Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SP3 files replaced by unkown (among other things)


  • This topic is locked This topic is locked
13 replies to this topic

#1 workingonit

workingonit

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 July 2009 - 06:13 PM

My AV popped up, alerting me of 3 virus infections. 2 were quarantined, 1, win32/AMalum.ZZOCR remains as infected. At the same time, Windows file Protection popped up stating that "Files that are required for Windows to run properly have been replaced by unrecognized versions. To restore system stability, Windows must restore the original versions of these files." It then requests that I insert the SP3 cd, which I don't have, since it was a download.

All of this happened as soon as I opening Skype, and clicked on my friend's name to start a conversation. I'm assuming the events are connected.

I've attempted to go to windows update to redownload SP3, but it comes up with error 0x80072EFD. In fact, I have not been able to get windows update to work since I installed CA antivirus. It has also been blocking my nintendo wifi connector. (off-topic, i know, but i thought i'd throw it in)

Thanks for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:24 PM, on 7/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://admin.isp.netscape.com/session/limi...%26partnerid%3D
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2117173528-402153964-4170097132-1008\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-2117173528-402153964-4170097132-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-2117173528-402153964-4170097132-1008 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net/microsoft/index.html
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ez-proxy.brooklyn.c...s/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162766250140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINDOWS\system32\ nslsvice.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\Notes6\ntmulti.exe (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://chaoticdreamer.deviantart.com/

--
End of file - 13205 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 16 July 2009 - 07:08 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Thanks again and we apologzie for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 19 July 2009 - 09:00 PM

No problem at all. And sorry for my own late reply; I just returned from a trip.
At the moment, I don't have any alarming symptoms, other than windows update being unable to work. However, I'm still concerned about the files that were supposedly replaced, and the general security of my computer at the moment.



DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Administrator at 21:44:48.35 on Sun 07/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mSearch Page =
uInternet Connection Wizard,ShellNext = https://admin.isp.netscape.com/session/limi...%26partnerid%3D
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [PCDrProfiler]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [CamserviceDeluxe2] c:\program files\hercules\deluxe optical glass\Camservice.exe /startup
mRun: [VetStart] "c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe" -r
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ez-proxy.brooklyn.cuny.edu:2048/lib/brooklyn/support/plugins/ebraryRdr.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162766250140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ni54dwku.default\
FF - prefs.js: browser.startup.homepage - hxxp://chaoticdreamer.deviantart.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-07-19 15:57 16,158 a------- c:\windows\system32\tablet.dat
2009-07-16 12:17 132,760 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-07-16 12:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-05-21 21:35 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-05-21 21:35 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-05-21 21:35 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-05-21 21:35 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-17 23:33 63,936 a------- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT
2009-02-14 19:51 61,224 a------- c:\documents and settings\compaq_administrator\GoToAssistDownloadHelper.exe
2008-03-11 13:34 389,120 a------- c:\documents and settings\compaq_administrator\GoToAssist_phone__268_en.exe
2007-11-17 00:38 13,184 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2006-02-05 16:43 251 a------- c:\program files\wt3d.ini
2008-08-06 13:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 21:46:32.93 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 20 July 2009 - 10:21 AM

Hello.

Please run the following 3 more scans for me.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • [Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 23 July 2009 - 08:31 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 July 2009 - 03:14 PM

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/20/2009 6:49:50 PM
mbam-log-2009-07-20 (18-49-50).txt

Scan type: Quick Scan
Objects scanned: 143109
Time elapsed: 42 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-24 15:54:27
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF736CAF8]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xAB6436EA]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF7360B00]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xAE7DAFD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xAB64440B]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF7361388]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF736CBF0]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xAB64475C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xAB64364E]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xAB644130]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF73613A8]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF736CB46]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xAE7DA662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xAB644538]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF736C390]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A812920

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8A642EC0
Device \FileSystem\Udfs \UdfsCdRom 8A5F8EC8
Device \FileSystem\Udfs \UdfsDisk 8A5F8EC8
Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Modem \Device\00000071 kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Cdrom \Device\CdRom0 8A6A93C8
Device \FileSystem\Rdbss \Device\FsWrap 8A70B188
Device \Driver\Cdrom \Device\CdRom1 8A6A93C8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 8A5B8550
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5B8550
Device \Driver\atapi \Device\Ide\IdePort0 8A5B8550
Device \Driver\atapi \Device\Ide\IdePort1 8A5B8550
Device \Driver\atapi \Device\Ide\IdePort2 8A5B8550
Device \Driver\atapi \Device\Ide\IdePort3 8A5B8550
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 8A5B8550
Device \FileSystem\Srv \Device\LanmanServer 89A07068
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5BEFB0
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5BEFB0
Device \FileSystem\Npfs \Device\NamedPipe 8A607DF8
Device \FileSystem\Msfs \Device\Mailslot 8A61C0F0
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \FileSystem\Fastfat \Fat 8A642EC0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A6043B0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A6043B0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A6043B0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A6043B0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A6043B0
Device \FileSystem\Cdfs \Cdfs AAC34400
Device \FileSystem\Cdfs \Cdfs 89494FB0

---- Modules - GMER 1.0.15 ----

Module _________ F71EE000-F7206000 (98304 bytes)

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 7/24/2009 4:06:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.05% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.92 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.08 Gb Free Space | 14.41% Space Free | Partition Type: FAT32
Drive E: | 1.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOWSER
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/10/18 12:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2008/03/19 12:56:58 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2008/04/15 13:50:44 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2007/10/18 12:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2008/08/30 16:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/09/29 19:48:58 | 00,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2005/06/21 02:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/06/17 16:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
PRC - [2008/08/30 16:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/08/28 11:52:50 | 00,189,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/09/25 14:54:24 | 00,229,952 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2009/05/21 21:35:50 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2008/08/30 16:14:36 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
PRC - [2009/02/14 20:22:15 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2008/08/28 11:52:50 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2006/09/25 14:54:22 | 00,451,136 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/04/19 22:45:34 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2005/06/17 16:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\TabUserW.exe
PRC - [2009/05/21 21:35:50 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2008/08/27 19:44:28 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2008/08/27 19:44:28 | 00,185,584 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/07/23 01:23:28 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/24 16:06:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/08/24 22:16:48 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/01 15:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2009/05/21 21:35:50 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
SRV - [2008/08/30 16:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/09/25 14:54:22 | 00,451,136 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/09/29 19:48:58 | 00,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2005/06/21 02:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - File not found -- -- (Lotus Notes Single Logon [Auto | Stopped])
SRV - [2008/01/08 14:54:59 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - File not found -- -- (Multi-user Cleanup Service [Auto | Stopped])
SRV - [2008/08/27 19:44:28 | 00,185,584 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Running])
SRV - [2008/02/07 13:07:04 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10 [Auto | Stopped])
SRV - [2008/02/07 13:06:56 | 01,112,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Stopped])
SRV - [2008/02/07 13:07:04 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10 [Auto | Stopped])
SRV - File not found -- -- (SessionLauncher [Auto | Stopped])
SRV - [2005/06/17 16:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2007/10/18 12:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Running])
SRV - [2007/10/18 12:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Running])
SRV - [2008/03/19 12:56:58 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Running])
SRV - [2008/04/15 13:50:44 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Running])
SRV - [2008/08/30 16:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/23 13:20:06 | 00,158,720 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2008/09/24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 10:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2008/12/01 18:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/07/20 19:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2007/08/06 16:29:46 | 00,094,720 | ---- | M] (Guillemot Corporation) -- C:\WINDOWS\System32\DRIVERS\camfilt2.sys -- (camfilt2 [On_Demand | Running])
DRV - [2006/07/14 15:03:02 | 00,014,448 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/02/25 01:04:45 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2006/12/27 23:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/05/16 02:17:22 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/05/16 02:17:22 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/05/16 02:17:23 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/03/09 14:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2004/09/30 02:27:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2008/03/21 17:00:06 | 00,063,504 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxagent.sys -- (KmxAgent [System | Running])
DRV - [2008/06/04 13:27:44 | 00,134,648 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxCF.sys -- (KmxCF [Auto | Running])
DRV - [2008/05/30 17:56:30 | 00,088,816 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxcfg.sys -- (KmxCfg [On_Demand | Running])
DRV - [2008/03/21 17:00:06 | 00,045,584 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxFile.sys -- (KmxFile [System | Running])
DRV - [2008/03/19 12:56:58 | 00,115,216 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxfw.sys -- (KmxFw [System | Running])
DRV - [2008/03/21 17:00:06 | 00,066,576 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxSbx.sys -- (KmxSbx [Auto | Running])
DRV - [2008/03/19 12:56:58 | 00,093,712 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart [Boot | Running])
DRV - [2004/08/04 01:41:36 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Stopped])
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/04/09 16:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass [Boot | Running])
DRV - [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/06 04:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/04/10 01:02:17 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2005/03/04 07:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/25 02:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2007/07/17 19:07:42 | 10,371,072 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3 [On_Demand | Running])
DRV - [2006/06/27 08:56:50 | 00,031,872 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\superwebcam.sys -- (SUPERWEBCAM [On_Demand | Running])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2009/05/21 21:35:49 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
DRV - [2009/05/21 21:35:49 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
DRV - [2009/02/14 20:24:47 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
DRV - [2009/02/14 20:24:47 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
DRV - [2009/05/21 21:35:49 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
DRV - [2009/05/21 21:35:49 | 00,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\S-1-5-21-2117173528-402153964-4170097132-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://chaoticdreamer.deviantart.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 01:23:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/23 01:23:41 | 00,000,000 | ---D | M]

[2008/06/18 01:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions
[2008/06/18 01:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/24 15:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions
[2009/04/02 18:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/07/24 15:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/23 19:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2009/06/16 16:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\personas@christopher.beard
[2009/07/24 15:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\staged-xpis
[2008/06/03 13:09:58 | 00,001,340 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\bbcnews.xml
[2008/05/27 08:51:07 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\dictionary.xml
[2009/07/22 20:17:51 | 00,001,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\ign.xml
[2009/07/22 20:17:51 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\ultralinguaE2F.xml
[2009/07/22 20:17:51 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\ultralinguaF2E.xml
[2008/06/18 23:48:14 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\wikipedia.xml
[2009/02/08 19:35:49 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\winamp-search.xml
[2008/06/03 13:10:00 | 00,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\youtube.xml
[2009/07/24 10:59:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/23 01:23:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/21 11:19:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/07/23 01:23:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 01:23:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2006/09/03 14:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2005/11/29 18:28:00 | 00,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/23 01:23:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (288963 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9963 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe File not found
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [CamserviceDeluxe2] File not found
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe (CA)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VetStart] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
O4 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008..\Run: [Aim6] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.ez-proxy.brooklyn.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1162766250140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWnp.Dll (CA)
O24 - Desktop Components:0 () - http://chaoticdreamer.deviantart.com/
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/17 00:32:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6ad51757-1bbd-11de-9ebf-0013d4ae0502}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad51757-1bbd-11de-9ebf-0013d4ae0502}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ad51757-1bbd-11de-9ebf-0013d4ae0502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{902f8a7a-fc1a-11dc-9c35-0013d4ae0502}\Shell - "" = AutoRun
O33 - MountPoints2\{902f8a7a-fc1a-11dc-9c35-0013d4ae0502}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{902f8a7a-fc1a-11dc-9c35-0013d4ae0502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c9448b2c-acd8-11db-9930-0013d4ae0502}\Shell - "" = AutoRun
O33 - MountPoints2\{c9448b2c-acd8-11db-9930-0013d4ae0502}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9448b2c-acd8-11db-9930-0013d4ae0502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/24 16:06:05 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/07/24 12:17:54 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.exe
[2009/07/23 17:17:13 | 00,492,146 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\faux stone pendants.jpg
[2009/07/23 14:58:08 | 00,910,735 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\0hyena.png
[2009/07/22 00:08:47 | 02,539,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246462506.renardv_nerevar.mp3
[2009/07/22 00:06:21 | 03,058,206 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246388210.renardv_01_snakes_and_ladders.mp3
[2009/07/21 10:21:59 | 00,101,983 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Image1.pspimage
[2009/07/19 18:00:35 | 01,703,810 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\suzanne vega - tom's diner.MP3
[2009/07/19 17:44:49 | 00,879,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1248031148.takshadowing_doorsign1.png
[2009/07/15 11:42:49 | 11,646,816 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spring Blossoms.mp3
[2009/07/14 23:40:47 | 00,045,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\frodragon.png
[2009/07/14 23:34:20 | 01,257,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Cooking by the Book A Lil Bigger Mix by Mastgrr.mp3
[2009/07/14 22:18:14 | 04,177,724 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\01-jace_everett-bad_things.mp3
[2009/07/12 00:36:19 | 03,765,093 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what 2.pspimage
[2009/07/12 00:19:28 | 00,296,966 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\public_service_announcement_by_Bob_Rz.jpg
[2009/07/12 00:18:53 | 00,294,121 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\starfox2gcn_040804_000.jpg
[2009/07/11 23:15:38 | 00,141,245 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\stage06_070713e-l.jpg
[2009/07/11 23:10:10 | 00,259,039 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rabbit-01.jpg
[2009/07/09 18:10:13 | 00,745,794 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what.pspimage
[2009/07/02 03:25:18 | 02,226,955 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246230029.aureametaphus_mmx_zelda.mp3
[2009/07/02 03:25:07 | 01,735,053 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246234024.renardv_vidja.mp3
[2009/07/02 02:15:21 | 07,253,536 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\2 many dj's - Soulwax - Michael Jackson vs Rick Astley.mp3
[2009/07/01 23:57:26 | 00,034,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\6449_96283324772_506719772_2021240_1740879_n.jpg
[2009/07/01 18:25:08 | 01,024,172 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Crispi's Cuts Bus Card.odt
[2009/06/30 23:13:03 | 00,186,521 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\skaetch2.jpg
[2009/06/25 22:20:36 | 00,251,037 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\pigeon.jpg
[2009/02/19 00:58:00 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/02/19 00:58:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/02/19 00:58:00 | 00,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/09/05 13:16:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/09 16:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/23 14:12:53 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2007/12/14 00:42:18 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/10 13:55:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/10 13:55:40 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/06 13:47:46 | 00,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2007/04/06 13:45:25 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2007/04/06 13:45:16 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\guidgen.dll
[2007/04/06 13:41:34 | 00,000,063 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2007/03/26 22:38:22 | 00,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2006/09/22 23:58:10 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/09/11 09:34:54 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/24 21:33:53 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/05/25 15:32:53 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/04/27 19:35:56 | 00,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2006/04/27 19:35:56 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2006/01/12 00:16:33 | 00,747,008 | ---- | C] () -- C:\WINDOWS\System32\CBJINST.DLL
[2006/01/12 00:16:33 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\CJPREF.INI
[2006/01/11 12:59:04 | 00,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/01/10 12:01:02 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/06 23:57:39 | 00,023,243 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/16 20:56:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/16 20:31:59 | 00,012,962 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/16 20:31:53 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/16 20:29:56 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/16 20:26:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 20:22:41 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/16 20:22:40 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/16 20:22:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/16 20:22:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/16 20:22:40 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/16 20:22:40 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/16 20:16:24 | 00,000,225 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/16 20:12:20 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/16 20:10:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/16 20:10:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/16 20:10:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/16 20:09:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/08/16 19:56:09 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/16 19:52:25 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/08/16 19:52:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/08/16 19:52:05 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/07 09:07:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/09 19:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/17 00:32:38 | 00,000,579 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/16 16:21:56 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/07/26 18:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files]
[2009/07/24 16:06:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/07/24 10:46:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/24 10:46:28 | 00,016,158 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/07/24 10:46:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/24 10:46:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/24 10:45:51 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/24 01:01:23 | 00,134,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/07/24 01:01:23 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/07/23 17:17:13 | 00,492,146 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\faux stone pendants.jpg
[2009/07/23 14:58:09 | 00,910,735 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\0hyena.png
[2009/07/22 00:08:48 | 02,539,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246462506.renardv_nerevar.mp3
[2009/07/22 00:06:24 | 03,058,206 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246388210.renardv_01_snakes_and_ladders.mp3
[2009/07/21 10:22:00 | 00,101,983 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Image1.pspimage
[2009/07/19 20:22:24 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Compaq_Administrator at 8 22 PM.job
[2009/07/19 18:01:25 | 01,703,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\suzanne vega - tom's diner.MP3
[2009/07/19 17:44:53 | 00,879,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1248031148.takshadowing_doorsign1.png
[2009/07/16 10:51:26 | 01,024,172 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Crispi's Cuts Bus Card.odt
[2009/07/15 11:43:04 | 11,646,816 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spring Blossoms.mp3
[2009/07/14 23:40:47 | 00,045,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\frodragon.png
[2009/07/14 23:35:38 | 01,257,671 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Cooking by the Book A Lil Bigger Mix by Mastgrr.mp3
[2009/07/14 22:20:00 | 04,177,724 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\01-jace_everett-bad_things.mp3
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 01:20:36 | 03,765,093 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what 2.pspimage
[2009/07/12 00:20:33 | 00,296,966 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\public_service_announcement_by_Bob_Rz.jpg
[2009/07/12 00:19:19 | 00,294,121 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\starfox2gcn_040804_000.jpg
[2009/07/11 23:15:51 | 00,141,245 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\stage06_070713e-l.jpg
[2009/07/11 23:10:30 | 00,259,039 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rabbit-01.jpg
[2009/07/09 18:10:13 | 00,745,794 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what.pspimage
[2009/07/05 23:20:32 | 00,034,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\6449_96283324772_506719772_2021240_1740879_n.jpg
[2009/07/05 22:44:52 | 00,074,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 03:25:18 | 02,226,955 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246230029.aureametaphus_mmx_zelda.mp3
[2009/07/02 03:25:07 | 01,735,053 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246234024.renardv_vidja.mp3
[2009/07/02 02:15:26 | 07,253,536 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\2 many dj's - Soulwax - Michael Jackson vs Rick Astley.mp3
[2009/06/30 23:11:57 | 00,186,521 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\skaetch2.jpg
[2009/06/25 22:20:37 | 00,251,037 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\pigeon.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Weeeek.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Weeeek Ringtone.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Voice Meme.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Sun is Shining (Funkstar De Luxe Mix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Storm World.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\StargateAtlantisChorus2.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Stargate Atlantis Chorus.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Sha Na Na (Japanese Wine)- English Ver..mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Running in the Future.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\One Missed Call.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Never Go To Work.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\My Lovin' (You're Never Gonna Get It).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Losing Horn.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Losing Horn (High Quality).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Live Your Life.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Kumikyoku Nico Nico Douga (15 Users Ver.).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Knock Em Out.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Jurassic - Aledon's Theme.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Green Light.mp3:Roxio EMC Stream
< End of report >



OTL Extras logfile created on: 7/24/2009 4:06:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.05% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.92 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.08 Gb Free Space | 14.41% Space Free | Partition Type: FAT32
Drive E: | 1.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOWSER
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"9000:TCP" = 9000:TCP:*:Enabled:Open Canvas
"24903:TCP" = 24903:TCP:*:Enabled:BitComet 24903 TCP
"24903:UDP" = 24903:UDP:*:Enabled:BitComet 24903 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1136914948\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1136914948\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1136914948\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1136914948\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Documents and Settings\Compaq_Administrator\Desktop\OC11B72.EXE" = C:\Documents and Settings\Compaq_Administrator\Desktop\OC11B72.EXE:*:Enabled:OC11B72 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Steam\steamapps\common\reaxxion\Reaxxion.exe" = C:\Program Files\Steam\steamapps\common\reaxxion\Reaxxion.exe:*:Enabled:Reaxxion -- ()
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008EF266-872C-4D71-9D9D-C4A9B9B733D7}" = PlayLinc
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0C8EE4CE-981E-4E7C-A2B5-2EA68A645589}" = D4100_Help
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FA82FAD-004E-4F6D-B4F2-3923A91787DC}" = Roxio RecordNow 10 Music Lab
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{20B8FD81-A71D-42ea-B887-07A616069E63}" = D4100
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33F42836-EDFF-44E2-99ED-525CCE864C90}" = Adobe Flash Media Live Encoder 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{36F4AF22-A159-4E0F-AABE-67638D2B939D}" = Super Webcam
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio RecordNow 10 Music Lab
"{55C74BB8-1288-4D9D-82AE-B70910C136B7}" = A430
"{56298F72-C2CC-4FE5-ACEA-30C7A866BF4C}" = Hercules Deluxe Optical Glass
"{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}" = iTunes
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F5771B09-EF1D-4BD7-9B20-ECE7DAE17C1C}" = A430_Help
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDCE6406-DCBB-4D63-BA34-227E18518873}" = CameraDrivers
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AT&T Connection Services Software" = AT&T Worldnet Service
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Compaq Game Console" = Compaq Game Console and games
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"eTrust Suite Personal" = CA Internet Security Suite
"FL Studio 8" = FL Studio 8
"FoneSync" = FoneSync
"Hamachi" = Hamachi 1.0.1.5
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Lotus Notes" = Lotus Notes
"Lotus Notes for Home users" = Lotus Notes for Home users
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PoiZone" = PoiZone
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 12900" = Audiosurf
"Steam App 15950" = Reaxxion
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"StepMania" = StepMania (remove only)
"StepMania CVS" =
"SysInfo" = Creative System Information
"Tablet Driver" = Tablet
"Toxic Biohazard" = Toxic Biohazard
"VETWIN32Vp5" = CA Anti-Virus
"ViewpointMediaPlayer" = Viewpoint Media Player
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xplorer2l" = xplorer² lite
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.4.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2009 11:18:04 AM | Computer Name = BOWSER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 7/2/2009 11:21:11 AM | Computer Name = BOWSER | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

Error - 7/2/2009 11:22:07 AM | Computer Name = BOWSER | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00aa1545.

Error - 7/6/2009 4:03:55 PM | Computer Name = BOWSER | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

Error - 7/20/2009 7:09:12 PM | Computer Name = BOWSER | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

Error - 7/21/2009 9:34:49 AM | Computer Name = BOWSER | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00aa037d.

Error - 7/21/2009 5:20:24 PM | Computer Name = BOWSER | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 5:31:27 PM | Computer Name = BOWSER | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 5:31:31 PM | Computer Name = BOWSER | Source = Application Hang | ID = 1001
Description = Fault bucket 243589480.

Error - 7/24/2009 12:59:57 AM | Computer Name = BOWSER | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

[ System Events ]
Error - 7/24/2009 12:44:41 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 7/24/2009 10:46:28 AM | Computer Name = BOWSER | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 7/24/2009 10:46:28 AM | Computer Name = BOWSER | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 7/24/2009 10:46:31 AM | Computer Name = BOWSER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/24/2009 10:46:32 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 7/24/2009 10:46:54 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 7/24/2009 10:47:03 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 7/24/2009 10:47:44 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 7/24/2009 10:47:44 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 7/24/2009 10:47:44 AM | Computer Name = BOWSER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding


< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 25 July 2009 - 09:39 AM

Hello.

Let's update your Java and run an online scan. Then, let me know what happens when you access the windows update site. Is your automatic updates functioning?

Update Java to Version 6 Update 14

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for Java Runtime Environment (JRE) JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.


Take a new OTL run and post back with the logs as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 27 July 2009 - 01:17 PM

Is everything okay?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 27 July 2009 - 09:52 PM

Sorry about that. Things have been a bit busy on my end recently. I greatly appreciate the pokes; I tend to lose track of things.

During the Kapersky scan, CA anti-virus popped up with a virus infection alert, which I took a screenshot of here: http://img.photobucket.com/albums/v625/Cha...mer/CAalert.png


KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, July 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 27, 2009 23:18:29
Records in database: 2555898
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 180745
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 03:36:24

File name Threat name Threats count
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\SIUPUVKF\divx20[1] Infected: Trojan.Win32.Monder.cmeu 1
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
D:\I386\Apps\APP17561\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
The selected area was scanned.


OTL logfile created on: 7/27/2009 10:47:07 PM - Run 2
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.98% Memory free
3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 156.66 Gb Free Space | 69.52% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.08 Gb Free Space | 14.41% Space Free | Partition Type: FAT32
Drive E: | 1.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOWSER
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/10/18 12:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2008/03/19 12:56:58 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2008/04/15 13:50:44 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2007/10/18 12:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2008/08/30 16:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/09/29 19:48:58 | 00,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2005/06/21 02:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/06/17 16:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
PRC - [2008/08/30 16:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/08/28 11:52:50 | 00,189,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/09/25 14:54:24 | 00,229,952 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2007/04/16 16:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/05/21 21:35:50 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2008/08/30 16:14:36 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
PRC - [2009/02/14 20:22:15 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2008/08/28 11:52:50 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2006/09/25 14:54:22 | 00,451,136 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:35:50 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2006/04/19 22:45:34 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2005/06/17 16:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\TabUserW.exe
PRC - [2008/08/27 19:44:28 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2008/08/27 19:44:28 | 00,185,584 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/07/27 17:53:35 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/23 01:23:28 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/27 17:53:34 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/07/27 18:00:13 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\ScanningProcess.exe
PRC - [2009/07/24 16:06:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/08/24 22:16:48 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/01 15:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2009/05/21 21:35:50 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
SRV - [2008/08/30 16:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/09/25 14:54:22 | 00,451,136 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/09/29 19:48:58 | 00,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2005/06/21 02:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - File not found -- -- (Lotus Notes Single Logon [Auto | Stopped])
SRV - [2008/01/08 14:54:59 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - File not found -- -- (Multi-user Cleanup Service [Auto | Stopped])
SRV - [2008/08/27 19:44:28 | 00,185,584 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Running])
SRV - [2008/02/07 13:07:04 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10 [Auto | Stopped])
SRV - [2008/02/07 13:06:56 | 01,112,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Stopped])
SRV - [2008/02/07 13:07:04 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10 [Auto | Stopped])
SRV - File not found -- -- (SessionLauncher [Auto | Stopped])
SRV - [2005/06/17 16:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2007/10/18 12:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Running])
SRV - [2007/10/18 12:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Running])
SRV - [2008/03/19 12:56:58 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Running])
SRV - [2008/04/15 13:50:44 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Running])
SRV - [2008/08/30 16:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/07/27 17:53:35 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/23 13:20:06 | 00,158,720 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2008/09/24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 10:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2008/12/01 18:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/07/20 19:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2007/08/06 16:29:46 | 00,094,720 | ---- | M] (Guillemot Corporation) -- C:\WINDOWS\System32\DRIVERS\camfilt2.sys -- (camfilt2 [On_Demand | Running])
DRV - [2006/07/14 15:03:02 | 00,014,448 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/02/25 01:04:45 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2006/12/27 23:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/05/16 02:17:22 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/05/16 02:17:22 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/05/16 02:17:23 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/03/09 14:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2004/09/30 02:27:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2008/03/21 17:00:06 | 00,063,504 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxagent.sys -- (KmxAgent [System | Running])
DRV - [2008/06/04 13:27:44 | 00,134,648 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxCF.sys -- (KmxCF [Auto | Running])
DRV - [2008/05/30 17:56:30 | 00,088,816 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxcfg.sys -- (KmxCfg [On_Demand | Running])
DRV - [2008/03/21 17:00:06 | 00,045,584 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxFile.sys -- (KmxFile [System | Running])
DRV - [2008/03/19 12:56:58 | 00,115,216 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxfw.sys -- (KmxFw [System | Running])
DRV - [2008/03/21 17:00:06 | 00,066,576 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxSbx.sys -- (KmxSbx [Auto | Running])
DRV - [2008/03/19 12:56:58 | 00,093,712 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart [Boot | Running])
DRV - [2004/08/04 01:41:36 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Stopped])
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/04/09 16:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass [Boot | Running])
DRV - [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/06 04:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/04/10 01:02:17 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2005/03/04 07:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/25 02:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2007/07/17 19:07:42 | 10,371,072 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3 [On_Demand | Running])
DRV - [2006/06/27 08:56:50 | 00,031,872 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\superwebcam.sys -- (SUPERWEBCAM [On_Demand | Running])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2009/05/21 21:35:49 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
DRV - [2009/05/21 21:35:49 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
DRV - [2009/02/14 20:24:47 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
DRV - [2009/02/14 20:24:47 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
DRV - [2009/05/21 21:35:49 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
DRV - [2009/05/21 21:35:49 | 00,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\S-1-5-21-2117173528-402153964-4170097132-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://chaoticdreamer.deviantart.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/27 17:53:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 01:23:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/27 17:53:49 | 00,000,000 | ---D | M]

[2008/06/18 01:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions
[2008/06/18 01:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/27 19:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions
[2009/04/02 18:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/07/24 15:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/23 19:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2009/06/16 16:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\personas@christopher.beard
[2009/07/24 15:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\ni54dwku.default\extensions\staged-xpis
[2008/06/03 13:09:58 | 00,001,340 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\bbcnews.xml
[2008/05/27 08:51:07 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\dictionary.xml
[2009/07/22 20:17:51 | 00,001,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\ign.xml
[2009/07/22 20:17:51 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\ultralinguaE2F.xml
[2009/07/22 20:17:51 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\ultralinguaF2E.xml
[2008/06/18 23:48:14 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\wikipedia.xml
[2009/02/08 19:35:49 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\winamp-search.xml
[2008/06/03 13:10:00 | 00,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\ni54dwku.default\searchplugins\youtube.xml
[2009/07/27 19:24:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/23 01:23:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/27 17:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/23 01:23:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 01:23:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2006/09/03 14:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/27 17:53:35 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2005/11/29 18:28:00 | 00,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/23 01:23:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 17:22:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (288963 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9963 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe File not found
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [CamserviceDeluxe2] File not found
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe (CA)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VetStart] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
O4 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008..\Run: [Aim6] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-2117173528-402153964-4170097132-1008\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.ez-proxy.brooklyn.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1162766250140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWnp.Dll (CA)
O24 - Desktop Components:0 () - http://chaoticdreamer.deviantart.com/
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/17 00:32:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6ad51757-1bbd-11de-9ebf-0013d4ae0502}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad51757-1bbd-11de-9ebf-0013d4ae0502}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ad51757-1bbd-11de-9ebf-0013d4ae0502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{902f8a7a-fc1a-11dc-9c35-0013d4ae0502}\Shell - "" = AutoRun
O33 - MountPoints2\{902f8a7a-fc1a-11dc-9c35-0013d4ae0502}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{902f8a7a-fc1a-11dc-9c35-0013d4ae0502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c9448b2c-acd8-11db-9930-0013d4ae0502}\Shell - "" = AutoRun
O33 - MountPoints2\{c9448b2c-acd8-11db-9930-0013d4ae0502}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9448b2c-acd8-11db-9930-0013d4ae0502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/27 22:34:40 | 00,024,229 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CAalert.png
[2009/07/27 22:31:50 | 00,003,412 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\kapersky scan report.html
[2009/07/27 17:53:49 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/27 17:53:49 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/27 17:53:49 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/27 17:53:49 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/27 17:53:49 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/26 20:10:14 | 00,081,460 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\o ok.png
[2009/07/26 01:49:56 | 12,496,870 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\finish this.psd
[2009/07/25 14:31:45 | 16,254,360 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\jre-6u14-windows-i586.exe
[2009/07/25 00:35:53 | 00,004,623 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Girugamesh.PNG
[2009/07/25 00:21:27 | 02,182,999 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\makesmesmile.mp3
[2009/07/24 16:06:05 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/07/24 12:17:54 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.exe
[2009/07/23 17:17:13 | 00,492,146 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\faux stone pendants.jpg
[2009/07/23 14:58:08 | 00,910,735 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\0hyena.png
[2009/07/22 00:08:47 | 02,539,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246462506.renardv_nerevar.mp3
[2009/07/22 00:06:21 | 03,058,206 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246388210.renardv_01_snakes_and_ladders.mp3
[2009/07/21 10:21:59 | 00,101,983 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Image1.pspimage
[2009/07/19 18:00:35 | 01,703,810 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\suzanne vega - tom's diner.MP3
[2009/07/19 17:44:49 | 00,879,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1248031148.takshadowing_doorsign1.png
[2009/07/15 11:42:49 | 11,646,816 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spring Blossoms.mp3
[2009/07/14 23:34:20 | 01,257,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Cooking by the Book A Lil Bigger Mix by Mastgrr.mp3
[2009/07/14 22:18:14 | 04,177,724 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\01-jace_everett-bad_things.mp3
[2009/07/12 00:36:19 | 03,765,093 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what 2.pspimage
[2009/07/11 23:15:38 | 00,141,245 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\stage06_070713e-l.jpg
[2009/07/09 18:10:13 | 00,745,794 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what.pspimage
[2009/07/02 03:25:18 | 02,226,955 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246230029.aureametaphus_mmx_zelda.mp3
[2009/07/02 03:25:07 | 01,735,053 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246234024.renardv_vidja.mp3
[2009/07/02 02:15:21 | 07,253,536 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\2 many dj's - Soulwax - Michael Jackson vs Rick Astley.mp3
[2009/07/01 18:25:08 | 01,024,172 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Crispi's Cuts Bus Card.odt
[2009/02/19 00:58:00 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/02/19 00:58:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/02/19 00:58:00 | 00,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/09/05 13:16:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/09 16:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/23 14:12:53 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2007/12/14 00:42:18 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/10 13:55:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/10 13:55:40 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/06 13:47:46 | 00,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2007/04/06 13:45:25 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2007/04/06 13:45:16 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\guidgen.dll
[2007/04/06 13:41:34 | 00,000,063 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2007/03/26 22:38:22 | 00,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2006/09/22 23:58:10 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/09/11 09:34:54 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/24 21:33:53 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/05/25 15:32:53 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/04/27 19:35:56 | 00,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2006/04/27 19:35:56 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2006/01/12 00:16:33 | 00,747,008 | ---- | C] () -- C:\WINDOWS\System32\CBJINST.DLL
[2006/01/12 00:16:33 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\CJPREF.INI
[2006/01/11 12:59:04 | 00,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/01/10 12:01:02 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/06 23:57:39 | 00,023,243 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/16 20:56:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/16 20:31:59 | 00,012,962 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/16 20:31:53 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/16 20:29:56 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/16 20:26:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 20:22:41 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/16 20:22:40 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/16 20:22:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/16 20:22:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/16 20:22:40 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/16 20:22:40 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/16 20:16:24 | 00,000,225 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/16 20:12:20 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/16 20:10:08 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/16 20:10:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/16 20:10:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/16 20:10:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/16 20:09:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/08/16 19:56:09 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/16 19:52:25 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/08/16 19:52:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/08/16 19:52:05 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/07 09:07:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/09 19:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/17 00:32:38 | 00,000,579 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/16 16:21:56 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/07/26 18:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files]
[2009/07/27 22:34:40 | 00,024,229 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CAalert.png
[2009/07/27 22:31:50 | 00,003,412 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\kapersky scan report.html
[2009/07/27 17:53:34 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/27 17:53:34 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/27 17:53:34 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/27 17:53:34 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/27 17:53:34 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/27 17:51:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/27 17:50:39 | 00,016,158 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/07/27 17:50:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/27 17:50:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/27 17:50:04 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/27 17:49:10 | 00,134,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/07/27 17:49:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/07/26 20:10:14 | 00,081,460 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\o ok.png
[2009/07/26 01:49:59 | 12,496,870 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\finish this.psd
[2009/07/25 14:31:58 | 16,254,360 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\jre-6u14-windows-i586.exe
[2009/07/25 00:35:54 | 00,004,623 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Girugamesh.PNG
[2009/07/25 00:22:20 | 02,182,999 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\makesmesmile.mp3
[2009/07/24 16:06:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/07/23 17:17:13 | 00,492,146 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\faux stone pendants.jpg
[2009/07/23 14:58:09 | 00,910,735 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\0hyena.png
[2009/07/22 00:08:48 | 02,539,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246462506.renardv_nerevar.mp3
[2009/07/22 00:06:24 | 03,058,206 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246388210.renardv_01_snakes_and_ladders.mp3
[2009/07/21 10:22:00 | 00,101,983 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Image1.pspimage
[2009/07/19 20:22:24 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Compaq_Administrator at 8 22 PM.job
[2009/07/19 18:01:25 | 01,703,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\suzanne vega - tom's diner.MP3
[2009/07/19 17:44:53 | 00,879,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1248031148.takshadowing_doorsign1.png
[2009/07/16 10:51:26 | 01,024,172 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Crispi's Cuts Bus Card.odt
[2009/07/15 11:43:04 | 11,646,816 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spring Blossoms.mp3
[2009/07/14 23:35:38 | 01,257,671 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Cooking by the Book A Lil Bigger Mix by Mastgrr.mp3
[2009/07/14 22:20:00 | 04,177,724 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\01-jace_everett-bad_things.mp3
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 01:20:36 | 03,765,093 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what 2.pspimage
[2009/07/11 23:15:51 | 00,141,245 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\stage06_070713e-l.jpg
[2009/07/09 18:10:13 | 00,745,794 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\what.pspimage
[2009/07/05 22:44:52 | 00,074,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 03:25:18 | 02,226,955 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246230029.aureametaphus_mmx_zelda.mp3
[2009/07/02 03:25:07 | 01,735,053 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\1246234024.renardv_vidja.mp3
[2009/07/02 02:15:26 | 07,253,536 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\2 many dj's - Soulwax - Michael Jackson vs Rick Astley.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Weeeek.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Weeeek Ringtone.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Voice Meme.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Sun is Shining (Funkstar De Luxe Mix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Storm World.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\StargateAtlantisChorus2.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Stargate Atlantis Chorus.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Sha Na Na (Japanese Wine)- English Ver..mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Running in the Future.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\One Missed Call.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Never Go To Work.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\My Lovin' (You're Never Gonna Get It).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Losing Horn.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Losing Horn (High Quality).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Live Your Life.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Kumikyoku Nico Nico Douga (15 Users Ver.).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Knock Em Out.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Jurassic - Aledon's Theme.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\Green Light.mp3:Roxio EMC Stream
< End of report >


I ran the OTL scan thrice. No extras file it appearing this time.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 29 July 2009 - 11:33 AM

Hello.

How is your computer running now? Any more problems?

Log looks fine. Just a temporary file that was infected. ATFCleaner should take care of it. It's good that your AV detected it ang quarantined it though.

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
---



Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :thumbup2:

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 31 July 2009 - 09:08 AM

I haven't finished following the steps you gave me yet, but as soon as I ran ATF, web pages that I frequently visit stopped displaying correctly. One or more hard refreshes seem to solve the problem. Is this to be expected, and will I just have to do this for all of the sites that I visit regularly?

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 31 July 2009 - 01:00 PM

Hello.

I think that's probably due to some of the caches, it should be fine now. If it isn't, let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 02 August 2009 - 09:06 AM

Hello.

As this issues appears to be resolved, this topic is now closed. If you need this topic re-opened please send me a message.

Everyone else, please begin a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 02 August 2009 - 09:06 AM

Hello.

As this issues appears to be resolved, this topic is now closed. If you need this topic re-opened please send me a message.

Everyone else, please begin a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users