Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Deleting A Folder In The Recycle Bin


  • This topic is locked This topic is locked
29 replies to this topic

#1 Fallen Angel0

Fallen Angel0

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 08 June 2009 - 03:26 PM

Hello everyone,

I've been directed here from the Windows XP Home and Professional section after quite a struggle with a stubborn problem. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/221437/problem-with-deleting-a-folder-in-the-recycle-bin/ ~ OB

I have a folder (named "Poop" due to the troubles it's been giving me) that, when sent to the recycle bin, refuses to be permanently deleted (I get the message "Cannot delete file: "). When I right-click the "Poop" folder, the properties say that it "contains "0 folders" and has a size of 0kb. Yet, when I open it, there is visibly another folder entitled "D3_B0_CA_D3_F2_D6_28OST_29W_ ......" The name seems to go on and on with the random letters and numbers. When I right-click this bizarre folder, I get only the options of "Open, Explore, Search...., Send to". It seems I can't even view the properties. I tried opening it, but nothing happens.

I suspect the problem is with the "D3_B0_CA_D3_F2_D6_......" folder. I have tried deleting/renaming/moving it to no avail, it just remains there inside Poop. The Poop folder, on the other hand, can be sent to the recycle bin; it just couldn't be emptied from there. Also, when I right-click Poop, it gives the normal options.

The kind people at Windows XP Home and Professional suggested Ccleaner, Unlocker, Malwarebytes' Anti-Malware, and KillBox. Unfortunately none of them could rid Poop nor "D3_B0_CA_D3_F2_D6_28OST_29W_ ......".

I'm not sure if the two folders are causing harm or not. One thing I noticed though, is that recently when I turn on my computer, the desktop screen would be in really low resolution and the desktop icons and the mouse pointer would be magnified. I usually turn the computer off and restart. Sometimes it'd take up to five tries to get it to load normally. I don't know if this is a separate problem or if it stems from the mysterious undeletable folders. (Though I don't think they're related as I had noticed the Poop folder's presence a while back....)


Any help at all is greatly appreciated. Also, I am very bad with computers/computer language, and would like to ask for your patience. Please and thank you!

Below is my DDS.txt



DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 12:48:51.73 on 08/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.522 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mediaminer.org/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\docume~1\hp_adm~1\desktop\downlo~1\neopet~1\neopets\toolbar\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\docume~1\hp_adm~1\desktop\downlo~1\neopet~1\neopets\toolbar\Toolbar.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: []
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UnlockerAssistant] "c:\documents and settings\hp_administrator\desktop\unlocker\UnlockerAssistant.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-3-4 185968]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-3-4 239216]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-3-4 161392]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-3-24 127088]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-2-4 53896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NAVENG.Sys [2005-9-27 73760]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NavEx15.Sys [2005-9-27 632000]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-2-4 324232]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-3-4 83568]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-20 33176]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-2-17 198368]

=============== Created Last 30 ================

2009-06-08 11:54 --d----- C:\!KillBox
2009-06-06 23:00 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 23:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 12:54 --d----- c:\program files\Ether Saga

==================== Find3M ====================

2009-05-23 17:17 7,032 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-04-13 20:58 34 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 19:59 410,984 a------- c:\windows\system32\deploytk.dll
2008-04-29 21:51 0 a------- c:\program files\temp01
2008-03-01 17:08 7,792,648 a------- c:\program files\Azureus 3.0.4.2.exe
2006-09-27 23:19 525,920 a------- c:\program files\CmdHerePowertoySetup.exe
2006-09-07 20:54 10,698,768 a------- c:\program files\sspsetup1_.exe
2006-05-18 23:29 4,789,792 a------- c:\program files\PIcasa.exe
2006-02-22 07:55 402,374,580 a------- c:\program files\SetupRubies095.exe
2006-02-19 19:04 4,038,400 a------- c:\program files\Shockwave_85_Installer_Full.exe
2006-02-16 02:47 72 a------- c:\program files\UnInst.log
2006-02-14 18:13 5,834,344 a------- c:\program files\winzip100.exe
2006-01-23 23:08 251 a------- c:\program files\wt3d.ini
2006-01-16 19:23 1,325,936 a------- c:\program files\DVDFabDecrypter29.exe
2006-01-03 01:49 563,696 a------- c:\program files\GoogleToolbarInstaller.exe
2005-12-31 15:37 11,477,288 a------- c:\program files\DivXPlay.exe
2005-12-29 18:39 8,771,600 a------- c:\program files\sspsetup1_1839229648.exe
2005-12-28 21:38 7,230,264 a------- c:\program files\Azureus_2.3.0.6_Win32.setup.exe
2005-12-28 21:17 2,897,821 a------- c:\program files\bsplayer137.826.exe
2005-12-28 19:24 9,352,392 a------- c:\program files\Install_MSN_Messenger.exe

============= FINISH: 12:49:09.89 ===============

Attached Files


Edited by Orange Blossom, 08 June 2009 - 03:33 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 18 June 2009 - 09:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:16 AM

Posted 22 June 2009 - 09:36 PM

Topic reopened.

@ Fallen Angel0,

Please post the current logs and description of your issues.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Fallen Angel0

Fallen Angel0
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 24 June 2009 - 02:39 AM

Hello,

Below is the requested DDS.txt. My apologies for replying so late. ^^; The issue is still as described in my first post.

Thank you!


DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 0:35:48.74 on 24/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.667 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\HP_Administrator\Desktop\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mediaminer.org/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\docume~1\hp_adm~1\desktop\downlo~1\neopet~1\neopets\toolbar\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\docume~1\hp_adm~1\desktop\downlo~1\neopet~1\neopets\toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [<NO NAME>]
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UnlockerAssistant] "c:\documents and settings\hp_administrator\desktop\unlocker\UnlockerAssistant.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-3-4 185968]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-3-4 239216]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-3-4 161392]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-3-24 127088]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-2-4 53896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NAVENG.Sys [2005-9-27 73760]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NavEx15.Sys [2005-9-27 632000]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-2-4 324232]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-3-4 83568]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-20 33176]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-2-17 198368]

=============== Created Last 30 ================

2009-06-10 10:44 258,352 a------- c:\windows\system32\unicows.dll
2009-06-08 11:54 <DIR> --d----- C:\!KillBox
2009-06-06 23:00 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 23:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 12:54 <DIR> --d----- c:\program files\Ether Saga

==================== Find3M ====================

2009-05-23 17:17 7,032 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:46 3,068,928 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:46 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:46 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-28 21:46 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-13 20:58 34 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2008-04-29 21:51 0 a------- c:\program files\temp01
2008-03-01 17:08 7,792,648 a------- c:\program files\Azureus 3.0.4.2.exe
2006-09-27 23:19 525,920 a------- c:\program files\CmdHerePowertoySetup.exe
2006-09-07 20:54 10,698,768 a------- c:\program files\sspsetup1_.exe
2006-05-18 23:29 4,789,792 a------- c:\program files\PIcasa.exe
2006-02-22 07:55 402,374,580 a------- c:\program files\SetupRubies095.exe
2006-02-19 19:04 4,038,400 a------- c:\program files\Shockwave_85_Installer_Full.exe
2006-02-16 02:47 72 a------- c:\program files\UnInst.log
2006-02-14 18:13 5,834,344 a------- c:\program files\winzip100.exe
2006-01-23 23:08 251 a------- c:\program files\wt3d.ini
2006-01-16 19:23 1,325,936 a------- c:\program files\DVDFabDecrypter29.exe
2006-01-03 01:49 563,696 a------- c:\program files\GoogleToolbarInstaller.exe
2005-12-31 15:37 11,477,288 a------- c:\program files\DivXPlay.exe
2005-12-29 18:39 8,771,600 a------- c:\program files\sspsetup1_1839229648.exe
2005-12-28 21:38 7,230,264 a------- c:\program files\Azureus_2.3.0.6_Win32.setup.exe
2005-12-28 21:17 2,897,821 a------- c:\program files\bsplayer137.826.exe
2005-12-28 19:24 9,352,392 a------- c:\program files\Install_MSN_Messenger.exe

============= FINISH: 0:37:00.43 ===============

Attached Files


Edited by Fallen Angel0, 24 June 2009 - 02:41 AM.


#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 25 June 2009 - 09:39 AM

Hello.

This doesn't sound like something an infection would do. We need more indepth scans though.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

With Regards,
The Panda

#6 Fallen Angel0

Fallen Angel0
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 28 June 2009 - 04:31 AM

Hello PropagandaPanda,


Below is the OTL.txt. I'll try to have the GMER log posted as soon as possible. (My computer crashed twice and the scan takes an awfully long time. >_< Sorry for the delay!)


OTL logfile created on: 27/06/2009 4:44:17 PM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1015.29 Mb Total Physical Memory | 568.72 Mb Available Physical Memory | 56.02% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.73% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 1.94 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.91 Gb Free Space | 11.42% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B27FB1C401
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/03/04 09:41:04 | 00,239,216 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/03/04 09:41:08 | 00,161,392 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/03/29 17:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/03/04 09:41:00 | 00,185,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/09/28 08:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 19:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/10 19:59:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/07/25 06:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/03/24 07:20:34 | 00,127,088 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2004/11/02 23:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/10 19:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/08/10 19:04:36 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/06/08 10:59:06 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/06/08 11:03:08 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/03/04 09:40:58 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2005/09/27 21:40:47 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/01/24 02:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2009/03/10 19:59:21 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/05/01 21:15:46 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Unlocker\UnlockerAssistant.exe
PRC - [2008/03/08 14:20:47 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2006/08/03 20:02:06 | 03,871,744 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2005/05/12 06:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/09/27 21:48:48 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/02/25 12:33:30 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/05/12 07:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2005/05/03 18:43:50 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/03 18:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/05/04 10:01:36 | 02,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [1998/05/07 09:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2005/05/05 00:21:42 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/05/05 00:21:26 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/27 16:44:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 08:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/03/04 09:41:00 | 00,185,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/03/04 09:41:04 | 00,239,216 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2005/03/04 09:41:08 | 00,083,568 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/03/04 09:41:08 | 00,161,392 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2004/09/28 08:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 19:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/04/24 21:50:46 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/05/05 00:21:26 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Running])
SRV - [2005/03/29 17:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC [Auto | Running])
SRV - [2009/03/10 19:59:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/07/25 06:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 19:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2005/03/24 07:20:34 | 00,127,088 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2005/02/17 12:01:58 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])
SRV - [2005/02/25 12:33:30 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])
SRV - [2005/02/25 12:45:26 | 00,992,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2004/11/02 23:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2005/01/28 20:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/07 18:52:48 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/08 00:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/03/08 12:43:26 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/03/08 12:43:26 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/03/08 12:43:28 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/06/08 11:27:04 | 01,050,140 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/03/09 18:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2005/06/08 16:22:20 | 03,160,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004/08/04 05:41:36 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Stopped])
DRV - [2001/08/17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005/06/20 09:00:00 | 00,073,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050620.007\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2005/06/20 09:00:00 | 00,632,000 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050620.007\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2005/01/04 02:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
DRV - [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/10 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 09:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/03/04 11:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 05:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2005/02/04 13:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2005/02/04 13:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [Auto | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/25 06:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2005/02/25 12:45:26 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2008/11/23 22:00:10 | 00,611,064 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/02/25 12:32:40 | 00,011,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])
DRV - [2005/03/07 08:57:38 | 00,123,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/02/25 12:32:42 | 00,173,176 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2005/02/25 12:32:46 | 00,036,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])
DRV - [2005/02/25 12:32:44 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped])
DRV - [2005/02/25 12:32:48 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2005/02/25 12:32:52 | 00,268,216 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mediaminer.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 19:59:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Documents and Settings\HP_Administrator\Desktop\Downloaded Programs\Neopets Toolbar\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Documents and Settings\HP_Administrator\Desktop\Downloaded Programs\Neopets Toolbar\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Documents and Settings\HP_Administrator\Desktop\Downloaded Programs\Neopets Toolbar\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Documents and Settings\HP_Administrator\Desktop\Downloaded Programs\Neopets Toolbar\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] \WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] \WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\HP_Administrator\Desktop\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpySweeper] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://sympatico.zone.msn.com/bingame/chnz...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/27 21:44:22 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/27 16:45:07 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\i05y78ik.exe
[2009/06/27 16:43:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/10 10:54:25 | 00,001,394 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ether Saga Online.lnk
[2009/06/10 10:44:13 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009/06/08 11:54:47 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/06/08 11:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Killbox
[2009/06/07 16:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Unlocker
[2009/06/06 23:00:38 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/06 23:00:35 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/06 22:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Malawarebyte
[2009/06/06 21:14:53 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/06 12:54:40 | 00,000,000 | ---D | C] -- C:\Program Files\Ether Saga
[2008/12/21 21:59:26 | 00,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/21 21:59:24 | 00,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/21 21:59:08 | 00,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/21 21:52:02 | 00,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/11/23 22:00:10 | 00,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/08 14:12:25 | 00,000,034 | ---- | C] () -- C:\WINDOWS\DVDFabDecrypter.INI
[2008/03/02 01:43:06 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/02 01:43:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/22 03:53:01 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2006/08/28 11:11:12 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/28 11:02:34 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/08/28 11:02:07 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/28 11:00:51 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/08/28 10:58:40 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/29 22:39:29 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/03/29 22:35:11 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/21 19:44:33 | 00,000,106 | ---- | C] () -- C:\WINDOWS\Njexplor.INI
[2006/01/27 01:01:16 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/28 17:20:57 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/28 17:20:57 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/27 22:14:09 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/27 21:48:02 | 00,014,290 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/27 21:47:53 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/27 21:45:12 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/27 21:39:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/27 21:34:08 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/27 21:34:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/27 21:34:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/27 21:34:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/27 21:34:08 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/27 21:34:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/27 21:27:21 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/27 21:11:53 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/27 21:08:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/09/27 21:08:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/09/27 21:08:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/09/27 21:08:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/09/27 21:08:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/09/27 21:08:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/09/27 21:08:53 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/09/27 21:08:53 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/09/27 21:08:53 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/09/27 20:51:01 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/27 20:45:38 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/27 20:45:38 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/27 20:45:14 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/21 09:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 07:10:56 | 00,542,208 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/05/09 23:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/17 04:32:38 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/16 20:21:56 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/26 22:51:38 | 00,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/14 07:54:00 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/10/15 15:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/06 11:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 16:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/07/06 22:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/27 16:47:00 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/06/27 16:45:13 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\i05y78ik.exe
[2009/06/27 16:44:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/27 16:42:12 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/27 16:39:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/27 16:39:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/27 16:39:31 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/27 16:37:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/27 16:37:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/27 16:34:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/27 16:34:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/27 15:49:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/27 15:49:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/27 00:33:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/27 00:33:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/26 21:16:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/26 21:16:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/26 21:09:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/26 21:09:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/26 21:04:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/26 21:04:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/26 20:30:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/26 20:30:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/26 20:15:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/26 20:15:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/26 02:11:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/26 02:11:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/25 14:38:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/06/25 14:38:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/06/25 13:54:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/06/25 13:54:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/06/25 13:49:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/06/25 13:49:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/25 13:45:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/25 13:45:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/25 13:41:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/25 13:41:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/06/24 17:56:26 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/06/22 22:07:47 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Sharing Folders.lnk
[2009/06/19 20:00:00 | 00,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
[2009/06/10 18:59:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/10 18:59:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/06/10 18:55:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/06/10 18:55:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/06/10 10:54:25 | 00,001,394 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ether Saga Online.lnk
[2009/06/09 23:11:11 | 00,364,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/09 21:57:15 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/08 09:38:00 | 00,757,058 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2009/06/06 12:54:36 | 00,116,960 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/01 09:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Edited by Fallen Angel0, 28 June 2009 - 04:35 AM.


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 28 June 2009 - 09:44 AM

Hello.

If GMER takes too long, uncheck the Files section in the scans.

With Regards,
The panda

#8 Fallen Angel0

Fallen Angel0
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 29 June 2009 - 06:14 PM

Hi PropagandaPanda,

Thank you for your advice on unchecking the Files section! I'm not sure whether you wanted me to attach the GMER log or to post it here, so I'll do it both ways. XD

Thank you for your time.


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 16:08:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 86E05C68 ZwConnectPort
SSDT sptd.sys ZwCreateKey [0xF73C00B0]
SSDT sptd.sys ZwEnumerateKey [0xF73C4D1C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73C50BC]
SSDT sptd.sys ZwOpenKey [0xF73C0090]
SSDT sptd.sys ZwQueryKey [0xF73C5194]
SSDT sptd.sys ZwQueryValueKey [0xF73C5014]
SSDT sptd.sys ZwSetValueKey [0xF73C5226]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F5D3C8AC 5 Bytes JMP 86DD9970

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1436] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 02C21102 C:\Documents and Settings\HP_Administrator\Desktop\Unlocker\UnlockerHook.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3388] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3408] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044E9BD C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73C0AB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73C0BEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73C0B76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73C171C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73C15F2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73E57AE] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F691D8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom 86ADF470

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 86DD81D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F6B1D8
Device \Driver\dmio \Device\DmControl\DmConfig 86F6B1D8
Device \Driver\dmio \Device\DmControl\DmPnP 86F6B1D8
Device \Driver\dmio \Device\DmControl\DmInfo 86F6B1D8
Device \Driver\usbuhci \Device\USBPDO-1 86DD81D8
Device \Driver\usbuhci \Device\USBPDO-2 86DD81D8
Device \Driver\usbuhci \Device\USBPDO-3 86DD81D8
Device \Driver\usbehci \Device\USBPDO-4 86DAB1D8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD31D8
Device \Driver\Cdrom \Device\CdRom0 86D761D8
Device \Driver\Cdrom \Device\CdRom1 86D761D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8683D1D8
Device \Driver\NetBT \Device\NetbiosSmb 8683D1D8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 86DD81D8
Device \Driver\usbuhci \Device\USBFDO-1 86DD81D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8671C7D0
Device \Driver\USBSTOR \Device\0000007b 86C41548
Device \Driver\usbuhci \Device\USBFDO-2 86DD81D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8671C7D0
Device \Driver\USBSTOR \Device\0000007c 86C41548
Device \Driver\usbuhci \Device\USBFDO-3 86DD81D8
Device \Driver\USBSTOR \Device\0000007d 86C41548
Device \Driver\usbehci \Device\USBFDO-4 86DAB1D8
Device \Driver\Ftdisk \Device\FtControl 86FD31D8
Device \Driver\USBSTOR \Device\0000007e 86C41548
Device \Driver\USBSTOR \Device\0000007f 86C41548
Device \Driver\NetBT \Device\NetBT_Tcpip_{9D8B8646-F360-470E-AB96-706FA3649ACD} 8683D1D8
Device \FileSystem\Fastfat \Fat 86ADF470

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs 86B07990
Device \FileSystem\Cdfs \Cdfs A9F3BBCE

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1297761309
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1523778288

---- EOF - GMER 1.0.15 ----

Attached Files



#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 29 June 2009 - 06:23 PM

Hello.

Let's just try nuking the recycle bin folder.

Run Fix with OTListIt
If you have lost your copy of OTListIt, please download a new one from here.
Copy the contents of the CodeBox below into the Custom Scans/Fixes.
:Files
c:\$recycle.bin\

Click the Run Fix button. The fix should take a moment to complete. Post back with the logfile that opens.

After clicking Run Fix, OTListIt may ask to reboot the machine. If so, a logfile will open after the reboot.

Does that work?

With Regards,
The Panda

Edited by PropagandaPanda, 02 July 2009 - 09:47 AM.


#10 Fallen Angel0

Fallen Angel0
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 01 July 2009 - 11:02 PM

Hi PropagandaPanda,

I'm not sure how to download OTListIt from the website you provided (http://oldtimer.geekstogo.com/OTL/). Where do I click to download it? ^^; I tried clicking everything, but I couldn't find it.

Please and thank you! ^^;

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 02 July 2009 - 09:47 AM

Hello.

Sorry.. I have fixed the link in my previous post.

With Regards,
The Panda

#12 Fallen Angel0

Fallen Angel0
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 03 July 2009 - 08:54 PM

Hello PropagandaPanda,

Thank you for the link! Below is the log file that opened after Run Fix was completed. The undeletable folder is still in the recycle bin though ^^;


========== FILES ==========
Folder c:\$recycle.bin not found.

OTL by OldTimer - Version 3.0.6.4 log created on 07032009_185013

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 04 July 2009 - 10:51 AM

Hello.

Please open to your recycling bin. Right click the empty pane ->View->Details.

From there, take a screenshot and attach it to your reply.

With Regards,
The Panda

#14 Fallen Angel0

Fallen Angel0
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 05 July 2009 - 05:24 PM

Hi PropagandaPanda ^^

Here's the attached picture. Thank you!

Attached Files



#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 05 July 2009 - 06:10 PM

Hello.

Could you please give me the original locations of the folder in question?

Do you know what they contained?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users