15:55:40 | 00,001,024 | -H-- | C] () -- C:\diskfile1
[2009/04/14 15:53:08 | 00,014,336 | -H-- | C] () -- C:\logicinf.bin
[2009/04/14 15:53:08 | 00,000,000 | RH-- | C] () -- C:\tasks.ini
[2009/04/14 15:53:03 | 00,030,972 | RHS- | C] () -- C:\FARSBOOT.BIO
[2009/04/14 15:53:03 | 00,000,512 | RHS- | C] () -- C:\FARSBOOT.BIN
[2009/04/14 15:53:03 | 00,000,388 | RHS- | C] () -- C:\DCMBRBIN
[2009/04/14 15:52:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MigoMobile
[2009/04/14 15:52:36 | 00,000,000 | ---D | C] -- C:\Program Files\MigoMobile
[2009/04/14 15:49:49 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows Explorer.lnk
[2009/04/14 15:40:11 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/05/31 11:15:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/31 10:55:02 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/31 10:50:16 | 00,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/31 10:50:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/31 10:47:23 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/31 10:45:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/31 10:34:47 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/31 10:34:10 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/31 10:19:55 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/31 10:17:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/05/31 10:16:32 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/31 10:16:32 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/31 10:16:32 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/31 10:16:31 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/31 10:16:31 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/31 10:15:22 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/31 09:55:15 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/31 09:55:15 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/31 09:55:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/05/31 09:47:52 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/03/17 20:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:02:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 16:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 10:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/10 22:21:27 | 00,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/10 21:44:51 | 00,532,626 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2009/05/10 21:43:57 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/10 21:19:15 | 00,000,244 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/10 21:15:57 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/10 21:15:40 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/10 21:15:35 | 00,014,336 | -H-- | M] () -- C:\logicinf.bin
[2009/05/10 21:15:31 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/05/10 21:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/10 21:15:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/10 21:15:21 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 20:36:46 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\alpha.exe
[2009/05/10 20:33:03 | 00,004,288 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/10 20:21:13 | 01,883,662 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe
[2009/05/10 09:41:01 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/05/09 21:21:12 | 00,001,118 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to pc-decrapifier-2.0.0.exe.lnk
[2009/05/09 10:22:20 | 00,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/05/09 09:31:39 | 35,943,645 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/09 09:31:39 | 00,051,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/08 01:13:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/08 01:13:40 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/08 01:13:40 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/08 01:13:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/07 06:24:23 | 00,001,024 | -H-- | M] () -- C:\diskfile1
[2009/05/05 21:35:01 | 00,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2009/05/02 20:01:04 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/05/02 08:48:43 | 03,925,567 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\FileZilla_3.2.4.1_win32-setup.exe
[2009/05/02 08:48:21 | 00,000,794 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FileZilla.lnk
[2009/04/30 13:15:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 01:36:37 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/04/24 19:43:07 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2009/04/24 19:42:50 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Access 2003.lnk
[2009/04/24 19:42:42 | 00,002,509 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/04/23 17:20:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/22 19:18:00 | 00,053,200 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/22 19:12:33 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/04/22 19:10:25 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/04/22 08:52:10 | 00,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 08:52:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/22 08:52:10 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/04/21 08:30:51 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/04/21 08:15:36 | 00,001,072 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to procexp.exe.lnk
[2009/04/20 12:05:32 | 00,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2009/04/20 12:02:28 | 00,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2009/04/20 12:02:28 | 00,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/04/18 16:49:01 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/18 06:36:40 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 10:34:12 | 00,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon CanoScan 8800F User Registration.LNK
[2009/04/17 10:32:54 | 00,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Presto! PageManager 7.15.lnk
[2009/04/17 10:32:41 | 00,000,264 | ---- | M] () -- C:\WINDOWS\setup.iss
[2009/04/17 10:18:53 | 00,000,412 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/17 09:32:03 | 00,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2009/04/17 09:31:50 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator EX 1.0.lnk
[2009/04/17 09:31:21 | 00,001,935 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CanoScan 8800F On-screen Manual.lnk
[2009/04/17 07:59:38 | 00,001,618 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Quicken 2008.lnk
[2009/04/17 00:04:57 | 00,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/04/16 22:09:16 | 00,001,587 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TextPad (2).lnk
[2009/04/16 22:04:47 | 00,000,757 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DeepBurner.lnk
[2009/04/16 14:00:10 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 14:00:10 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 14:00:10 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 13:55:11 | 00,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/16 13:50:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/16 13:11:22 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2009/04/16 13:10:37 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/16 12:20:09 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/16 11:46:23 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2009/04/16 09:34:40 | 00,001,524 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/16 09:34:25 | 00,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk
[2009/04/16 09:21:44 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/04/16 09:14:25 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/16 09:08:24 | 04,194,304 | RH-- | M] () -- C:\spc_kern
[2009/04/16 09:08:07 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Backup.lnk
[2009/04/16 09:08:07 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Backup Tray Control.lnk
[2009/04/16 00:52:41 | 00,001,998 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX332AA-ABA m7580n_YC_0Pavi_QMXF624_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.07_T060802_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#090414_N_Z14F12F20_G10DE01D1.MRK
[2009/04/16 00:49:12 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/15 17:19:45 | 00,001,474 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MapSource.lnk
[2009/04/15 16:40:51 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macromedia Dreamweaver 8.lnk
[2009/04/15 16:04:47 | 00,000,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Secret!.lnk
[2009/04/15 16:00:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QuickInstall.INI
[2009/04/15 15:54:25 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
[2009/04/15 15:51:38 | 00,053,248 | ---- | M] (PalmSource, Inc) -- C:\WINDOWS\PalmDevC.dll
[2009/04/15 08:59:20 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IrfanView Thumbnails.lnk
[2009/04/15 07:56:27 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/04/15 00:10:39 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/14 23:37:30 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows Explorer.lnk
[2009/04/14 23:15:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/04/14 23:15:16 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/04/14 18:17:44 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/04/14 15:53:08 | 00,000,000 | RH-- | M] () -- C:\tasks.ini

========== LOP Check ==========

[2009/04/16 00:32:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2006/05/31 10:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intuit
[2009/04/16 09:13:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2006/05/31 10:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2009/05/10 11:25:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/14 17:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/22 19:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/14 17:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/14 17:24:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/16 09:12:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2006/05/31 10:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/04/14 17:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2006/05/31 10:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/04/14 17:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/14 17:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/04/14 17:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/04/14 18:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/15 07:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/05/31 11:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/04/14 17:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/05/31 10:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/04/14 17:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2006/05/31 10:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/05/31 10:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/14 17:26:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/04/14 17:26:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/04/14 17:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/05/10 11:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/14 17:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2009/04/21 07:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/14 17:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/04/14 15:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MigoMobile
[2009/04/14 17:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/04/14 17:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/04/20 15:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/04/14 17:26:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/04/14 17:26:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCTV4Me
[2009/05/05 21:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/05/31 10:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/14 17:26:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/14 17:26:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/04/14 17:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/05/31 10:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/04/16 01:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/14 17:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/04/14 17:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visio
[2009/04/14 17:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/14 17:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/04/14 17:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/04/16 00:32:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2006/05/31 10:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intuit
[2006/05/31 11:13:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2006/05/31 10:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Real
[2009/04/14 18:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data
[2009/04/14 18:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVGTOOLBAR
[2009/04/14 18:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\HotSync
[2009/04/14 18:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Identities
[2009/04/14 18:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Intuit
[2009/04/14 18:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Macromedia
[2009/04/14 18:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Microsoft
[2009/04/14 18:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla
[2009/04/14 18:34:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Netscape
[2009/04/14 18:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Real
[2009/04/14 18:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sunbelt Software
[2009/04/14 18:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Talkback
[2009/04/14 18:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Thunderbird
[2009/05/01 09:01:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Hank\Application Data
[2009/04/20 16:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Adobe
[2009/04/20 16:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\AdobeUM
[2009/04/22 20:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Apple Computer
[2009/04/20 16:24:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\AVGTOOLBAR
[2009/05/02 08:47:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\FileZilla
[2009/04/15 00:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Google
[2009/05/01 09:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Helios
[2009/04/15 16:55:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\HotSync
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Identities
[2006/05/31 10:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Intuit
[2009/04/15 00:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Macromedia
[2009/04/25 14:53:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Hank\Application Data\Microsoft
[2009/04/15 07:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Mozilla
[2009/04/20 16:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\pdf995
[2006/05/31 10:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Real
[2009/04/16 08:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Sun
[2009/04/14 23:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Talkback
[2009/04/14 23:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\Thunderbird
[2009/04/25 15:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\U3
[2009/04/23 17:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank\Application Data\WinBatch
[2009/05/10 12:55:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data
[2009/05/10 12:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\AVGTOOLBAR
[2009/05/09 21:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\HotSync
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\Identities
[2006/05/31 10:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\Intuit
[2006/05/31 11:13:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\Microsoft
[2009/05/10 08:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\Mozilla
[2006/05/31 10:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\Real
[2009/05/10 08:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hank.CN-799943-A\Application Data\Thunderbird
[2009/05/10 21:05:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\HP_Administrator\Application Data
[2009/04/22 19:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2009/04/20 12:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2009/04/22 19:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2009/04/16 09:34:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Arcsoft
[2009/05/09 19:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
[2009/05/02 09:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\FileZilla
[2009/04/18 13:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\GARMIN
[2009/04/18 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Google
[2009/04/15 09:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Helios
[2009/04/15 15:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\HotSync
[2009/04/14 18:25:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\HP
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2006/05/31 10:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2009/04/15 15:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
[2009/04/15 16:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2009/05/10 21:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009/04/24 19:43:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2009/04/15 00:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
[2009/04/20 12:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\pdf995
[2006/05/31 10:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2009/04/17 10:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\ScanSoft
[2009/04/16 01:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2009/04/14 23:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
[2009/05/10 11:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\U3
[2009/04/16 01:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
[2006/05/31 09:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/04/16 09:13:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/05/31 09:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/04/16 09:13:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/10 22:21:27 | 00,000,902 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/05/10 21:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

OTListIt_Extras.txt Follows

OTListIt Extras logfile created on: 5/10/2009 10:58:42 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 65.81% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 224.28 Gb Free Space | 77.53% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.75 Gb Free Space | 8.51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CN-799943-A
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/05/31 10:51:07 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/12/15 21:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 22:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/24 04:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/24 04:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/24 04:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/21 07:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/21 07:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/24 05:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/21 07:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/24 04:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/10 02:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/10 02:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/24 05:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 22:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2006/03/16 05:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
[2006/03/16 05:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
File not found -- C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
[2006/05/31 10:51:07 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2009/05/08 01:13:26 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/05/03 01:24:07 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/05/08 01:13:32 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9491C880-1C35-11DE-97B2-005056806466}" = Google Earth Plugin
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}" = Garmin City Navigator North America NT 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FBC77FAC-99B4-465D-842E-3B743D8F4B9A}" = PC Backup
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Belarc Advisor" = Belarc Advisor 7.2
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"DISCover" = DISCover
"FileZilla Client" = FileZilla Client 3.2.4.1
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Backup" = PC Backup
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Pdf995" = Pdf995
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Unlocker" = Unlocker 1.8.5
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WT004613" = Tornado Jockey
"WT005513" = Super Granny
"WT005515" = Polar Bowler
"WT005517" = Blasterball 2 Remix
"WT005518" = Polar Golfer
"WT005519" = Ricochet Lost Worlds
"WT005520" = Blackhawk Striker 2
"WT005521" = Blasterball 2 Revolution
"WT005523" = Tradewinds
"WT005524" = Bounce Symphony
"WT005630" = Alien Outbreak 2
"WT005631" = Fairies
"WT005632" = Snowy The Bears Adventure
"WT005634" = Bejeweled 2 Deluxe
"WT005635" = Big Kahuna Reef
"WT005636" = Bookworm Deluxe
"WT005637" = Chuzzle Deluxe
"WT005638" = Diner Dash
"WT005639" = Family Feud
"WT005640" = Flip Words
"WT005641" = Insaniquarium Deluxe
"WT005642" = Jewel Quest
"WT005643" = Mah Jong Quest
"WT005644" = Mystery Case Files
"WT005645" = Poker Superstars
"WT005646" = SCRABBLE
"WT005647" = Slingo Deluxe
"WT005648" = Tennis Titans
"WT006069" = FATE
"WT006072" = Ancient Sudoku
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2009 10:46:06 AM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4415-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 10:46:06 AM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4416-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4410-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4411-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4412-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4413-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4414-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4415-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 12:41:32 PM | Computer Name = CN-799943-A | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{cc3c4416-2a40-11de-9f60-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070565.

Error - 5/10/2009 7:18:17 PM | Computer Name = CN-799943-A | Source = Application Error | ID = 1000
Description = Faulting application kbd.exe, version 1.0.2.2, faulting module osd.dll,
version 1.0.2.2, fault address 0x0000256f.


< End of report >


________________________________________________


Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
AVGFree8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

MVPS Hosts File
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 33 seconds.
`````````End of Log```````````

Edited by ecomm123, 10 May 2009 - 10:12 PM.


#7 ecomm123

ecomm123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 May 2009 - 10:17 PM

ALL REQUESTED SCANS ARE COMPLETE:

I'M STILL HAVING PROBLEMS WITH FIREFOX REDIRECTING GOOGLE OR YAHOO QUERIES.

ZONEALARM REPORTS SOME APPLICATION IS ATTEMPTING TO ACCESS 91.212.65.17:80.

Edited by ecomm123, 10 May 2009 - 10:29 PM.


#8 ecomm123

ecomm123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 11 May 2009 - 10:23 AM

OK I seem to have solved most of my problems. DNSredirect fixed and my PC no longer attempts to access 91.212.65.17. I fixed by running Prevx 3.0. Prevx 3.0 cleaned up the following:

vista.cjstyles in migomobile PC Backup styles director
agent.omz
gxvx......
Proxydisable
Hostsohk.exe

Lets close this thread. I still need to recover my limited account where I do most of my email.

Edited by ecomm123, 11 May 2009 - 10:23 AM.


#9 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:16 AM

Posted 11 May 2009 - 01:25 PM

I note that MBAM took out the DNS Changer infection from this system.
If you have not purchased MBAM, you should de-install it using Add-or-Remove Programs in Control Panel.

Next, we should remove the tools I had you get & run.
  • Please double-click OTListIt2.exe to run it.
  • Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTListIt2 attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
Run Disk Cleanup with the System Restore Cleanup as outlined here by Bert Kinney, MS MVP
http://bertk.mvps.org/html/diskclean.html

On your Desktop, delete the DCE folder that held the Sysclean files.

This is my usual closing advice:
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#10 ecomm123

ecomm123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 12 May 2009 - 11:13 AM

Thanks Maurice and BleepingComputer - I'm back in business

Hank

#11 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:16 AM

Posted 12 May 2009 - 10:07 PM

That's good to hear of your status. You are welcome :thumbup2:
Wish you well. I'll now close this thread.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users