Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

norton 2008 unable to scan any drives after BSOD


  • This topic is locked This topic is locked
15 replies to this topic

#1 gigsaw

gigsaw

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 22 July 2009 - 12:00 PM

hi guys...i was directed here because i have a problem with norton 2008 unable to scan any of my drives after i got this blue screen (windows xp sp 3)...it always says 0 files scanned and no threats detected even though i know there is still a problem...and i believe its a virus...i already used stinger and still found no virus...i recently used hijack but i dont know how to analyze the log...so ill just post it here...i got no idea on this and if anyone has an idea how can i fix this problem pls help smile.gif

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:51 AM, on 7/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Documents and Settings\Guian\Guian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {D2AA5797-876C-4E28-BAC9-731E9418AFCB} - c:\windows\system32\gynprvh.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKCU\..\Run: [Guian] C:\Documents and Settings\Guian\Guian.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: xwcntoce - gynprvh.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1c9f670c6d992cc) (gupdate1c9f670c6d992cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10433 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 01 August 2009 - 07:49 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 August 2009 - 08:36 AM

sori for the delay because i wasn't able to check with this forum for over a week now... i'm really grateful to you for helping me out...anyway i did what yout told me and these are the logs:

Malwarebytes' Anti-Malware 1.39
Database version: 2549
Windows 5.1.2600 Service Pack 3

8/3/2009 9:30:58 PM
mbam-log-2009-08-03 (21-30-58).txt

Scan type: Full Scan (C:\|E:\|F:\|M:\|)
Objects scanned: 193502
Time elapsed: 33 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2aa5797-876c-4e28-bac9-731e9418afcb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xwcntoce (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2aa5797-876c-4e28-bac9-731e9418afcb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\gynprvh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\documents and settings\Guian\nrjjdv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{40bbc6a8-0587-41ca-aad3-9b43ae8c736f}\RP131\A0076713.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{40bbc6a8-0587-41ca-aad3-9b43ae8c736f}\RP190\A0098487.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vsfocenxepbvrd.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.




Logfile of random's system information tool 1.06 (written by random/random)
Run by Guian at 2009-08-03 21:32:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 1918 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:46 PM, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IM Magician\Vicamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Documents and Settings\Guian\Guian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe



info.txt logfile of random's system information tool 1.06 2009-08-03 21:32:48

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
3D Windows XP Screen Saver-->rundll32.exe setupapi.dll,InstallHinfSection UninstallInstall 132 C:\WINDOWS\system32\3D Windows XP.inf
ACID Pro 7.0-->MsiExec.exe /X{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}
Active Desktop Calendar 7.58-->"C:\Program Files\XemiComputers\Active Desktop Calendar\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Analogue Vista Clock 1.10-->C:\Program Files\Analogue Vista Clock\Uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
AVI Codec Pack Lite-->C:\Program Files\AVI Codec Pack\uninstall.exe
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Cheetah DVD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Components Setup-->C:\Program Files\InstallShield Installation Information\{31187E06-E131-4709-9285-7D105D77AA89}\setup.exe -runfromtemp -l0x0009
ConvertXtoDVD 3.5.1.135-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fax Machine 4.31-->"C:\Program Files\Fax Machine\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.37\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life-->C:\SIERRA\HALF-L~1\UNWISE.EXE C:\SIERRA\HALF-L~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet D2500 Printer Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}\setup\hpzscr01.exe -datfile hphscr25.dat -onestop
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 11.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
IM Magician-->C:\Program Files\InstallShield Installation Information\{2969CB97-DF91-4752-BE47-8A73AE810E6C}\setup.exe -runfromtemp -l0x0009 -removeonly
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 to MP3 Converter-->C:\Program Files\MP4Converter\MP4 to MP3 Converter 3\Uninstall.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OpenVPN 2.0.9-->C:\Program Files\OpenVPN\Uninstall.exe
Philips SA19XX Device Manager-->"C:\Program Files\InstallShield Installation Information\{57B18739-7A22-44D7-A263-6E2A2180D3BC}\setup.exe" -runfromtemp -l0x0009 -removeonly
POD-Bot 2.5-->C:\WINDOWS\unvise32.exe C:\Sierra\Half-Life\cstrike\poduninst.log
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Real Alternative 1.7.5 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Steinberg Cubase LE 4-->MsiExec.exe /I{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}
Syncrosoft License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VP-EYE-->C:\Program Files\InstallShield Installation Information\{BA524348-59A6-437A-A4FB-25080BDEFCD6}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Essentials Media Codec Pack 1.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: Norton AntiVirus
FW: Norton AntiVirus

======System event log======

Computer Name: GUIAN-4193F2498
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 32228
Source Name: Service Control Manager
Time Written: 20090713062855.000000+480
Event Type: error
User:

Computer Name: GUIAN-4193F2498
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32221
Source Name: Tcpip
Time Written: 20090712234701.000000+480
Event Type: warning
User:

Computer Name: GUIAN-4193F2498
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 32220
Source Name: W32Time
Time Written: 20090712231525.000000+480
Event Type: warning
User:

Computer Name: GUIAN-4193F2498
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 32176
Source Name: Service Control Manager
Time Written: 20090712093734.000000+480
Event Type: error
User:

Computer Name: GUIAN-4193F2498
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 32150
Source Name: Service Control Manager
Time Written: 20090712093452.000000+480
Event Type: error
User:

=====Application event log=====

Computer Name: GUIAN-4193F2498
Event Code: 1517
Message: Windows saved user GUIAN-4193F2498\Guian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 17812
Source Name: Userenv
Time Written: 20090704013755.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GUIAN-4193F2498
Event Code: 1517
Message: Windows saved user GUIAN-4193F2498\Guian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 17527
Source Name: Userenv
Time Written: 20090629225607.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GUIAN-4193F2498
Event Code: 1000
Message: Faulting application hpqsrmon.exe, version 11.0.0.142, faulting module hpqsrmon.exe, version 11.0.0.142, fault address 0x000033c5.

Record Number: 17344
Source Name: Application Error
Time Written: 20090626184337.000000+480
Event Type: error
User:

Computer Name: GUIAN-4193F2498
Event Code: 11706
Message: Product: Pcsx2 0.9.6 -- Error 1706. An installation package for the product Pcsx2 0.9.6 cannot be found. Try the installation again using a valid copy of the installation package 'PCSX2_0.9.6_setup.msi'.

Record Number: 17296
Source Name: MsiInstaller
Time Written: 20090626155638.000000+480
Event Type: error
User: GUIAN-4193F2498\Guian

Computer Name: GUIAN-4193F2498
Event Code: 1000
Message: Faulting application hpqsrmon.exe, version 11.0.0.142, faulting module hpqsrmon.exe, version 11.0.0.142, fault address 0x000033c5.

Record Number: 17295
Source Name: Application Error
Time Written: 20090626155352.000000+480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 03 August 2009 - 08:48 AM

Hi,

You have not posted the full log.txt please repost that log.

Edited by syler, 03 August 2009 - 08:48 AM.

unite.jpg


#5 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 August 2009 - 10:40 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Guian at 2009-08-03 23:39:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 1918 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:40 PM, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IM Magician\Vicamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Guian\Guian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Documents and Settings\Guian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Guian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMMON] "C:\Program Files\IM Magician\Vicamon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKCU\..\Run: [Guian] C:\Documents and Settings\Guian\Guian.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1c9f670c6d992cc) (gupdate1c9f670c6d992cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10917 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Guian.job
C:\WINDOWS\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-16 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-28 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-17 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-28 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-16 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-26 49152]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-08-25 714608]
"PhilipsDM\SA1916"=C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe [2008-05-20 1512960]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-09 303104]
"Fax Machine"= []
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"IMMON"=C:\Program Files\IM Magician\Vicamon.exe [2008-09-18 143360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-06 4347120]
"LClock"=C:\Program Files\LClock\LClock.exe []
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe []
"ViStart"=C:\Program Files\ViStart\ViStart.exe []
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe []
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe []
"WinFlip"=C:\Program Files\WinFlip\WinFlip.exe []
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2008-08-13 3780608]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Window Hide Tool"=C:\Program Files\Window Hide Tool\Window Hide Tool.exe []
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe []
"Analogue Vista Clock"=C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe [2009-05-08 309728]
"Guian"=C:\Documents and Settings\Guian\Guian.exe [2009-07-21 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Guian\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-13 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NofolderOptions"=0
"NoViewContextMenu"=0
"NoRun"=0
"NoFind"=0
"NoDesktop"=0
"HideClock"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Guian\Desktop\Games\SIERRA\Half-Life\hl -console.exe"="C:\Documents and Settings\Guian\Desktop\Games\SIERRA\Half-Life\hl -console.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Guian\Desktop\Games\Garena\Garena.exe"="C:\Documents and Settings\Guian\Desktop\Games\Garena\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\Guian\Desktop\utorrent.exe"="C:\Documents and Settings\Guian\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\PLDTPlay\ServerScout\ServerScout.exe"="C:\Program Files\PLDTPlay\ServerScout\ServerScout.exe:*:Enabled:ServerScout"
"C:\Documents and Settings\Guian\My Documents\Torrents\utorrent.exe"="C:\Documents and Settings\Guian\My Documents\Torrents\utorrent.exe:*:Enabled:µTorrent"
"C:\SIERRA\Half-Life\hl.exe"="C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"G:\LimeWire\LimeWire.exe"="G:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe"="C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe:*:Disabled:Command & Conquer™ Red Alert™ 3"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{badd2ded-ae66-11dd-84b8-002197915c25}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 10628851.exE


======List of files/folders created in the last 1 months======

2009-08-03 21:32:39 ----D---- C:\rsit
2009-08-03 20:43:14 ----D---- C:\Documents and Settings\Guian\Application Data\Malwarebytes
2009-08-03 20:43:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 20:43:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-25 20:05:21 ----N---- C:\WINDOWS\WebEye.ini
2009-07-25 20:04:53 ----N---- C:\WINDOWS\VidCap32.exe
2009-07-25 20:04:53 ----N---- C:\WINDOWS\AMCAP.EXE
2009-07-25 20:02:48 ----N---- C:\WINDOWS\JAPI2.DLL
2009-07-25 20:02:03 ----N---- C:\WINDOWS\MMVEM.EXE
2009-07-25 20:01:14 ----N---- C:\WINDOWS\JAPI.DLL
2009-07-25 20:01:02 ----D---- C:\Program Files\MMEDIA
2009-07-25 20:00:02 ----D---- C:\Documents and Settings\Guian\Application Data\Vimisoft Studio
2009-07-25 20:00:00 ----N---- C:\WINDOWS\system32\wmv8dmod.dll
2009-07-25 19:59:59 ----N---- C:\WINDOWS\system32\mpg4c32.dll
2009-07-25 19:59:56 ----N---- C:\WINDOWS\system32\vgf.dll
2009-07-25 19:59:56 ----N---- C:\WINDOWS\system32\newlistview2.dll
2009-07-25 19:59:55 ----D---- C:\Program Files\Common Files\Vimisoft Studio
2009-07-25 19:59:06 ----D---- C:\Program Files\Vimicro Corporation
2009-07-25 19:58:52 ----D---- C:\Program Files\IM Magician
2009-07-25 19:58:21 ----D---- C:\Documents and Settings\Guian\Application Data\InstallShield
2009-07-25 19:55:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-07-22 01:41:33 ----D---- C:\Documents and Settings\Guian\Application Data\VST3 Presets
2009-07-22 00:41:39 ----D---- C:\Program Files\Trend Micro
2009-07-21 10:08:17 ----D---- C:\WINDOWS\Minidump
2009-07-21 09:59:48 ----N---- C:\WINDOWS\system32\vsfocetitwjxtm.dll
2009-07-20 22:51:19 ----D---- C:\Program Files\MP4Converter
2009-07-13 16:52:13 ----D---- C:\Program Files\Analogue Vista Clock
2009-07-12 20:06:47 ----D---- C:\Documents and Settings\Guian\Application Data\Apple Computer
2009-07-12 20:05:31 ----D---- C:\Program Files\QuickTime
2009-07-12 20:05:30 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-12 20:05:18 ----D---- C:\Program Files\Apple Software Update
2009-07-12 20:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-12 13:53:23 ----D---- C:\Program Files\Stardock
2009-07-12 13:53:23 ----D---- C:\Program Files\Common Files\Stardock
2009-07-12 13:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap Games

======List of files/folders modified in the last 1 months======

2009-08-03 21:55:48 ----D---- C:\WINDOWS\Temp
2009-08-03 21:41:55 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 21:40:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-03 21:39:24 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 21:39:24 ----D---- C:\WINDOWS\system32
2009-08-03 21:38:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 20:43:08 ----RD---- C:\Program Files
2009-08-03 19:46:36 ----D---- C:\WINDOWS\Prefetch
2009-08-03 00:00:11 ----A---- C:\WINDOWS\win.ini
2009-08-02 09:55:01 ----D---- C:\Documents and Settings\Guian\Application Data\LimeWire
2009-07-28 21:30:06 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-28 21:04:40 ----D---- C:\WINDOWS\Registration
2009-07-28 20:53:15 ----D---- C:\Documents and Settings
2009-07-28 02:09:55 ----ASH---- C:\boot.ini
2009-07-28 00:03:13 ----D---- C:\Program Files\Winferno
2009-07-27 23:16:24 ----SD---- C:\WINDOWS\Tasks
2009-07-27 23:15:49 ----D---- C:\Program Files\Common Files
2009-07-27 23:11:24 ----D---- C:\Documents and Settings\Guian\Application Data\HPAppData
2009-07-27 21:34:25 ----SHD---- C:\System Volume Information
2009-07-27 12:36:25 ----D---- C:\WINDOWS
2009-07-27 12:22:36 ----N---- C:\WINDOWS\imsins.BAK
2009-07-25 20:32:13 ----HD---- C:\WINDOWS\inf
2009-07-25 20:07:18 ----SHD---- C:\WINDOWS\Installer
2009-07-25 20:01:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-25 20:01:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-25 20:00:02 ----HD---- C:\Config.Msi
2009-07-25 19:59:10 ----D---- C:\WINDOWS\WinSxS
2009-07-25 19:59:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-25 19:55:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-21 23:45:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-20 23:29:12 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-20 23:28:28 ----D---- C:\Program Files\LimeWire
2009-07-20 22:55:58 ----D---- C:\temp
2009-07-15 16:24:11 ----SD---- C:\Documents and Settings\Guian\Application Data\Microsoft
2009-07-13 17:54:56 ----D---- C:\Documents and Settings\Guian\Application Data\uTorrent
2009-07-12 20:05:52 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-14 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090802.007\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090802.007\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-21 47360]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090730.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Guian\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-25 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-25 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-25 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\ShadowRO\npkcrypt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-13 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-13 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-24 243064]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9f670c6d992cc;Google Update Service (gupdate1c9f670c6d992cc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
S2 lkgiskih;USB Mass Storage Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-24 3192184]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-17 2771933]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-17 1251720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 03 August 2009 - 11:03 AM

Hi gigsaw,

Can you tell me what problems you are currently having?

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire and uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file one by one and click Submit.

C:\Documents and Settings\Guian\Guian.exe
C:\WINDOWS\system32\vsfocetitwjxtm.dll

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then post back with the jotti results and mer log.

Thanks

Edited by syler, 03 August 2009 - 11:05 AM.

unite.jpg


#7 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 August 2009 - 06:56 PM

actually i'm not having any problems lately...but i'm afraid i might lose my files if one of these viruses corrupts my system...OMG how the hell did i get this viruses... T_T

Guian.exe

[ArcaVir]
2009-08-03 Found nothing
[G DATA]
2009-08-03 Trojan.Agent.VB.BDS
[A-Squared]
2009-08-03 Virus.Win32.VB!IK
[Ikarus]
2009-08-03 Virus.Win32.VB
[Avast! antivirus]
2009-08-03 Win32:AutoRun-AYY
[Kaspersky Anti-Virus]
2009-08-03 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-03 Found nothing
[ESET NOD32]
2009-08-03 Win32/AutoRun.VB.ET worm
[Avira AntiVir]
2009-08-03 TR/Crypt.XPACK.Gen
[Norman Virus Control]
2009-08-03 Found nothing
[Softwin BitDefender]
2009-08-03 Trojan.Agent.VB.BDS
[Panda Antivirus]
2009-08-03 Found nothing
[ClamAV]
2009-08-03 Found nothing
[Quick Heal]
2009-08-03 Found nothing
[CPsecure]
2009-08-03 Found nothing
[Sophos]
2009-08-03 Found nothing
[Dr.Web]
2009-08-03 Win32.HLLW.Autoruner.7155
[VirusBlokAda VBA32]
2009-08-02 Found nothing
[Frisk F-Prot Antivirus]
2009-08-02 Found nothing
[VirusBuster]
2009-08-03 Found nothing
[F-Secure Anti-Virus]
2009-08-03 Found nothing


vsfocetitwjxtm.dll
[ArcaVir]
2009-08-03 Found nothing
[G DATA]
2009-08-03 Win32:Alureon-CE
[A-Squared]
2009-08-03 Found nothing
[Ikarus]
2009-08-03 Found nothing
[Avast! antivirus]
2009-08-03 Win32:Alureon-CE
[Kaspersky Anti-Virus]
2009-08-03 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-03 Win32/Cryptor
[ESET NOD32]
2009-08-03 Found nothing
[Avira AntiVir]
2009-08-03 TR/Crypt.ZPACK.Gen
[Norman Virus Control]
2009-08-03 Found nothing
[Softwin BitDefender]
2009-08-03 Trojan.CryptRedol.Gen.2
[Panda Antivirus]
2009-08-03 Found nothing
[ClamAV]
2009-08-03 Found nothing
[Quick Heal]
2009-08-03 Found nothing
[CPsecure]
2009-08-03 Found nothing
[Sophos]
2009-08-03 Found nothing
[Dr.Web]
2009-08-03 Found nothing
[VirusBlokAda VBA32]
2009-08-02 Found nothing
[Frisk F-Prot Antivirus]
2009-08-02 Found nothing
[VirusBuster]
2009-08-03 Rootkit.Alureon.Gen!Pac.3
[F-Secure Anti-Virus]
2009-08-03 Found nothing


GMER 1.0.15.15011 [dnw73yq7.exe] - http://www.gmer.net
Rootkit scan 2009-08-04 07:56:14
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A220AE0 ZwAlertResumeThread
SSDT 8A3909F8 ZwAlertThread
SSDT 89B51700 ZwAllocateVirtualMemory
SSDT 8A2688E0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB70A7020]
SSDT 89B79700 ZwCreateMutant
SSDT 89B446F0 ZwCreateThread
SSDT 8A368A08 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB70A72A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB70A7800]
SSDT 89B5E700 ZwFreeVirtualMemory
SSDT 8A227F30 ZwImpersonateAnonymousToken
SSDT 8A222240 ZwImpersonateThread
SSDT 89B5B6F0 ZwMapViewOfSection
SSDT 8A27F2C0 ZwOpenEvent
SSDT 8A283ED8 ZwOpenProcessToken
SSDT 8A271590 ZwOpenSection
SSDT 89B68700 ZwOpenThreadToken
SSDT 8A366B88 ZwResumeThread
SSDT 8A1FA9A0 ZwSetContextThread
SSDT 89B56700 ZwSetInformationProcess
SSDT 89B63700 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB70A7A50]
SSDT 8A27FAD0 ZwSuspendProcess
SSDT 8A378248 ZwSuspendThread
SSDT 8A364F28 ZwTerminateProcess
SSDT 8A45EE30 ZwTerminateThread
SSDT 8A22D478 ZwUnmapViewOfSection
SSDT 89B4E700 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? nngd.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61138F3A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61138F3A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A1CE] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139723] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139723] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138E7D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138E01] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138E3F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61138F3A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A1CE] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61138F78] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138E3F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139723] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138E7D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139723] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61138F40] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138E01] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2480] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139B0C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 04 August 2009 - 01:47 PM

Hi gigsaw,

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Guian"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{badd2ded-ae66-11dd-84b8-002197915c25}]
    :Files
    C:\Documents and Settings\Guian\Guian.exe
    C:\WINDOWS\system32\vsfocetitwjxtm.dll
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following:
  • OTM results
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#9 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 04 August 2009 - 11:22 PM

hello....so i decided to clean my computer instead of a reformat since i cant afford right now to lose my files and settings...so here are the logs:

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Guian not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{badd2ded-ae66-11dd-84b8-002197915c25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{badd2ded-ae66-11dd-84b8-002197915c25}\ not found.
========== FILES ==========
File/Folder C:\Documents and Settings\Guian\Guian.exe not found.
File/Folder C:\WINDOWS\system32\vsfocetitwjxtm.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guian
->Temp folder emptied: 600638 bytes
->Temporary Internet Files folder emptied: 7791886 bytes
->Java cache emptied: 64327145 bytes
->FireFox cache emptied: 50943648 bytes
->Google Chrome cache emptied: 24567628 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 416273 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 482153 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 4804088 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\JET8E36.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 8554119 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 154.96 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08052009_115224

Files moved on Reboot...
File C:\WINDOWS\temp\JET8E36.tmp not found!

Registry entries deleted on Reboot...



OTL logfile created on: 8/5/2009 12:20:21 PM - Run 2
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Guian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 62.69% Memory free
3.72 Gb Paging File | 3.18 Gb Available in Paging File | 85.55% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 104.82 Gb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive D: | 647.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 228.97 Gb Total Space | 129.13 Gb Free Space | 56.39% Space Free | Partition Type: NTFS
Drive F: | 228.97 Gb Total Space | 228.90 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive G: | 3.79 Gb Total Space | 0.55 Gb Free Space | 14.62% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 7.81 Gb Total Space | 3.49 Gb Free Space | 44.69% Space Free | Partition Type: NTFS

Computer Name: GUIAN-4193F2498
Current User Name: Guian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 16:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/27 04:17:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/03/26 00:57:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/07/05 16:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/05/20 16:43:52 | 01,512,960 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/09/18 15:41:52 | 00,143,360 | ---- | M] (Vimisoft Studio) -- C:\Program Files\IM Magician\Vicamon.exe
PRC - [2008/08/13 15:33:30 | 03,780,608 | ---- | M] (XemiComputers ltd.) -- C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
PRC - [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/05/08 01:27:02 | 00,309,728 | ---- | M] () -- C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/04/30 19:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/08/24 04:35:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/12 13:40:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/04/14 16:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/08/05 12:00:57 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTL.exe
PRC - [2009/05/21 11:34:40 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/06 01:29:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/14 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/08/24 04:35:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/06/26 23:14:02 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f670c6d992cc [Auto | Stopped])
SRV - [2008/04/14 16:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/24 04:35:22 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2006/10/27 04:17:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/17 01:26:00 | 02,771,933 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2006/10/31 14:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2006/10/26 23:19:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:33:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/12/17 20:33:34 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2009/02/25 17:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/09/17 15:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/02/25 17:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/14 16:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/01/25 05:29:57 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008/01/25 05:29:58 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008/01/25 05:29:59 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007/07/10 09:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/07/13 16:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090804.032\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/13 16:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090804.032\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2005/02/02 04:55:40 | 00,021,442 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\ShadowRO\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])
DRV - [2006/10/31 14:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/06/28 17:38:56 | 00,105,088 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/11/27 16:33:50 | 00,058,368 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/11/27 16:33:54 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009/03/21 19:59:41 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2008/04/14 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/07 00:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/11/02 16:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/04/14 16:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/05/02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007/05/02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2009/06/14 21:49:54 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2009/02/19 11:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/10 07:31:25 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/10 06:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090730.002\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/11/23 18:20:06 | 00,018,432 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped])
DRV - [2006/10/01 14:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys -- (tap0801 [On_Demand | Running])
DRV - [2008/04/14 04:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.244
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/09 22:08:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 21:32:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/16 17:51:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/12 20:05:52 | 00,000,000 | ---D | M]

[2009/07/20 23:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Extensions
[2008/11/09 21:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/20 23:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/05 09:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions
[2009/02/07 00:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/06 23:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2009/05/21 21:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/03 22:00:30 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\Mozilla\FireFox\Profiles\ru4rwjc6.default\searchplugins\amazondotcom.xml
[2009/07/03 22:00:30 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\Mozilla\FireFox\Profiles\ru4rwjc6.default\searchplugins\ebay.xml
[2009/07/06 23:18:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\Mozilla\FireFox\Profiles\ru4rwjc6.default\searchplugins\search-the-web.xml
[2009/07/18 20:24:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 13:40:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 21:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/27 14:00:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 00:36:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/12 13:39:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 13:39:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 05:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 02:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 06:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/06/12 13:40:01 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/12/21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/12/21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 05:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/12 13:40:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/12 13:40:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/12 13:40:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/12 13:40:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/12 13:40:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Fax Machine] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMMON] C:\Program Files\IM Magician\Vicamon.exe (Vimisoft Studio)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - HKCU..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe ()
O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\LClock.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKCU..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe File not found
O4 - HKCU..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe File not found
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe File not found
O4 - HKCU..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe File not found
O4 - HKCU..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe File not found
O4 - HKCU..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Guian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Guian\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Guian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.137 58.69.254.136 58.69.254.69
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/09 20:16:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 11:57:11 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 16:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/08/05 11:57:11 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 11:57:11 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/30 16:49:20 | 00,000,126 | RHS- | M] () - G:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/08/05 11:57:12 | 00,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 90 Days ==========

[2009/08/05 12:00:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTL.exe
[2009/08/05 11:57:11 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/08/05 11:50:57 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Flash_Disinfector.exe
[2009/08/05 11:41:36 | 00,000,085 | ---- | C] () -- C:\WINDOWS\System32\vsfocelog.dat
[2009/08/05 11:41:35 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/05 11:40:28 | 00,407,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTM.exe
[2009/08/05 11:40:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/05 11:39:08 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 11:38:49 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\NTREGOPT.lnk
[2009/08/05 11:38:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\ERUNT.lnk
[2009/08/05 11:38:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/05 11:37:32 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Guian\Desktop\erunt-setup.exe
[2009/08/04 00:21:23 | 00,287,232 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\dnw73yq7.exe
[2009/08/03 23:08:13 | 00,011,272 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Guian Marcnil F.docx
[2009/08/03 21:32:39 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/03 21:31:53 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\RSIT.exe
[2009/08/03 20:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Malwarebytes
[2009/08/03 20:43:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 20:43:09 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 20:43:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 20:43:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/03 20:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/03 20:41:54 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guian\Desktop\mbam-setup.exe
[2009/08/02 21:23:05 | 00,000,000 | ---D | C] -- E:\My Documents\ENERCOLA
[2009/08/02 19:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Desktop\IMPORTANT
[2009/07/31 17:12:20 | 00,012,614 | ---- | C] () -- E:\My Documents\Jhudette Anne F. man without limbs, VE proj.docx
[2009/07/29 00:39:45 | 00,086,528 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Activity Report for Eng Cup Chess.doc
[2009/07/28 22:39:04 | 00,848,384 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\TechExhibit09 PRE-ACT.doc
[2009/07/28 22:30:07 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/28 22:04:46 | 01,022,464 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\RESURGENCE Major MOA(edge).doc
[2009/07/28 20:53:12 | 00,000,000 | ---D | C] -- E:\My Documents\ACID Pro 7.0 Projects
[2009/07/28 20:53:11 | 00,000,000 | ---D | C] -- E:\My Documents\Cocirfu
[2009/07/28 20:53:11 | 00,000,000 | ---D | C] -- E:\My Documents\Backup
[2009/07/28 20:53:11 | 00,000,000 | ---D | C] -- E:\My Documents\ADVELIN
[2009/07/28 20:51:50 | 00,000,000 | ---D | C] -- E:\My Documents\ConvertXtoDVD
[2009/07/28 20:51:38 | 00,000,000 | ---D | C] -- E:\My Documents\Daddy
[2009/07/28 20:51:38 | 00,000,000 | ---D | C] -- E:\My Documents\Cubase Projects
[2009/07/28 20:51:37 | 00,000,000 | ---D | C] -- E:\My Documents\Desktop Themes
[2009/07/28 20:51:36 | 00,000,000 | ---D | C] -- E:\My Documents\DIGICOLA
[2009/07/28 20:51:12 | 00,000,000 | ---D | C] -- E:\My Documents\Documents
[2009/07/28 20:44:30 | 00,000,000 | ---D | C] -- E:\My Documents\Downloads
[2009/07/28 20:44:28 | 00,000,000 | ---D | C] -- E:\My Documents\ECA-Documentations
[2009/07/28 20:44:27 | 00,000,000 | ---D | C] -- E:\My Documents\ECES - External Affairs RESURGENCE(2)
[2009/07/28 20:44:27 | 00,000,000 | ---D | C] -- E:\My Documents\ECES - External Affairs RESURGENCE
[2009/07/28 20:44:23 | 00,000,000 | ---D | C] -- E:\My Documents\ECES Uplink
[2009/07/28 20:44:23 | 00,000,000 | ---D | C] -- E:\My Documents\ECES External Affairs
[2009/07/28 20:44:22 | 00,000,000 | ---D | C] -- E:\My Documents\Frosh cup pre acts
[2009/07/28 20:44:22 | 00,000,000 | ---D | C] -- E:\My Documents\for gigs
[2009/07/28 20:44:21 | 00,000,000 | ---D | C] -- E:\My Documents\INDELAB
[2009/07/28 20:44:13 | 00,000,000 | ---D | C] -- E:\My Documents\My Art
[2009/07/28 20:44:13 | 00,000,000 | ---D | C] -- E:\My Documents\LimeWire
[2009/07/28 20:42:51 | 00,000,000 | R--D | C] -- E:\My Documents\My Music
[2009/07/28 20:41:32 | 00,000,000 | R--D | C] -- E:\My Documents\My Pictures
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\PERSEF
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\PcSetup
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\OneNote Notebooks
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\OJOsoft Corporation
[2009/07/28 20:41:31 | 00,000,000 | ---D | C] -- E:\My Documents\Red Alert 3
[2009/07/28 20:40:02 | 00,000,000 | ---D | C] -- E:\My Documents\Sinag 2
[2009/07/28 20:39:53 | 00,000,000 | ---D | C] -- E:\My Documents\Symantec
[2009/07/28 20:39:53 | 00,000,000 | ---D | C] -- E:\My Documents\Stardock
[2009/07/28 20:39:53 | 00,000,000 | ---D | C] -- E:\My Documents\Sony
[2009/07/28 20:39:52 | 00,000,000 | ---D | C] -- E:\My Documents\Torrents
[2009/07/28 20:39:52 | 00,000,000 | ---D | C] -- E:\My Documents\Thesis
[2009/07/28 20:39:51 | 00,000,000 | ---D | C] -- E:\My Documents\TRANSLA
[2009/07/28 18:12:56 | 00,000,000 | R--D | C] -- E:\My Documents\My Videos
[2009/07/25 20:07:43 | 00,001,476 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IM Magician.lnk
[2009/07/25 20:05:21 | 00,000,392 | ---- | C] () -- C:\WINDOWS\WebEye.ini
[2009/07/25 20:04:53 | 00,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VidCap32.exe
[2009/07/25 20:04:53 | 00,035,600 | ---- | C] () -- C:\WINDOWS\AMCAP.EXE
[2009/07/25 20:04:53 | 00,020,992 | ---- | C] () -- C:\WINDOWS\MMVCB.AX
[2009/07/25 20:02:48 | 00,172,032 | ---- | C] () -- C:\WINDOWS\JAPI2.DLL
[2009/07/25 20:02:03 | 00,102,400 | ---- | C] (Meta Media Inc) -- C:\WINDOWS\MMVEM.EXE
[2009/07/25 20:01:14 | 00,106,496 | ---- | C] () -- C:\WINDOWS\JAPI.DLL
[2009/07/25 20:01:02 | 00,001,571 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VP-EYE 6.0.lnk
[2009/07/25 20:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\MMEDIA
[2009/07/25 20:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Vimisoft Studio
[2009/07/25 20:00:00 | 00,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2009/07/25 20:00:00 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2009/07/25 19:59:59 | 00,420,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4c32.dll
[2009/07/25 19:59:56 | 00,446,464 | ---- | C] (FotoFan) -- C:\WINDOWS\System32\newlistview2.dll
[2009/07/25 19:59:56 | 00,077,824 | ---- | C] (FotoFan Studio) -- C:\WINDOWS\System32\vgf.dll
[2009/07/25 19:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vimisoft Studio
[2009/07/25 19:59:10 | 00,015,086 | ---- | C] () -- C:\WINDOWS\uninstall.ico
[2009/07/25 19:59:10 | 00,008,990 | ---- | C] () -- C:\WINDOWS\Product.ico
[2009/07/25 19:59:06 | 00,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2009/07/25 19:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\IM Magician
[2009/07/25 19:58:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\InstallShield
[2009/07/25 19:55:28 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2009/07/25 19:55:28 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/07/25 19:55:27 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009/07/25 19:55:27 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/07/25 19:55:26 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/07/25 19:55:26 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/07/25 19:55:26 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009/07/25 19:55:26 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/07/25 19:55:25 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2009/07/25 19:55:25 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/07/25 19:55:24 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2009/07/25 19:55:24 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/07/25 19:55:23 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2009/07/25 19:55:23 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/07/25 19:55:22 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009/07/25 19:55:22 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/07/25 19:55:17 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/07/25 19:55:17 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/07/25 19:55:12 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/07/25 19:55:12 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2009/07/25 19:55:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/07/25 19:55:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/07/25 19:55:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/07/25 19:55:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/07/25 19:55:12 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/07/25 19:55:12 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/07/25 19:55:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/07/25 19:55:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/07/25 19:55:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/07/25 19:55:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2009/07/25 19:55:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/07/25 19:55:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/07/25 14:40:02 | 00,149,163 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\srp.zip
[2009/07/22 01:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\VST3 Presets
[2009/07/22 01:19:58 | 00,112,469 | ---- | C] () -- E:\My Documents\Explosion.mp3
[2009/07/22 01:19:19 | 00,292,707 | ---- | C] () -- E:\My Documents\Explosion.mp4
[2009/07/22 00:41:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\HijackThis.lnk
[2009/07/22 00:41:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/22 00:41:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- E:\My Documents\HJTInstall.exe
[2009/07/22 00:33:58 | 00,000,017 | ---- | C] () -- E:\My Documents\stinger1001624.opt
[2009/07/21 23:55:01 | 04,129,799 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Guian\Desktop\stinger1001624.exe
[2009/07/21 10:18:28 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfoceexexwpix.dat
[2009/07/21 10:08:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/21 09:59:49 | 00,008,626 | ---- | C] () -- C:\WINDOWS\System32\vsfocegkdoemtu.dat
[2009/07/21 00:01:47 | 00,539,285 | ---- | C] () -- E:\My Documents\scratch.mp3
[2009/07/21 00:00:12 | 01,323,614 | ---- | C] () -- E:\My Documents\scratch.mp4
[2009/07/20 23:36:43 | 05,574,954 | ---- | C] () -- E:\My Documents\Black Eyed Peas - Boom Boom Pow.mp3
[2009/07/20 23:28:27 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\LimeWire 5.1.4.lnk
[2009/07/20 22:53:25 | 08,873,429 | ---- | C] () -- E:\My Documents\F4 and BOF.mp3
[2009/07/20 22:53:22 | 00,107,328 | ---- | C] () -- E:\My Documents\EA SPORTS.mp3
[2009/07/20 22:51:19 | 00,000,000 | ---D | C] -- C:\Program Files\MP4Converter
[2009/07/20 22:37:18 | 28,868,171 | ---- | C] () -- E:\My Documents\F4 and BOF.mp4
[2009/07/20 22:36:51 | 00,342,241 | ---- | C] () -- E:\My Documents\EA SPORTS.mp4
[2009/07/19 22:07:02 | 00,122,880 | ---- | C] () -- E:\My Documents\Second Day Statistics(2).doc
[2009/07/19 22:03:11 | 00,122,880 | ---- | C] () -- E:\My Documents\Second Day Statistics.doc
[2009/07/19 18:11:00 | 00,012,104 | ---- | C] () -- E:\My Documents\WriteupGnW.docx
[2009/07/19 12:02:45 | 00,040,960 | ---- | C] () -- E:\My Documents\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/18 22:05:56 | 00,120,199 | ---- | C] () -- E:\My Documents\COE_10630635_Berango_3.jpg
[2009/07/18 21:49:42 | 00,335,422 | ---- | C] () -- E:\My Documents\COE_10630635_Berango_1.jpg
[2009/07/18 21:20:06 | 00,247,623 | ---- | C] () -- E:\My Documents\COE_10630635_Berango_2.jpg
[2009/07/18 20:19:58 | 00,012,403 | ---- | C] () -- E:\My Documents\Berango, Guian Marcnil.rtf
[2009/07/18 06:41:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Temp
[2009/07/14 00:09:32 | 00,651,507 | ---- | C] () -- E:\My Documents\PICT0034.JPG
[2009/07/14 00:09:30 | 00,411,976 | ---- | C] () -- E:\My Documents\PICT0033.JPG
[2009/07/13 18:59:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/07/13 18:00:46 | 00,001,415 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Photoshop.lnk
[2009/07/13 16:52:13 | 00,000,000 | ---D | C] -- C:\Program Files\Analogue Vista Clock
[2009/07/13 07:21:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\4Neurons
[2009/07/12 23:00:34 | 00,027,648 | ---- | C] () -- E:\My Documents\III Determination of Component Values Proj 2.doc
[2009/07/12 21:45:52 | 00,088,576 | ---- | C] () -- E:\My Documents\proj1 - ansysde proposal.doc
[2009/07/12 20:06:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Apple Computer
[2009/07/12 20:05:44 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/07/12 20:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/12 20:05:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/12 20:05:20 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/12 20:05:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Apple
[2009/07/12 20:05:18 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/12 20:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/07/12 20:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Apple Computer
[2009/07/12 19:51:17 | 00,027,648 | ---- | C] () -- E:\My Documents\proj2 - ansysde proposal.doc
[2009/07/12 18:32:41 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\PlantsVsZombies.lnk
[2009/07/12 13:53:37 | 00,001,685 | ---- | C] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/07/12 13:53:30 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ObjectDock.lnk
[2009/07/12 13:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/07/12 13:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2009/07/12 13:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/07/11 19:04:21 | 00,848,384 | ---- | C] () -- E:\My Documents\TechExhibit09 PRE-ACT.doc
[2009/07/05 18:55:07 | 01,153,466 | ---- | C] () -- E:\My Documents\on semicon handbook.pdf
[2009/07/05 17:19:18 | 00,058,368 | ---- | C] () -- E:\My Documents\proj1 - ansysde report (1).doc
[2009/07/05 11:33:56 | 00,074,752 | ---- | C] () -- E:\My Documents\RESUME - Guian Marcnil F. Berango.doc
[2009/07/05 11:33:06 | 00,052,285 | ---- | C] () -- E:\My Documents\RESUME - Guian Marcnil F. Berango.docx
[2009/07/03 19:20:17 | 00,456,986 | ---- | C] () -- E:\My Documents\Picture1 006.jpg
[2009/07/01 01:08:17 | 00,182,272 | ---- | C] () -- E:\My Documents\ResumeGigs.doc
[2009/06/27 17:36:04 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/27 17:36:04 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/26 23:17:45 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/06/26 23:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Google
[2009/06/26 23:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/06/26 23:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/06/26 23:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\AVI Codec Pack
[2009/06/26 22:38:33 | 00,012,312 | ---- | C] () -- E:\My Documents\DISYSDE exp 1 (ANC).docx
[2009/06/26 21:36:22 | 02,609,308 | ---- | C] () -- E:\My Documents\Lab1.pdf
[2009/06/26 19:13:58 | 00,079,795 | ---- | C] () -- E:\My Documents\switch mode.docx
[2009/06/26 15:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Digsby
[2009/06/26 15:11:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Digsby
[2009/06/26 15:10:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/06/26 15:06:14 | 00,000,416 | ---- | C] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009/06/26 15:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Winferno
[2009/06/21 19:28:08 | 00,185,688 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/06/21 19:28:08 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/06/21 19:28:08 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/06/21 19:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/06/21 19:28:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Real
[2009/06/21 19:28:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Real
[2009/06/21 19:28:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/06/17 22:24:59 | 00,035,840 | ---- | C] () -- E:\My Documents\ansysde-proposal.doc
[2009/06/14 00:36:58 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/06/14 00:36:58 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/06/14 00:36:58 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/06/05 16:25:53 | 00,000,000 | ---D | C] -- C:\Program Files\ShadowRO
[2009/05/26 17:18:34 | 00,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/05/26 17:18:34 | 00,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/05/24 19:54:56 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\MP4 to MP3 Converter 3.lnk
[2009/05/22 19:47:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Samsung
[2009/05/22 19:34:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/22 19:31:21 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll
[2009/05/22 19:30:50 | 00,109,704 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
[2009/05/22 19:30:50 | 00,083,592 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bus.sys
[2009/05/22 19:30:50 | 00,015,112 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
[2009/05/22 19:30:50 | 00,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
[2009/05/22 19:30:50 | 00,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_wh.sys
[2009/05/22 19:30:50 | 00,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
[2009/05/22 19:30:50 | 00,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_cm.sys
[2009/05/22 19:30:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2009/05/22 19:30:26 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2009/05/22 19:30:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/05/22 19:29:37 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2009/05/22 19:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung
[2009/05/21 01:53:08 | 00,000,036 | -H-- | C] () -- C:\Documents and Settings\Guian\Application Data\swk.ini
[2009/05/17 13:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Pcsx2
[2009/05/16 01:48:44 | 00,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2009/05/16 01:48:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/05/16 01:47:37 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/05/16 01:47:08 | 00,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/05/16 01:46:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/05/16 00:29:53 | 00,166,000 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/05/16 00:29:52 | 00,000,795 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/05/10 20:07:07 | 01,228,800 | ---- | C] (FoxBurner Ltd.) -- C:\WINDOWS\System32\FoxBurner.ocx
[2009/05/10 20:07:07 | 01,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2009/05/10 20:07:07 | 01,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2009/05/10 20:07:07 | 00,856,064 | ---- | C] (Essien Research & Development) -- C:\WINDOWS\System32\mpgfiltr.ax
[2009/05/10 20:07:07 | 00,454,656 | ---- | C] (FoxBurner Ltd.) -- C:\WINDOWS\System32\FoxDVDImager.ocx
[2009/05/10 20:07:07 | 00,380,928 | ---- | C] (NUGROOVZ) -- C:\WINDOWS\System32\CDRipperX.ocx
[2009/05/10 20:07:07 | 00,196,608 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx
[2009/05/10 20:07:07 | 00,081,920 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll
[2009/05/10 20:07:06 | 00,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2009/05/10 19:53:51 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/05/10 19:53:50 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2009/05/10 19:53:50 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2009/05/10 19:53:50 | 00,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
[2009/05/08 18:09:44 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/05/08 17:51:43 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2009/04/08 16:09:03 | 00,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/03/06 19:56:12 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/02/25 20:21:06 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2009/02/10 21:21:13 | 00,000,080 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/12/16 00:26:56 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2008/12/07 11:35:21 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2008/12/06 12:32:51 | 00,000,490 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/04/14 16:00:00 | 00,000,849 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/10/31 14:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 14:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 14:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 14:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 14:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 14:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 14:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002/10/07 02:42:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 07:04:24 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/05 07:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 07:04:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Modified Within 90 Days ==========

[2009/08/05 12:00:57 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTL.exe
[2009/08/05 11:59:34 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/05 11:59:33 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/05 11:59:32 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009/08/05 11:59:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 11:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 11:50:57 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Flash_Disinfector.exe
[2009/08/05 11:41:36 | 00,000,085 | ---- | M] () -- C:\WINDOWS\System32\vsfocelog.dat
[2009/08/05 11:41:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/05 11:40:39 | 00,407,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTM.exe
[2009/08/05 11:39:08 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 11:38:49 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\NTREGOPT.lnk
[2009/08/05 11:38:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\ERUNT.lnk
[2009/08/05 11:37:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Guian\Desktop\erunt-setup.exe
[2009/08/05 10:41:52 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/08/04 00:25:35 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/08/04 00:21:27 | 00,287,232 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\dnw73yq7.exe
[2009/08/03 23:08:13 | 00,011,272 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Guian Marcnil F.docx
[2009/08/03 21:32:07 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\RSIT.exe
[2009/08/03 20:43:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 20:42:47 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guian\Desktop\mbam-setup.exe
[2009/08/03 20:00:15 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Guian.job
[2009/08/03 00:00:11 | 00,000,849 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/01 13:11:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/31 21:30:14 | 00,012,614 | ---- | M] () -- E:\My Documents\Jhudette Anne F. man without limbs, VE proj.docx
[2009/07/29 19:30:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/29 00:39:45 | 00,086,528 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Activity Report for Eng Cup Chess.doc
[2009/07/28 22:38:21 | 00,848,384 | ---- | M] () -- E:\My Documents\TechExhibit09 PRE-ACT.doc
[2009/07/28 22:38:21 | 00,848,384 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\TechExhibit09 PRE-ACT.doc
[2009/07/28 22:30:07 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/28 22:22:09 | 01,022,464 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\RESURGENCE Major MOA(edge).doc
[2009/07/28 02:09:55 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/27 12:22:36 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/25 20:07:43 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IM Magician.lnk
[2009/07/25 20:01:02 | 00,001,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VP-EYE 6.0.lnk
[2009/07/25 14:40:02 | 00,149,163 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\srp.zip
[2009/07/24 23:45:28 | 00,008,626 | ---- | M] () -- C:\WINDOWS\System32\vsfocegkdoemtu.dat
[2009/07/24 23:45:28 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfoceexexwpix.dat
[2009/07/22 01:20:01 | 00,112,469 | ---- | M] () -- E:\My Documents\Explosion.mp3
[2009/07/22 01:19:21 | 00,292,707 | ---- | M] () -- E:\My Documents\Explosion.mp4
[2009/07/22 00:41:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\HijackThis.lnk
[2009/07/22 00:41:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- E:\My Documents\HJTInstall.exe
[2009/07/22 00:33:58 | 00,000,017 | ---- | M] () -- E:\My Documents\stinger1001624.opt
[2009/07/21 23:56:06 | 04,129,799 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Guian\Desktop\stinger1001624.exe
[2009/07/21 10:08:13 | 20,117,13536 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/07/21 00:01:53 | 00,539,285 | ---- | M] () -- E:\My Documents\scratch.mp3
[2009/07/21 00:00:56 | 01,323,614 | ---- | M] () -- E:\My Documents\scratch.mp4
[2009/07/20 23:36:21 | 05,574,954 | ---- | M] () -- E:\My Documents\Black Eyed Peas - Boom Boom Pow.mp3
[2009/07/20 23:28:27 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\LimeWire 5.1.4.lnk
[2009/07/20 22:56:16 | 00,107,328 | ---- | M] () -- E:\My Documents\EA SPORTS.mp3
[2009/07/20 22:54:11 | 08,873,429 | ---- | M] () -- E:\My Documents\F4 and BOF.mp3
[2009/07/20 22:51:22 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\MP4 to MP3 Converter 3.lnk
[2009/07/20 22:46:31 | 28,868,171 | ---- | M] () -- E:\My Documents\F4 and BOF.mp4
[2009/07/20 22:37:09 | 00,342,241 | ---- | M] () -- E:\My Documents\EA SPORTS.mp4
[2009/07/20 22:12:59 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/07/20 00:25:57 | 05,872,996 | -H-- | M] () -- C:\Documents and Settings\Guian\Local Settings\Application Data\IconCache.db
[2009/07/19 22:07:02 | 00,122,880 | ---- | M] () -- E:\My Documents\Second Day Statistics(2).doc
[2009/07/19 22:03:12 | 00,122,880 | ---- | M] () -- E:\My Documents\Second Day Statistics.doc
[2009/07/19 18:11:00 | 00,012,104 | ---- | M] () -- E:\My Documents\WriteupGnW.docx
[2009/07/19 12:02:46 | 00,040,960 | ---- | M] () -- E:\My Documents\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/18 21:56:43 | 00,120,199 | ---- | M] () -- E:\My Documents\COE_10630635_Berango_3.jpg
[2009/07/18 21:46:07 | 00,335,422 | ---- | M] () -- E:\My Documents\COE_10630635_Berango_1.jpg
[2009/07/18 21:20:06 | 00,247,623 | ---- | M] () -- E:\My Documents\COE_10630635_Berango_2.jpg
[2009/07/18 20:19:58 | 00,012,403 | ---- | M] () -- E:\My Documents\Berango, Guian Marcnil.rtf
[2009/07/14 00:10:00 | 00,651,507 | ---- | M] () -- E:\My Documents\PICT0034.JPG
[2009/07/14 00:09:49 | 00,411,976 | ---- | M] () -- E:\My Documents\PICT0033.JPG
[2009/07/13 18:01:00 | 00,001,415 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Photoshop.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 23:00:34 | 00,027,648 | ---- | M] () -- E:\My Documents\III Determination of Component Values Proj 2.doc
[2009/07/12 23:00:04 | 00,027,648 | ---- | M] () -- E:\My Documents\proj2 - ansysde proposal.doc
[2009/07/12 21:45:52 | 00,088,576 | ---- | M] () -- E:\My Documents\proj1 - ansysde proposal.doc
[2009/07/12 20:05:44 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/07/12 18:32:41 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\PlantsVsZombies.lnk
[2009/07/12 13:53:37 | 00,001,685 | ---- | M] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/07/12 13:53:30 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ObjectDock.lnk
[2009/07/09 19:23:52 | 00,120,320 | ---- | M] () -- C:\Documents and Settings\Guian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 18:55:26 | 01,153,466 | ---- | M] () -- E:\My Documents\on semicon handbook.pdf
[2009/07/05 18:53:06 | 00,079,795 | ---- | M] () -- E:\My Documents\switch mode.docx
[2009/07/05 17:19:24 | 00,058,368 | ---- | M] () -- E:\My Documents\proj1 - ansysde report (1).doc
[2009/07/05 16:39:52 | 00,074,752 | ---- | M] () -- E:\My Documents\RESUME - Guian Marcnil F. Berango.doc
[2009/07/05 11:33:06 | 00,052,285 | ---- | M] () -- E:\My Documents\RESUME - Guian Marcnil F. Berango.docx
[2009/07/04 20:50:46 | 00,182,272 | ---- | M] () -- E:\My Documents\ResumeGigs.doc
[2009/07/03 19:20:25 | 00,456,986 | ---- | M] () -- E:\My Documents\Picture1 006.jpg
[2009/07/01 07:12:19 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/26 23:15:18 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/06/26 23:15:10 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/06/26 23:14:02 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\DivX Movies.lnk
[2009/06/26 22:38:33 | 00,012,312 | ---- | M] () -- E:\My Documents\DISYSDE exp 1 (ANC).docx
[2009/06/26 21:37:05 | 02,609,308 | ---- | M] () -- E:\My Documents\Lab1.pdf
[2009/06/17 22:25:01 | 00,035,840 | ---- | M] () -- E:\My Documents\ansysde-proposal.doc
[2009/06/14 21:49:54 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/06/14 00:23:05 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\vso_ts_preview.xml
[2009/05/26 17:18:34 | 00,090,112 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/05/26 17:18:34 | 00,057,344 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/05/22 19:29:37 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2009/05/21 11:34:03 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/05/21 11:34:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/05/21 11:34:01 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/05/21 11:33:57 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/05/21 09:35:23 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/05/21 01:53:08 | 00,000,036 | -H-- | M] () -- C:\Documents and Settings\Guian\Application Data\swk.ini
[2009/05/16 01:50:35 | 00,166,000 | ---- | M] () -- C:\WINDOWS\hphins25.dat
[2009/05/16 01:48:44 | 00,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2009/05/16 01:47:37 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/05/16 01:47:08 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/05/10 20:07:06 | 00,001,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2009/05/08 17:51:43 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
< End of report >




OTL Extras logfile created on: 8/5/2009 12:02:45 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Guian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 68.79% Memory free
3.72 Gb Paging File | 3.29 Gb Available in Paging File | 88.42% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 104.83 Gb Free Space | 70.34% Space Free | Partition Type: NTFS
Drive D: | 647.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 228.97 Gb Total Space | 129.13 Gb Free Space | 56.39% Space Free | Partition Type: NTFS
Drive F: | 228.97 Gb Total Space | 228.90 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive G: | 3.79 Gb Total Space | 0.55 Gb Free Space | 14.62% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 7.81 Gb Total Space | 3.49 Gb Free Space | 44.69% Space Free | Partition Type: NTFS

Computer Name: GUIAN-4193F2498
Current User Name: Guian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Guian\Desktop\Games\SIERRA\Half-Life\hl -console.exe" = C:\Documents and Settings\Guian\Desktop\Games\SIERRA\Half-Life\hl -console.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Documents and Settings\Guian\Desktop\Games\Garena\Garena.exe" = C:\Documents and Settings\Guian\Desktop\Games\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
"C:\Documents and Settings\Guian\Desktop\utorrent.exe" = C:\Documents and Settings\Guian\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\PLDTPlay\ServerScout\ServerScout.exe" = C:\Program Files\PLDTPlay\ServerScout\ServerScout.exe:*:Enabled:ServerScout -- File not found
"C:\Documents and Settings\Guian\My Documents\Torrents\utorrent.exe" = C:\Documents and Settings\Guian\My Documents\Torrents\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\SIERRA\Half-Life\hl.exe" = C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"G:\LimeWire\LimeWire.exe" = G:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe" = C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe:*:Disabled:Command & Conquer™ Red Alert™ 3 -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05859386-55D9-4703-8C6E-FF4211A93A14}" = Symantec Real Time Storage Protection Component
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{231C52F8-BC97-4B41-A12D-C69F30E7B002}" = SymNet
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2969CB97-DF91-4752-BE47-8A73AE810E6C}" = IM Magician
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{31187E06-E131-4709-9285-7D105D77AA89}" = Components Setup
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57B18739-7A22-44D7-A263-6E2A2180D3BC}" = Philips SA19XX Device Manager
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA524348-59A6-437A-A4FB-25080BDEFCD6}" = VP-EYE
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}" = Components Setup
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3D Windows XP" = 3D Windows XP Screen Saver
"Active Desktop Calendar_is1" = Active Desktop Calendar 7.58
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Analogue Vista Clock" = Analogue Vista Clock 1.18
"ASIO4ALL" = ASIO4ALL
"AVI Codec Pack Lite" = AVI Codec Pack Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Fax Machine_is1" = Fax Machine 4.31
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life" = Half-Life
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LimeWire" = LimeWire 5.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MP4 to MP3 Converter" = MP4 to MP3 Converter
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"OpenVPN" = OpenVPN 2.0.9
"POD-Bot 2.5" = POD-Bot 2.5
"PowerISO" = PowerISO
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealAlt_is1" = Real Alternative 1.7.5 Lite
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"Sierra Utilities" = Sierra Utilities
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"Syncrosoft License Control" = Syncrosoft License Control
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2009 10:34:59 PM | Computer Name = GUIAN-4193F2498 | Source = Application Error | ID = 1000
Description = Faulting application qsn.exe, version 1.0.0.154, faulting module kerneltrackdll.dll,
version 2.0.0.1, fault address 0x000018c8.

Error - 8/2/2009 11:59:48 AM | Computer Name = GUIAN-4193F2498 | Source = Application Error | ID = 1000
Description = Faulting application vpeyev6.exe, version 6.0.0.572, faulting module
mmeffect.ax, version 0.0.0.0, fault address 0x0000864b.

Error - 8/3/2009 1:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/3/2009 2:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/3/2009 3:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/3/2009 4:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/3/2009 5:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/3/2009 6:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/3/2009 7:41:05 PM | Computer Name = GUIAN-4193F2498 | Source = Google Update | ID = 20
Description =

Error - 8/4/2009 11:41:50 PM | Computer Name = GUIAN-4193F2498 | Source = Application Error | ID = 1000
Description = Faulting application otm.exe, version 3.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x0178345b.

[ System Events ]
Error - 8/4/2009 11:41:36 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/4/2009 11:47:18 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7023
Description = The USB Mass Storage Helper service terminated with the following
error: %%126

Error - 8/4/2009 11:47:42 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/4/2009 11:52:24 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/4/2009 11:52:24 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/4/2009 11:55:19 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7023
Description = The USB Mass Storage Helper service terminated with the following
error: %%126

Error - 8/4/2009 11:56:05 PM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/5/2009 12:00:32 AM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7023
Description = The USB Mass Storage Helper service terminated with the following
error: %%126

Error - 8/5/2009 12:01:05 AM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/5/2009 12:01:05 AM | Computer Name = GUIAN-4193F2498 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 05 August 2009 - 06:42 AM

Hi,

The OTM results say that the entries were not found, did you remove these entries youself? also the OTL log shows that you have
choose to search for files aged up to 90 days, Can you change this back to 30 day, if I wanted to see 90 days I would have asked.

unite.jpg


#11 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 05 August 2009 - 09:15 AM

oops i'm sorry...i dont know what happened but when i first used OTM may computer said that there was an error that is why i restarted my computer...so i ran it again...thats the log from my second attempt of running OTM...on the other hand sori about that 90 day thing...so here is the log again

OTL logfile created on: 8/5/2009 10:12:37 PM - Run 3
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Guian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.55% Memory free
3.72 Gb Paging File | 3.07 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 104.70 Gb Free Space | 70.25% Space Free | Partition Type: NTFS
Drive D: | 647.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 228.97 Gb Total Space | 129.12 Gb Free Space | 56.39% Space Free | Partition Type: NTFS
Drive F: | 228.97 Gb Total Space | 228.90 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 7.81 Gb Total Space | 3.49 Gb Free Space | 44.69% Space Free | Partition Type: NTFS

Computer Name: GUIAN-4193F2498
Current User Name: Guian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 16:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/27 04:17:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/03/26 00:57:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/07/05 16:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/05/20 16:43:52 | 01,512,960 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/09/18 15:41:52 | 00,143,360 | ---- | M] (Vimisoft Studio) -- C:\Program Files\IM Magician\Vicamon.exe
PRC - [2008/08/13 15:33:30 | 03,780,608 | ---- | M] (XemiComputers ltd.) -- C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
PRC - [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/05/08 01:27:02 | 00,309,728 | ---- | M] () -- C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/04/30 19:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/08/24 04:35:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/05/21 11:34:40 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/06 01:29:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/14 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/07/30 19:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/17 20:33:34 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/08/05 12:00:57 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/08/24 04:35:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/06/26 23:14:02 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f670c6d992cc [Auto | Stopped])
SRV - [2008/04/14 16:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/24 04:35:22 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2006/10/27 04:17:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/17 01:26:00 | 02,771,933 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2006/10/31 14:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2006/10/26 23:19:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:33:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/12/17 20:33:34 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2009/02/25 17:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/09/17 15:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/02/25 17:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/14 16:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/01/25 05:29:57 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008/01/25 05:29:58 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008/01/25 05:29:59 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007/07/10 09:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/07/13 16:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090804.040\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/13 16:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090804.040\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2005/02/02 04:55:40 | 00,021,442 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\ShadowRO\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])
DRV - [2006/10/31 14:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/06/28 17:38:56 | 00,105,088 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/11/27 16:33:50 | 00,058,368 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/11/27 16:33:54 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009/03/21 19:59:41 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2008/04/14 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/07 00:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/11/02 16:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/04/14 16:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/05/02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007/05/02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2009/06/14 21:49:54 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2009/02/19 11:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/10 07:31:25 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/10 06:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090730.002\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/11/23 18:20:06 | 00,018,432 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped])
DRV - [2006/10/01 14:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys -- (tap0801 [On_Demand | Running])
DRV - [2008/04/14 04:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.244
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/09 22:08:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 21:32:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 14:54:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 14:54:09 | 00,000,000 | ---D | M]

[2009/07/20 23:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Extensions
[2008/11/09 21:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/20 23:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/05 09:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions
[2009/02/07 00:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/06 23:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2009/05/21 21:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guian\Application Data\mozilla\Firefox\Profiles\ru4rwjc6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/03 22:00:30 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\Mozilla\FireFox\Profiles\ru4rwjc6.default\searchplugins\amazondotcom.xml
[2009/07/03 22:00:30 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\Mozilla\FireFox\Profiles\ru4rwjc6.default\searchplugins\ebay.xml
[2009/07/06 23:18:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Guian\Application Data\Mozilla\FireFox\Profiles\ru4rwjc6.default\searchplugins\search-the-web.xml
[2009/08/05 14:54:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 14:54:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 21:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/27 14:00:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 00:36:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/30 19:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 19:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 05:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 02:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 06:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/30 19:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/12/21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/12 20:05:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/12/21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 05:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 15:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 15:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 15:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 15:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 15:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 15:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 15:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Fax Machine] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMMON] C:\Program Files\IM Magician\Vicamon.exe (Vimisoft Studio)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - HKCU..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe ()
O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\LClock.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKCU..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe File not found
O4 - HKCU..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe File not found
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe File not found
O4 - HKCU..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe File not found
O4 - HKCU..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe File not found
O4 - HKCU..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Guian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Guian\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Guian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.137 58.69.254.136 58.69.254.69
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/09 20:16:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 11:57:11 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 16:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/08/05 11:57:11 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 11:57:11 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 11:57:12 | 00,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/05 14:54:12 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/05 12:00:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTL.exe
[2009/08/05 11:57:11 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/08/05 11:50:57 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Flash_Disinfector.exe
[2009/08/05 11:41:36 | 00,000,085 | ---- | C] () -- C:\WINDOWS\System32\vsfocelog.dat
[2009/08/05 11:41:35 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/05 11:40:28 | 00,407,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTM.exe
[2009/08/05 11:40:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/05 11:39:08 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 11:38:49 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\NTREGOPT.lnk
[2009/08/05 11:38:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\ERUNT.lnk
[2009/08/05 11:38:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/05 11:37:32 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Guian\Desktop\erunt-setup.exe
[2009/08/04 00:21:23 | 00,287,232 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\dnw73yq7.exe
[2009/08/03 23:08:13 | 00,011,272 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Guian Marcnil F.docx
[2009/08/03 21:32:39 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/03 21:31:53 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\RSIT.exe
[2009/08/03 20:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Malwarebytes
[2009/08/03 20:43:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 20:43:09 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 20:43:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 20:43:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/03 20:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/03 20:41:54 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guian\Desktop\mbam-setup.exe
[2009/08/02 21:23:05 | 00,000,000 | ---D | C] -- E:\My Documents\ENERCOLA
[2009/08/02 19:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Desktop\IMPORTANT
[2009/07/31 17:12:20 | 00,012,614 | ---- | C] () -- E:\My Documents\Jhudette Anne F. man without limbs, VE proj.docx
[2009/07/29 00:39:45 | 00,086,528 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Activity Report for Eng Cup Chess.doc
[2009/07/28 22:39:04 | 00,848,384 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\TechExhibit09 PRE-ACT.doc
[2009/07/28 22:30:07 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/28 22:04:46 | 01,022,464 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\RESURGENCE Major MOA(edge).doc
[2009/07/28 20:53:12 | 00,000,000 | ---D | C] -- E:\My Documents\ACID Pro 7.0 Projects
[2009/07/28 20:53:11 | 00,000,000 | ---D | C] -- E:\My Documents\Cocirfu
[2009/07/28 20:53:11 | 00,000,000 | ---D | C] -- E:\My Documents\Backup
[2009/07/28 20:53:11 | 00,000,000 | ---D | C] -- E:\My Documents\ADVELIN
[2009/07/28 20:51:50 | 00,000,000 | ---D | C] -- E:\My Documents\ConvertXtoDVD
[2009/07/28 20:51:38 | 00,000,000 | ---D | C] -- E:\My Documents\Daddy
[2009/07/28 20:51:38 | 00,000,000 | ---D | C] -- E:\My Documents\Cubase Projects
[2009/07/28 20:51:37 | 00,000,000 | ---D | C] -- E:\My Documents\Desktop Themes
[2009/07/28 20:51:36 | 00,000,000 | ---D | C] -- E:\My Documents\DIGICOLA
[2009/07/28 20:51:12 | 00,000,000 | ---D | C] -- E:\My Documents\Documents
[2009/07/28 20:44:30 | 00,000,000 | ---D | C] -- E:\My Documents\Downloads
[2009/07/28 20:44:28 | 00,000,000 | ---D | C] -- E:\My Documents\ECA-Documentations
[2009/07/28 20:44:27 | 00,000,000 | ---D | C] -- E:\My Documents\ECES - External Affairs RESURGENCE(2)
[2009/07/28 20:44:27 | 00,000,000 | ---D | C] -- E:\My Documents\ECES - External Affairs RESURGENCE
[2009/07/28 20:44:23 | 00,000,000 | ---D | C] -- E:\My Documents\ECES Uplink
[2009/07/28 20:44:23 | 00,000,000 | ---D | C] -- E:\My Documents\ECES External Affairs
[2009/07/28 20:44:22 | 00,000,000 | ---D | C] -- E:\My Documents\Frosh cup pre acts
[2009/07/28 20:44:22 | 00,000,000 | ---D | C] -- E:\My Documents\for gigs
[2009/07/28 20:44:21 | 00,000,000 | ---D | C] -- E:\My Documents\INDELAB
[2009/07/28 20:44:13 | 00,000,000 | ---D | C] -- E:\My Documents\My Art
[2009/07/28 20:44:13 | 00,000,000 | ---D | C] -- E:\My Documents\LimeWire
[2009/07/28 20:42:51 | 00,000,000 | R--D | C] -- E:\My Documents\My Music
[2009/07/28 20:41:32 | 00,000,000 | R--D | C] -- E:\My Documents\My Pictures
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\PERSEF
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\PcSetup
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\OneNote Notebooks
[2009/07/28 20:41:32 | 00,000,000 | ---D | C] -- E:\My Documents\OJOsoft Corporation
[2009/07/28 20:41:31 | 00,000,000 | ---D | C] -- E:\My Documents\Red Alert 3
[2009/07/28 20:40:02 | 00,000,000 | ---D | C] -- E:\My Documents\Sinag 2
[2009/07/28 20:39:53 | 00,000,000 | ---D | C] -- E:\My Documents\Symantec
[2009/07/28 20:39:53 | 00,000,000 | ---D | C] -- E:\My Documents\Stardock
[2009/07/28 20:39:53 | 00,000,000 | ---D | C] -- E:\My Documents\Sony
[2009/07/28 20:39:52 | 00,000,000 | ---D | C] -- E:\My Documents\Torrents
[2009/07/28 20:39:52 | 00,000,000 | ---D | C] -- E:\My Documents\Thesis
[2009/07/28 20:39:51 | 00,000,000 | ---D | C] -- E:\My Documents\TRANSLA
[2009/07/28 18:12:56 | 00,000,000 | R--D | C] -- E:\My Documents\My Videos
[2009/07/25 20:07:43 | 00,001,476 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IM Magician.lnk
[2009/07/25 20:05:21 | 00,000,392 | ---- | C] () -- C:\WINDOWS\WebEye.ini
[2009/07/25 20:04:53 | 00,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VidCap32.exe
[2009/07/25 20:04:53 | 00,035,600 | ---- | C] () -- C:\WINDOWS\AMCAP.EXE
[2009/07/25 20:04:53 | 00,020,992 | ---- | C] () -- C:\WINDOWS\MMVCB.AX
[2009/07/25 20:02:48 | 00,172,032 | ---- | C] () -- C:\WINDOWS\JAPI2.DLL
[2009/07/25 20:02:03 | 00,102,400 | ---- | C] (Meta Media Inc) -- C:\WINDOWS\MMVEM.EXE
[2009/07/25 20:01:14 | 00,106,496 | ---- | C] () -- C:\WINDOWS\JAPI.DLL
[2009/07/25 20:01:02 | 00,001,571 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VP-EYE 6.0.lnk
[2009/07/25 20:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\MMEDIA
[2009/07/25 20:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Vimisoft Studio
[2009/07/25 20:00:00 | 00,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2009/07/25 20:00:00 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2009/07/25 19:59:59 | 00,420,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4c32.dll
[2009/07/25 19:59:56 | 00,446,464 | ---- | C] (FotoFan) -- C:\WINDOWS\System32\newlistview2.dll
[2009/07/25 19:59:56 | 00,077,824 | ---- | C] (FotoFan Studio) -- C:\WINDOWS\System32\vgf.dll
[2009/07/25 19:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vimisoft Studio
[2009/07/25 19:59:10 | 00,015,086 | ---- | C] () -- C:\WINDOWS\uninstall.ico
[2009/07/25 19:59:10 | 00,008,990 | ---- | C] () -- C:\WINDOWS\Product.ico
[2009/07/25 19:59:06 | 00,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2009/07/25 19:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\IM Magician
[2009/07/25 19:58:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\InstallShield
[2009/07/25 19:55:28 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2009/07/25 19:55:28 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/07/25 19:55:27 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009/07/25 19:55:27 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/07/25 19:55:26 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/07/25 19:55:26 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/07/25 19:55:26 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009/07/25 19:55:26 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/07/25 19:55:25 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2009/07/25 19:55:25 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/07/25 19:55:24 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2009/07/25 19:55:24 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/07/25 19:55:23 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2009/07/25 19:55:23 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/07/25 19:55:22 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009/07/25 19:55:22 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/07/25 19:55:17 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/07/25 19:55:17 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/07/25 19:55:12 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/07/25 19:55:12 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2009/07/25 19:55:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/07/25 19:55:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/07/25 19:55:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/07/25 19:55:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/07/25 19:55:12 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/07/25 19:55:12 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/07/25 19:55:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/07/25 19:55:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/07/25 19:55:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/07/25 19:55:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2009/07/25 19:55:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/07/25 19:55:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/07/25 14:40:02 | 00,149,163 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\srp.zip
[2009/07/22 01:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\VST3 Presets
[2009/07/22 01:19:58 | 00,112,469 | ---- | C] () -- E:\My Documents\Explosion.mp3
[2009/07/22 01:19:19 | 00,292,707 | ---- | C] () -- E:\My Documents\Explosion.mp4
[2009/07/22 00:41:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\HijackThis.lnk
[2009/07/22 00:41:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/22 00:41:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- E:\My Documents\HJTInstall.exe
[2009/07/22 00:33:58 | 00,000,017 | ---- | C] () -- E:\My Documents\stinger1001624.opt
[2009/07/21 23:55:01 | 04,129,799 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Guian\Desktop\stinger1001624.exe
[2009/07/21 10:18:28 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\vsfoceexexwpix.dat
[2009/07/21 10:08:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/21 09:59:49 | 00,008,626 | ---- | C] () -- C:\WINDOWS\System32\vsfocegkdoemtu.dat
[2009/07/21 00:01:47 | 00,539,285 | ---- | C] () -- E:\My Documents\scratch.mp3
[2009/07/21 00:00:12 | 01,323,614 | ---- | C] () -- E:\My Documents\scratch.mp4
[2009/07/20 23:36:43 | 05,574,954 | ---- | C] () -- E:\My Documents\Black Eyed Peas - Boom Boom Pow.mp3
[2009/07/20 23:28:27 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\LimeWire 5.1.4.lnk
[2009/07/20 22:53:25 | 08,873,429 | ---- | C] () -- E:\My Documents\F4 and BOF.mp3
[2009/07/20 22:53:22 | 00,107,328 | ---- | C] () -- E:\My Documents\EA SPORTS.mp3
[2009/07/20 22:51:19 | 00,000,000 | ---D | C] -- C:\Program Files\MP4Converter
[2009/07/20 22:37:18 | 28,868,171 | ---- | C] () -- E:\My Documents\F4 and BOF.mp4
[2009/07/20 22:36:51 | 00,342,241 | ---- | C] () -- E:\My Documents\EA SPORTS.mp4
[2009/07/19 22:07:02 | 00,122,880 | ---- | C] () -- E:\My Documents\Second Day Statistics(2).doc
[2009/07/19 22:03:11 | 00,122,880 | ---- | C] () -- E:\My Documents\Second Day Statistics.doc
[2009/07/19 18:11:00 | 00,012,104 | ---- | C] () -- E:\My Documents\WriteupGnW.docx
[2009/07/19 12:02:45 | 00,040,960 | ---- | C] () -- E:\My Documents\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/18 22:05:56 | 00,120,199 | ---- | C] () -- E:\My Documents\COE_10630635_Berango_3.jpg
[2009/07/18 21:49:42 | 00,335,422 | ---- | C] () -- E:\My Documents\COE_10630635_Berango_1.jpg
[2009/07/18 21:20:06 | 00,247,623 | ---- | C] () -- E:\My Documents\COE_10630635_Berango_2.jpg
[2009/07/18 20:19:58 | 00,012,403 | ---- | C] () -- E:\My Documents\Berango, Guian Marcnil.rtf
[2009/07/18 06:41:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Temp
[2009/07/14 00:09:32 | 00,651,507 | ---- | C] () -- E:\My Documents\PICT0034.JPG
[2009/07/14 00:09:30 | 00,411,976 | ---- | C] () -- E:\My Documents\PICT0033.JPG
[2009/07/13 18:59:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/07/13 18:00:46 | 00,001,415 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\Photoshop.lnk
[2009/07/13 16:52:13 | 00,000,000 | ---D | C] -- C:\Program Files\Analogue Vista Clock
[2009/07/13 07:21:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\4Neurons
[2009/07/12 23:00:34 | 00,027,648 | ---- | C] () -- E:\My Documents\III Determination of Component Values Proj 2.doc
[2009/07/12 21:45:52 | 00,088,576 | ---- | C] () -- E:\My Documents\proj1 - ansysde proposal.doc
[2009/07/12 20:06:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Application Data\Apple Computer
[2009/07/12 20:05:44 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/07/12 20:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/12 20:05:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/12 20:05:20 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/12 20:05:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Apple
[2009/07/12 20:05:18 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/12 20:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/07/12 20:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Guian\Local Settings\Application Data\Apple Computer
[2009/07/12 19:51:17 | 00,027,648 | ---- | C] () -- E:\My Documents\proj2 - ansysde proposal.doc
[2009/07/12 18:32:41 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Guian\Desktop\PlantsVsZombies.lnk
[2009/07/12 13:53:37 | 00,001,685 | ---- | C] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/07/12 13:53:30 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ObjectDock.lnk
[2009/07/12 13:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/07/12 13:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2009/07/12 13:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/07/11 19:04:21 | 00,852,480 | ---- | C] () -- E:\My Documents\TechExhibit09 PRE-ACT.doc
[2009/05/22 19:30:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/05/10 19:53:51 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/05/08 17:51:43 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2009/04/08 16:09:03 | 00,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/03/06 19:56:12 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/02/25 20:21:06 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2009/02/10 21:21:13 | 00,000,080 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/12/16 00:26:56 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2008/12/07 11:35:21 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2008/12/06 12:32:51 | 00,000,490 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/04/14 16:00:00 | 00,000,849 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/10/31 14:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 14:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 14:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 14:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 14:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 14:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 14:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002/10/07 02:42:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 07:04:24 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/05 07:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 07:04:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Modified Within 30 Days ==========

[2009/08/05 21:41:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/05 19:16:13 | 00,852,480 | ---- | M] () -- E:\My Documents\TechExhibit09 PRE-ACT.doc
[2009/08/05 17:41:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/05 14:54:12 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/05 12:00:57 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTL.exe
[2009/08/05 11:59:34 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/05 11:59:32 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009/08/05 11:59:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 11:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 11:50:57 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Flash_Disinfector.exe
[2009/08/05 11:41:36 | 00,000,085 | ---- | M] () -- C:\WINDOWS\System32\vsfocelog.dat
[2009/08/05 11:40:39 | 00,407,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guian\Desktop\OTM.exe
[2009/08/05 11:39:08 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 11:38:49 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\NTREGOPT.lnk
[2009/08/05 11:38:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\ERUNT.lnk
[2009/08/05 11:37:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Guian\Desktop\erunt-setup.exe
[2009/08/05 10:41:52 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/08/04 00:25:35 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/08/04 00:21:27 | 00,287,232 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\dnw73yq7.exe
[2009/08/03 23:08:13 | 00,011,272 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Guian Marcnil F.docx
[2009/08/03 21:32:07 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\RSIT.exe
[2009/08/03 20:43:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 20:42:47 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guian\Desktop\mbam-setup.exe
[2009/08/03 20:00:15 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Guian.job
[2009/08/03 00:00:11 | 00,000,849 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/01 13:11:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/31 21:30:14 | 00,012,614 | ---- | M] () -- E:\My Documents\Jhudette Anne F. man without limbs, VE proj.docx
[2009/07/29 19:30:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/29 00:39:45 | 00,086,528 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Activity Report for Eng Cup Chess.doc
[2009/07/28 22:38:21 | 00,848,384 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\TechExhibit09 PRE-ACT.doc
[2009/07/28 22:30:07 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/28 22:22:09 | 01,022,464 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\RESURGENCE Major MOA(edge).doc
[2009/07/28 02:09:55 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/27 12:22:36 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/25 20:07:43 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IM Magician.lnk
[2009/07/25 20:01:02 | 00,001,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VP-EYE 6.0.lnk
[2009/07/25 14:40:02 | 00,149,163 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\srp.zip
[2009/07/24 23:45:28 | 00,008,626 | ---- | M] () -- C:\WINDOWS\System32\vsfocegkdoemtu.dat
[2009/07/24 23:45:28 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\vsfoceexexwpix.dat
[2009/07/22 01:20:01 | 00,112,469 | ---- | M] () -- E:\My Documents\Explosion.mp3
[2009/07/22 01:19:21 | 00,292,707 | ---- | M] () -- E:\My Documents\Explosion.mp4
[2009/07/22 00:41:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\HijackThis.lnk
[2009/07/22 00:41:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- E:\My Documents\HJTInstall.exe
[2009/07/22 00:33:58 | 00,000,017 | ---- | M] () -- E:\My Documents\stinger1001624.opt
[2009/07/21 23:56:06 | 04,129,799 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Guian\Desktop\stinger1001624.exe
[2009/07/21 10:08:13 | 20,117,13536 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/07/21 00:01:53 | 00,539,285 | ---- | M] () -- E:\My Documents\scratch.mp3
[2009/07/21 00:00:56 | 01,323,614 | ---- | M] () -- E:\My Documents\scratch.mp4
[2009/07/20 23:36:21 | 05,574,954 | ---- | M] () -- E:\My Documents\Black Eyed Peas - Boom Boom Pow.mp3
[2009/07/20 23:28:27 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\LimeWire 5.1.4.lnk
[2009/07/20 22:56:16 | 00,107,328 | ---- | M] () -- E:\My Documents\EA SPORTS.mp3
[2009/07/20 22:54:11 | 08,873,429 | ---- | M] () -- E:\My Documents\F4 and BOF.mp3
[2009/07/20 22:51:22 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\MP4 to MP3 Converter 3.lnk
[2009/07/20 22:46:31 | 28,868,171 | ---- | M] () -- E:\My Documents\F4 and BOF.mp4
[2009/07/20 22:37:09 | 00,342,241 | ---- | M] () -- E:\My Documents\EA SPORTS.mp4
[2009/07/20 22:12:59 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/07/20 00:25:57 | 05,872,996 | -H-- | M] () -- C:\Documents and Settings\Guian\Local Settings\Application Data\IconCache.db
[2009/07/19 22:07:02 | 00,122,880 | ---- | M] () -- E:\My Documents\Second Day Statistics(2).doc
[2009/07/19 22:03:12 | 00,122,880 | ---- | M] () -- E:\My Documents\Second Day Statistics.doc
[2009/07/19 18:11:00 | 00,012,104 | ---- | M] () -- E:\My Documents\WriteupGnW.docx
[2009/07/19 12:02:46 | 00,040,960 | ---- | M] () -- E:\My Documents\Activity Assignment Matrix ECES 1st term SY09-10.xls
[2009/07/18 21:56:43 | 00,120,199 | ---- | M] () -- E:\My Documents\COE_10630635_Berango_3.jpg
[2009/07/18 21:46:07 | 00,335,422 | ---- | M] () -- E:\My Documents\COE_10630635_Berango_1.jpg
[2009/07/18 21:20:06 | 00,247,623 | ---- | M] () -- E:\My Documents\COE_10630635_Berango_2.jpg
[2009/07/18 20:19:58 | 00,012,403 | ---- | M] () -- E:\My Documents\Berango, Guian Marcnil.rtf
[2009/07/14 00:10:00 | 00,651,507 | ---- | M] () -- E:\My Documents\PICT0034.JPG
[2009/07/14 00:09:49 | 00,411,976 | ---- | M] () -- E:\My Documents\PICT0033.JPG
[2009/07/13 18:01:00 | 00,001,415 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\Photoshop.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 23:00:34 | 00,027,648 | ---- | M] () -- E:\My Documents\III Determination of Component Values Proj 2.doc
[2009/07/12 23:00:04 | 00,027,648 | ---- | M] () -- E:\My Documents\proj2 - ansysde proposal.doc
[2009/07/12 21:45:52 | 00,088,576 | ---- | M] () -- E:\My Documents\proj1 - ansysde proposal.doc
[2009/07/12 20:05:44 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/07/12 18:32:41 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Guian\Desktop\PlantsVsZombies.lnk
[2009/07/12 13:53:37 | 00,001,685 | ---- | M] () -- C:\Documents and Settings\Guian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/07/12 13:53:30 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ObjectDock.lnk
[2009/07/09 19:23:52 | 00,120,320 | ---- | M] () -- C:\Documents and Settings\Guian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 06 August 2009 - 06:51 PM

Hi gigsaw,

Sorry for the late reply, I completely overlooked your topic :thumbup2:
Can you tell me if these are your ISP, Philippine Long Distance Telephone Company


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\LClock.exe File not found
    O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
    O4 - HKCU..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe File not found
    O4 - HKCU..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe File not found
    O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe File not found
    O4 - HKCU..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe File not found
    O4 - HKCU..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe File not found
    O4 - HKCU..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe File not found
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Files
    C:\Program Files\Winferno
    C:\Documents and Settings\All Users\Application Data\PopCap Games
    C:\WINDOWS\popcinfot.dat
    C:\WINDOWS\System32\vsfocelog.dat
    C:\WINDOWS\System32\vsfoceexexwpix.dat
    C:\WINDOWS\System32\vsfocegkdoemtu.dat
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Then please post back here with the following:
  • OTL results
  • ESET report
  • New Hijackthis log
Thanks

unite.jpg


#13 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 07 August 2009 - 07:58 PM

hello...yea my ISP is PLDT...but i got a problem w/ the ESET Scanner because i cant find the list of found threats...i think thats maybe because there is no threat found..so there are the logs for OTL and hijack:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LClock deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rainlendar2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ViOrb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vista Sidebar deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ViStart deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VisualTooltip deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Window Hide Tool deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinFlip deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
C:\Program Files\Winferno moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap Games\.system moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap Games moved successfully.
C:\WINDOWS\popcinfot.dat moved successfully.
C:\WINDOWS\System32\vsfocelog.dat moved successfully.
C:\WINDOWS\System32\vsfoceexexwpix.dat moved successfully.
C:\WINDOWS\System32\vsfocegkdoemtu.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guian
->Temp folder emptied: 5321803 bytes
->Temporary Internet Files folder emptied: 4463365 bytes
->Java cache emptied: 13425503 bytes
->FireFox cache emptied: 40192543 bytes
->Google Chrome cache emptied: 15614120 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\JET9059.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 90194 bytes
RecycleBin emptied: 644894 bytes

Total Files Cleaned = 76.09 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08072009_225620

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JET9059.tmp not found!

Registry entries deleted on Reboot...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:06 AM, on 8/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Essentials Codec Pack\update.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\IM Magician\Vicamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMMON] "C:\Program Files\IM Magician\Vicamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1c9f670c6d992cc) (gupdate1c9f670c6d992cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10615 bytes

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 PM

Posted 07 August 2009 - 08:31 PM

Hey,

You logs look fine to me now unless you have any other problems we can wrap this up.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#15 gigsaw

gigsaw
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 08 August 2009 - 10:15 AM

wow nice...i'm really grateful to you for your help...i'll take into account everything you have told me and i really learned a lot throughout this process (i'm a newbie when it comes to these kinds of stuff :D) ...thank you for your help once again :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users