Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus most likey, help appreciated.


  • Please log in to reply
22 replies to this topic

#1 Ninco

Ninco

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 25 July 2009 - 10:39 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:58 PM, on 7/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe
C:\WINDOWS\ALCXMNTR.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [CCFile] C:\Program Files\CCFile\ccfile.exe -mini
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Mnb\mbamservice.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11772 bytes

There's the HJT log and I attached it also, mostly my problems are my restore points have been cleared I get an occasional redirect from Google searches and, CDs will not run, auto play won't work double clicking on the icon, it just refuses to work I did a full system scan with trend micro and got rid of a few viruses but the problems prosist.
EDIT: I can't even get virtual drives to works and constantly like eveny half hour I get a Google updater needs to shut down.

Attached Files


Edited by Ninco, 26 July 2009 - 12:51 AM.


BC AdBot (Login to Remove)

 


#2 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 31 July 2009 - 07:48 PM

Ran DDS and here are the logs, I still see my restore points are still there and when my cd rom drive disabled them selves.
===========

Attached Files


Edited by Orange Blossom, 14 August 2009 - 10:26 PM.


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 04 August 2009 - 09:00 PM

Hello Ninco

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 05 August 2009 - 11:10 PM

Thanks for returning my request.
Heres the OTL log file
============================================================
OTL logfile created on: 8/5/2009 7:41:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 365.06 Mb Available Physical Memory | 38.09% Memory free
2.26 Gb Paging File | 1.68 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 85.43 Gb Free Space | 47.91% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.88 Gb Free Space | 10.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 116.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B27FB1C401
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\program files\steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MBAMService [Auto | Stopped]) -- File not found
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NWCWorkstation [Auto | Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Boot | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (PSI_SVC_2 [Auto | Running]) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SfCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TabletServiceWacom [Auto | Running]) -- C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (TMBMServer [Auto | Running]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (bb-run [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (d347bus [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Stopped]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (NWRDR [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (tmactmon [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WUSB54GPV4SRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: {C1A266A0-833C-45F3-9C9B-830642471670}:1.0
FF - prefs.js..extensions.enabledItems: {2DEBDA91-F020-4489-9315-B390F17EB6A7}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{2DEBDA91-F020-4489-9315-B390F17EB6A7}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{2DEBDA91-F020-4489-9315-B390F17EB6A7} [2009/03/24 23:15:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 18:35:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 19:39:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/31 21:32:53 | 00,000,000 | ---D | M]

[2008/11/16 09:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2008/11/16 09:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/03 13:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions
[2009/06/25 20:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/25 14:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/24 10:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/17 15:23:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/03 13:22:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/24 10:17:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/24 22:47:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C1A266A0-833C-45F3-9C9B-830642471670}
[2009/07/24 10:17:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/24 10:17:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/07/24 10:17:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/23 14:22:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/23 14:22:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/23 14:22:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/23 14:22:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/23 14:22:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/23 14:22:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/23 14:22:10 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.37.23 205.152.144.23
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\ITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\ITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 02:15:02 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/09/27 20:30:06 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/04/11 19:21:22 | 00,000,055 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\System32\Shell32.DLL -- [2008/06/17 15:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\navupehu
[2009/08/05 19:41:36 | 00,287,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\p1mnq4k4.exe
[2009/08/05 19:40:18 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/08/03 17:09:03 | 00,457,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-1.RIF
[2009/08/02 03:07:45 | 00,935,408 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-4.RIF
[2009/07/31 20:04:18 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
[2009/07/31 16:38:52 | 00,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Newerth.lnk
[2009/07/31 16:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Heroes of Newerth
[2009/07/31 16:38:29 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/07/31 16:38:29 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/07/31 16:38:28 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/07/31 16:38:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/07/31 16:38:21 | 00,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2009/07/26 13:55:27 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Corel Painter 11.lnk
[2009/07/26 11:23:05 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C032808858.sys
[2009/07/26 11:20:59 | 00,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DEB2E03096.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\874658F2A3.sys
[2009/07/26 11:20:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Corel
[2009/07/26 05:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009/07/26 05:13:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009/07/26 05:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/07/26 05:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/07/26 02:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Autodesk
[2009/07/26 02:16:25 | 75,114,869 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[10] How to Draw Manga - Anime and Game Characters.pdf
[2009/07/26 02:16:21 | 47,976,628 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[1] - How To Draw Manga - Getting Started.pdf
[2009/07/26 02:15:45 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk SketchBookExpress 2010.lnk
[2009/07/26 02:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alias
[2009/07/26 02:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2009/07/26 02:15:02 | 00,000,000 | ---D | C] -- C:\Autodesk
[2009/07/26 02:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\MSSecurityNS
[2009/07/26 02:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\MSSecurityNi
[2009/07/26 01:57:53 | 00,000,362 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/07/26 01:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2009/07/26 01:56:08 | 02,789,672 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
[2009/07/26 01:56:08 | 00,213,288 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2009/07/26 01:56:08 | 00,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2009/07/26 01:56:06 | 00,000,000 | ---D | C] -- C:\Program Files\Tablet
[2009/07/26 01:51:33 | 06,088,464 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CEP-3.0-WacomEdition6.exe
[2009/07/26 01:28:48 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/07/25 23:50:23 | 00,001,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to [EBOOKS - EN] How To Draw Manga - Collection Of Manuals To Learn To Draw Manga.rar.lnk
[2009/07/25 21:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/07/25 20:49:28 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/07/25 20:49:28 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/07/25 20:49:24 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/07/25 20:49:24 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/07/23 17:56:56 | 00,000,000 | ---D | C] -- C:\Program Files\Who Killed Touchfuzzy
[2009/07/21 08:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Temp
[2009/07/12 21:16:08 | 00,201,532 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled-2.jpg
[2009/07/12 21:12:59 | 91,040,768 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled-2.bmp
[2009/07/12 18:00:03 | 00,382,431 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled-1.ai
[2009/07/12 14:51:53 | 00,102,706 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sun.png
[2009/07/10 11:30:17 | 20,573,658 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\scouter.psd
[2009/05/28 19:49:20 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/28 19:49:20 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/30 15:47:58 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/27 17:37:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/03/24 22:52:56 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\woivpq.dll
[2009/01/27 16:51:24 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/01/01 01:37:47 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/14 13:41:26 | 00,001,938 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/12 20:06:56 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008/10/12 20:06:55 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/10/12 13:25:09 | 00,000,114 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/10/02 15:15:54 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/01 12:22:21 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/09/26 14:13:53 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/19 12:58:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/17 16:37:59 | 00,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLAN.INI
[2008/09/17 16:21:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/09/27 20:57:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/27 20:33:17 | 00,014,290 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/27 20:33:11 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/27 20:30:51 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/27 20:26:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/27 20:21:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/27 20:21:10 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/27 20:21:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/27 20:21:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/27 20:21:10 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/27 20:21:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/27 20:15:16 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/27 20:01:34 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/27 19:44:08 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/27 19:39:00 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/27 19:39:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/27 19:38:39 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/21 12:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/10 02:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/17 07:32:38 | 00,000,742 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/16 23:21:56 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/07/27 01:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/19 00:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/08/05 19:41:37 | 00,287,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\p1mnq4k4.exe
[2009/08/05 19:40:27 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/08/05 19:37:41 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D6B5C465-2F41-4944-AE6E-B0A152F9F830}.job
[2009/08/05 19:36:32 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/08/05 19:32:27 | 00,000,362 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/08/05 18:47:00 | 00,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3307622020-4119798536-475401091-1008UA.job
[2009/08/05 18:47:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3307622020-4119798536-475401091-1008Core.job
[2009/08/05 16:41:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 16:41:49 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/05 16:41:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 16:41:47 | 00,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/08/05 16:41:45 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/03 17:09:07 | 00,457,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-1.RIF
[2009/08/03 16:23:57 | 00,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/08/02 03:07:49 | 00,935,408 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-4.RIF
[2009/07/31 20:04:19 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
[2009/07/31 16:38:52 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Newerth.lnk
[2009/07/31 15:59:54 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 13:55:27 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Corel Painter 11.lnk
[2009/07/26 11:23:05 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\C032808858.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\DEB2E03096.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\874658F2A3.sys
[2009/07/26 11:18:25 | 00,150,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/26 11:17:24 | 02,395,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/26 02:15:45 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk SketchBookExpress 2010.lnk
[2009/07/26 01:51:57 | 06,088,464 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CEP-3.0-WacomEdition6.exe
[2009/07/25 23:50:23 | 00,001,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to [EBOOKS - EN] How To Draw Manga - Collection Of Manuals To Learn To Draw Manga.rar.lnk
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/12 21:16:15 | 00,201,532 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled-2.jpg
[2009/07/12 21:15:37 | 91,040,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled-2.bmp
[2009/07/12 18:00:12 | 00,382,431 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled-1.ai
[2009/07/12 14:51:56 | 00,102,706 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sun.png
[2009/07/10 11:30:28 | 20,573,658 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\scouter.psd
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
==================================================================
Here's the Extras
==================================================================
OTL Extras logfile created on: 8/5/2009 7:41:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 365.06 Mb Available Physical Memory | 38.09% Memory free
2.26 Gb Paging File | 1.68 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 85.43 Gb Free Space | 47.91% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.88 Gb Free Space | 10.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 116.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B27FB1C401
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = aol_htm] -- C:\Program Files\AOL\Explorer\AOLExplorer.exe (America Online, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:test
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Common Files\AOL\1221844225\ee\aexplore.exe" = C:\Program Files\Common Files\AOL\1221844225\ee\aexplore.exe:*:Enabled:AOL Explorer -- (America Online, Inc.)
"C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- (IceChat Networks)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1221844225\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1221844225\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\CCFile\ccfile.exe" = C:\Program Files\CCFile\ccfile.exe:*:Enabled:CCFile -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0780F87D-7444-4629-AE5F-40A0FE0A8EEB}" = Adobe WinSoft Linguistics Plugin
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DDF53EB-3AE9-4914-BE12-71567D45EE97}" = Adobe Soundbooth CS4
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{202493A7-848F-4CC0-86B7-CAF0E56CABC3}" = Adobe Flash CS4
"{215F9F71-6948-4C68-86B0-18A7E0072608}" = Adobe Creative Suite 4 Master Collection
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}" = Skins
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{246F1D1E-B87D-4536-A180-A5B53C1EDD0A}" = Adobe Color EU Extra Settings CS4
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}" = Catalyst Control Center Graphics Full Existing
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AEDB6E3-F20F-4BB2-BABC-CA6CB4CB0548}" = Photoshop Camera Raw
"{2BAE6A53-E241-11D5-873A-0050DABC2539}" = Tropico: Paradise Island
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{35073012-47D9-4209-9496-1288A61ACB31}" = Adobe Photoshop CS4 French Language Pack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AD819EE-C122-4D48-A5B5-AA08395D1D8D}" = Pixel Bender Toolkit
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3D959F7A-7417-45FF-8CC4-2092874CC73A}" = Adobe PDF Library Files CS4
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{426187BC-F500-4208-B3C1-96876EE7FA31}" = Autodesk SketchBookExpress 2010
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}" = CCC Help English
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45101400-F9E6-4419-96DF-DA5504BE1995}" = Adobe Color NA Recommended Settings CS4
"{46C63723-D078-497C-BEAC-45574566FCD3}" = Adobe Photoshop CS4 Spanish Language Pack
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{497EE211-41F4-4D5F-B80E-BC364E35F69E}" = Adobe Illustrator CS4
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}" = ccc-core-preinstall
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}" = LightScribe Applications
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5BAB6B11-928A-4BF4-84D9-00975C27EC9A}" = Adobe Fonts All
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BA5D1D2-9CA9-4ED4-9A3D-E2761C5E658E}" = Adobe Version Cue CS4 Client
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D1FDEB2-1B94-440D-A47F-E1FCFEF306E1}" = Adobe SING CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E8A7E5-D520-4C6D-AACE-42B291844611}" = Adobe Media Encoder CS4
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}" = Catalyst Control Center Graphics Full New
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{82BE8CB1-83BB-45A2-9297-C50383642997}" = Adobe Photoshop CS4 Americas
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8CEB34D1-93E3-4D84-8C8C-053224F2347E}" = Adobe Setup
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D6EC7D6-E71D-8743-1396-591F4195F347}" = Catalyst Control Center Graphics Light
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}" = ccc-core-static
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{956293BF-B09A-456C-8A03-7D8ED16230CC}" = REALVIZ Retimer AE 1.1
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{958DE2C2-76FD-4233-8101-E7490D0B5388}" = Adobe Contribute CS4
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EE4F37D-4D8E-4C64-BDE7-7AF4E6B073B5}" = Adobe Type Support CS4
"{9F70CBBA-CD1F-4A0B-B6FF-5CD386D3DA38}" = Adobe Photoshop CS4 Core_Americas
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B154669F-B133-40F7-A60E-84F6CF552AC0}" = Adobe Color JA Extra Settings CS4
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B38C3184-F573-CDC2-9452-FA9C576AB010}" = ccc-utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B61B97BC-8D02-4EF2-8D08-B2C1D7780B78}" = Adobe Premiere Pro CS4
"{B6796EFD-74AA-4681-BBE9-914CBE493BBD}" = Adobe Premiere Pro CS4 Functional Content
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B80E75FF-8536-471C-8785-E6AA7589D56C}" = Adobe Bridge CS4
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8495498-94D9-4A4D-9621-D38E4A4C42D1}" = Adobe Photoshop CS4 English Language Pack
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9803C44-643C-4971-AF4B-3A3699CD15DA}" = Adobe Anchor Service CS4
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAFB99AE-21B7-4312-8FE5-00B52F68D492}" = Adobe Dreamweaver CS4
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD5FBF44-D159-40E3-BCFF-AD53EA62024A}" = Adobe Update Manager CS4
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB30938E-2BCE-4837-9FEB-EB5DAB000235}" = LucisArt 3 ED/SE
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3E7D4EB-88F8-46B3-A351-764FB032B8BD}" = Adobe Asset Services CS4
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D54193B7-D2DF-4977-B546-86CA48DB214E}" = HP Tunes
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}" = Catalyst Control Center Graphics Previews Common
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}" = Catalyst Control Center Core Implementation
"{E3B74363-FC8C-414A-9AD2-14793D4FAE8B}" = Adobe Setup
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E601DEAD-6E69-4FE1-B880-557546FA36AC}" = Adobe Fireworks CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8641B55-68D5-4FF9-978C-A6D686F8EAA0}" = Adobe CMaps CS4
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F17A1B97-B7F4-4AA4-AE62-DC542CB6929D}" = Adobe Device Central CS4
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE303F39-4518-4E30-8BC8-B8455EFB7A1F}" = Adobe ExtendScript Toolkit CS4
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1280194E-E9D5-4253-95E7-40169E2A4848" = Flip Words from HP Media Center (remove only)
"133F647D-B454-42BC-ADBE-387482A29B88" = Swarm from HP Media Center (remove only)
"1B497FAA-E53E-420D-8408-FFDD3278CD50" = Blasterball 2 Holidays from HP Media Center (remove only)
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"2BA80327-9385-4EC8-9796-47C49BD73352" = SCRABBLE Blast from HP Media Center (remove only)
"321Soft Screen Video Recorder_is1" = 321Soft Screen Video Recorder 1.05
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"A51671BD-9BE5-4944-AC62-A2A0B6FF5E54" = Digby's Donuts from HP Media Center (remove only)
"A73FAC36-8925-465D-8FA2-4DA98BD9B441" = Jewel Quest from HP Media Center (remove only)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5ce12792d69ad91450a3d14129f0cd0" = Pixel Bender Toolkit
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_b1fafb207d1a9de3cd10ebc160a04e6" = Add or Remove Adobe Creative Suite 4 Master Collection
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B68BB501-10CD-46E2-BB45-075A2ABFD242" = FATE Demo from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"Canon MP970 series User Registration" = Canon MP970 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Color Efex Pro 3.0 Wacom Edition 6" = Color Efex Pro 3.0 Wacom Edition 6
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"D77E8A46-BEB4-49ED-B2D3-B77180169FA3" = Big Kahuna Reef from HP Media Center (remove only)
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"Easy GIF Animator_is1" = Easy GIF Animator 4.8
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EC03679F-C9F0-46E8-864D-FCCF83F4EB86" = SCRABBLE Rack Attack from HP Media Center (remove only)
"EPSON Scanner" = EPSON Scan
"GenArts Sapphire Plug-ins Version 1.061 for After Effects" = GenArts Sapphire Plug-ins Version 1.061 for After Effects
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"Keylight (1.0v4) for Adobe After Effects" = Keylight (1.0v4) for Adobe After Effects
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Magic Swf2Gif_is1" = Magic Swf2Gif 1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PS2" = PS2
"PunkBusterSvc" = PunkBuster Services
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"Steam App 1522" = Defcon Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"SystemRequirementsLab" = System Requirements Lab
"Test Gear" = Test Gear
"Tiffen Dfx v1.0 for After Effects (Team V.R Private Edition)" = Tiffen Dfx v1.0 for After Effects (Team V.R Private Edition)
"Tinderbox3 2.1v4 for After Effects CS3_is1" = Tinderbox3 2.1v4 for After Effects CS3
"Tinderbox4 2.1v4 for After Effects CS3_is1" = Tinderbox4 2.1v4 for After Effects CS3
"vgif" = NSIS vgif
"VideoAvatar_is1" = VideoAvatar
"VidGIF_is1" = VidGIF
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VIZFXAE10" = Intergraph ViZfx AE
"Wacom Tablet Driver" = Wacom Tablet
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.7
"Zbig V3 DEMO AEX-Plug-Ins" = Zbig V3 DEMO AEX-Plug-Ins

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Shoddy Battle" = Shoddy Battle

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2009 6:47:02 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/2/2009 6:47:02 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/2/2009 7:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/2/2009 8:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/2/2009 9:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/2/2009 11:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/3/2009 1:47:01 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/3/2009 2:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/3/2009 3:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/3/2009 4:47:00 PM | Computer Name = YOUR-B27FB1C401 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

[ System Events ]
Error - 7/7/2009 11:07:34 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 7/7/2009 11:07:34 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 7/8/2009 8:31:04 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 7/8/2009 8:31:04 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 7/8/2009 11:49:58 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 7/8/2009 11:49:58 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 7/9/2009 12:52:23 PM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 7/9/2009 12:52:23 PM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 7/12/2009 10:22:56 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 7/12/2009 10:22:56 AM | Computer Name = YOUR-B27FB1C401 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus


< End of report >
==================================================================
Here's the GMER log
==================================================================
GMER 1.0.15.15011 [p1mnq4k4.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 23:48:24
Windows 5.1.2600 Service Pack 3


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}\Version 1.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1444] 0x011C0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x11 0x47 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x11 0x47 0x49 ...
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [560] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1532] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1572] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1632] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1676] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2016] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3512] 0x10000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x0C 0xC2 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x0C 0xC2 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x0C 0xC2 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x5F 0x22 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDE 0x2D 0xA9 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDE 0x2D 0xA9 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDE 0x2D 0xA9 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xAB 0x16 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xAB 0xC2 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xAB 0xC2 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs@CTE_32 Name 2454841:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 860400F3
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 860401EB
.text ntkrnlpa.exe!ZwSaveKey 80500D68 5 Bytes JMP 8603F192
.text ntkrnlpa.exe!ZwSaveKeyEx 80500D7C 5 Bytes JMP 8603EFDA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8603F3CC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8603F564

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}\Version 1.1@dat 806585365:{6530878D-03DC-4E10-319E-0D7801C603CB}

---- Devices - GMER 1.0.15 ----

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85B6E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85B6E500
Device \Driver\NetBT \Device\NetBt_Wins_Export 85C50500
Device \Driver\NetBT \Device\NetbiosSmb 85C50500
Device \Driver\NetBT \Device\NetBT_Tcpip_{C7924A1F-AB91-4FBB-AA8D-1180FD5A8BEC} 85C50500
Device \FileSystem\Cdfs \Cdfs 85D0A500
Device \Driver\USBSTOR \Device\00000082 85FC1408
Device \Driver\USBSTOR \Device\00000083 85FC1408
Device \Driver\USBSTOR \Device\00000084 85FC1408
Device \Driver\USBSTOR \Device\00000085 85FC1408
Device \Driver\USBSTOR \Device\00000086 85FC1408
Device \FileSystem\Fastfat \FatCdrom 861FF1F8
Device \FileSystem\Fastfat \Fat 861FF1F8
Device \Driver\a4s9yekt \Device\Scsi\a4s9yekt1Port4Path0Target0Lun0 8623B1F8
Device \Driver\a4s9yekt \Device\Scsi\a4s9yekt1 8623B1F8
Device \Driver\a4s9yekt \Device\Scsi\a4s9yekt1Port4Path0Target1Lun0 8623B1F8
Device \Driver\Cdrom \Device\CdRom1 862841F8
Device \Driver\usbehci \Device\USBPDO-2 86291500
Device \Driver\usbehci \Device\USBFDO-2 86291500
Device \FileSystem\Ntfs \Ntfs 867661F8

---- System - GMER 1.0.15 ----

INT 0xB4 ? 86767BF8
INT 0xB4 ? 86767BF8
INT 0xB4 ? 86767BF8
INT 0xB4 ? 86767BF8
INT 0x73 ? 86768BF8
INT 0x82 ? 86768BF8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 867691F8
Device \Driver\dmio \Device\DmControl\DmConfig 867691F8
Device \Driver\dmio \Device\DmControl\DmPnP 867691F8
Device \Driver\dmio \Device\DmControl\DmInfo 867691F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 867D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867D71F8
Device \Driver\Ftdisk \Device\FtControl 867D71F8
Device \Driver\usbohci \Device\USBPDO-0 867D91F8
Device \Driver\usbohci \Device\USBPDO-1 867D91F8
Device \Driver\usbohci \Device\USBFDO-0 867D91F8
Device \Driver\usbohci \Device\USBFDO-1 867D91F8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7371040] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73710BE] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F737113C] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73716D2] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73717FC] spqo.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7381048] spqo.sys

---- Services - GMER 1.0.15 ----

Service system32\drivers\TDSSquyl.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACfdkkaojuma.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACfdkkaojuma.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACfdkkaojuma.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqgvwoenrer.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqgvwoenrer.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACsvfwkbauxo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACyyuiamtnmx.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACyyuiamtnmx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSquyl.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSquyl.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSquyl.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSquyl.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSquyl.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSquyl.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACfdkkaojuma.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACfdkkaojuma.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSarxp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSarxp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSarxp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSbwca.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSbwca.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSbwca.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfmn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfmn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfmn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSdbyt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSdbyt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSdbyt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSjpdq.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSjpdq.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSjpdq.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSkity.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSkity.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSkity.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSwvhc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSwvhc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSwvhc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwxee.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwxee.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwxee.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyb.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyb.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyb.log

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

---- Kernel code sections - GMER 1.0.15 ----

.text USBPORT.SYS!DllUnload F5F678AC 5 Bytes JMP 867671D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Code 860400EE IofCallDriver
Code 860401E6 IofCompleteRequest

Device \Driver\sptd \Device\219571132 spqo.sys
Device \Driver\PCI_PNP9882 \Device\0000005f spqo.sys

---- Kernel code sections - GMER 1.0.15 ----

? spqo.sys The system cannot find the file specified. !

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Code 8603F560 ZwEnumerateKey
Code 8603F3C8 ZwFlushInstructionCache
Code 8603F18D ZwSaveKey
Code 8603EFD5 ZwSaveKeyEx

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{B4448E04-E491-2A6A-9121-5BF4836C6F8C}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{B4448E04-E491-2A6A-9121-5BF4836C6F8C}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{B4448E04-E491-2A6A-9121-5BF4836C6F8C}\Install\xga-1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{B4448E04-E491-2A6A-9121-5BF4836C6F8C}\Install\xga-1\dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{B4448E04-E491-2A6A-9121-5BF4836C6F8C}\Install\xga-1\dat@default 516231512:{1B9D55D5-C91B-6450-1D22-54F1192CB72B}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}\Version 3.x
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}\Version 3.x@dat 1767914624:{CAB8ED43-2695-6FEB-5E83-578190CFB1FF}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\UAC90f0.tmp 343040 bytes executable
File C:\Program Files\Trend Micro\Internet Security\TmpxTmp\htt38.tmp (size mismatch) 19988464/19923124 bytes executable
File C:\WINDOWS\system32\drivers\UACfdkkaojuma.sys 55296 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\uacinit.dll 6805 bytes
File C:\WINDOWS\system32\UACqgvwoenrer.dll 27136 bytes executable
File C:\WINDOWS\system32\UACsvfwkbauxo.dll 74240 bytes executable
File C:\WINDOWS\system32\UACyyuiamtnmx.dat 5841 bytes

---- EOF - GMER 1.0.15 ----

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 06 August 2009 - 06:43 AM

One or more of the identified infections is a backdoor trojan or rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

===========================
First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.


Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 07 August 2009 - 04:54 PM

Thank you for the reply but i won't be at my computer till around Sunday or Monday.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 07 August 2009 - 05:59 PM

Ok not a problem.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 August 2009 - 04:50 PM

Ok here is the Combofix log, :D
ComboFix 09-08-10.01 - HP_Administrator 08/10/2009 17:08.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.538 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\program files\Mozilla Firefox\extensions\{C1A266A0-833C-45F3-9C9B-830642471670}
c:\recycler\S-1-5-21-3345451520-2855921728-3480845791-1008
c:\windows\system32\drivers\TDSSquyl.sys
c:\windows\system32\drivers\UACfdkkaojuma.sys
c:\windows\system32\TDSSarxp.dll
c:\windows\system32\TDSSbwca.dll
c:\windows\system32\TDSScfmn.dll
c:\windows\system32\TDSSdbyt.dll
c:\windows\system32\TDSSjpdq.log
c:\windows\system32\TDSSkity.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSwvhc.dll
c:\windows\system32\TDSSwxee.dat
c:\windows\system32\TDSSxhyb.log
c:\windows\system32\UACqgvwoenrer.dll
c:\windows\system32\UACsvfwkbauxo.dll
c:\windows\system32\UACyyuiamtnmx.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2069-11-22 20:48 . 2005-11-30 21:06 7254894 ----a-w- c:\documents and settings\HP_Administrator\speed.exe
2069-11-22 20:48 . 2005-11-15 14:56 380928 ----a-r- c:\documents and settings\HP_Administrator\server.dll
2009-08-06 00:53 . 2009-08-06 00:53 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Wildtangent
2009-08-06 00:52 . 2009-08-06 04:01 -------- d-----w- c:\windows\wt
2009-07-31 20:38 . 2008-10-10 08:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-31 20:38 . 2008-10-10 08:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-31 20:38 . 2008-10-10 08:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-31 20:38 . 2009-07-31 20:38 -------- d-----w- c:\windows\Logs
2009-07-31 20:38 . 2009-07-31 20:38 -------- d-----w- c:\program files\Heroes of Newerth
2009-07-26 15:20 . 2009-07-26 15:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Corel
2009-07-26 09:14 . 2009-07-26 09:14 -------- d-----w- c:\program files\Common Files\Corel
2009-07-26 09:13 . 2009-08-02 06:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Corel
2009-07-26 09:13 . 2009-07-26 09:13 -------- d-----w- c:\program files\Common Files\Protexis
2009-07-26 09:12 . 2009-07-26 09:12 -------- d-----w- c:\program files\Corel
2009-07-26 06:16 . 2009-07-26 06:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Autodesk
2009-07-26 06:15 . 2009-07-26 06:15 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Alias
2009-07-26 06:15 . 2009-07-26 06:15 -------- d-----w- c:\program files\Autodesk
2009-07-26 06:15 . 2009-07-26 06:15 -------- d-----w- C:\Autodesk
2009-07-26 06:14 . 2009-07-26 06:14 -------- d-----w- c:\windows\MSSecurityNS
2009-07-26 06:14 . 2009-07-26 06:14 -------- d-----w- c:\windows\MSSecurityNi
2009-07-26 05:57 . 2009-07-26 15:17 150048 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 05:57 . 2009-08-10 21:25 362 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2009-07-26 05:56 . 2009-07-26 05:56 -------- d-----w- c:\windows\system32\WTablet
2009-07-26 05:56 . 2009-03-26 21:15 2789672 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2009-07-26 05:56 . 2009-03-26 20:40 213288 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2009-07-26 05:56 . 2009-03-26 20:10 172840 ----a-w- c:\windows\system32\Wintab32.dll
2009-07-26 05:56 . 2009-07-26 06:09 -------- d-----w- c:\program files\Tablet
2009-07-26 05:28 . 2009-07-26 05:28 -------- d-----w- c:\program files\MagicISO
2009-07-26 01:34 . 2009-07-26 01:34 -------- d-----w- c:\windows\system32\Adobe
2009-07-26 00:49 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-26 00:49 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-26 00:49 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-26 00:49 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-07-25 17:50 . 2009-08-10 19:25 6462 ----a-w- c:\windows\system32\uacinit.dll
2009-07-23 21:56 . 2009-07-23 22:01 -------- d-----w- c:\program files\Who Killed Touchfuzzy
2009-07-21 12:47 . 2009-07-21 12:47 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 21:26 . 2008-11-13 19:34 -------- d-----w- c:\program files\Steam
2009-08-10 19:22 . 2008-09-20 17:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IceChat
2009-08-06 00:54 . 2005-09-28 00:15 -------- d-----w- c:\program files\WildTangent
2009-08-06 00:50 . 2008-09-26 17:56 -------- d-----w- c:\program files\Electronic Arts
2009-08-06 00:48 . 2009-07-26 15:20 2776 --sha-w- c:\docume~1\ALLUSE~1\APPLIC~1\KGyGaAvL.sys
2009-08-06 00:48 . 2009-08-06 00:48 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\EE0288C097.sys
2009-08-06 00:48 . 2009-08-06 00:48 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\740FBA2E54.sys
2009-08-06 00:46 . 2009-08-06 00:46 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\0AE6D9F6EA.sys
2009-08-06 00:46 . 2009-08-06 00:37 88 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\8BE231EBF5.sys
2009-08-06 00:45 . 2009-08-06 00:45 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\2F29456AE0.sys
2009-08-06 00:44 . 2009-08-06 00:44 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\074110C59C.sys
2009-08-06 00:42 . 2009-08-06 00:42 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\C983549217.sys
2009-08-06 00:42 . 2009-08-06 00:42 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\DCE0AC8432.sys
2009-08-06 00:39 . 2009-08-06 00:39 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\46F8AB8E03.sys
2009-08-06 00:38 . 2009-08-06 00:38 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\0F6564DC45.sys
2009-08-06 00:38 . 2009-08-06 00:38 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\07F088842A.sys
2009-08-01 23:54 . 2009-01-27 20:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CanonIJPLM
2009-08-01 01:32 . 2009-01-17 21:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-07-31 20:01 . 2009-02-17 22:13 -------- d-----w- c:\program files\AoA Audio Extractor
2009-07-26 15:23 . 2009-07-26 15:23 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\C032808858.sys
2009-07-26 15:20 . 2009-07-26 15:20 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\DEB2E03096.sys
2009-07-26 15:20 . 2009-07-26 15:20 8 --sh--r- c:\docume~1\ALLUSE~1\APPLIC~1\874658F2A3.sys
2009-07-26 15:18 . 2008-09-19 19:27 150048 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 09:08 . 2008-09-26 16:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-07-26 01:07 . 2005-09-27 23:47 -------- d-----w- c:\program files\Java
2009-07-26 00:55 . 2005-09-28 00:42 -------- d-----w- c:\program files\Google
2009-07-06 00:04 . 2009-03-01 17:50 149256 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2004-08-10 19:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 17:44 . 2009-06-14 17:44 -------- d-----w- c:\program files\GIMP-2.0
2009-06-13 14:00 . 2009-06-13 14:00 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Microsoft WSE
2009-06-13 13:47 . 2005-09-27 23:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 05:43 . 2009-06-13 05:43 -------- d-----w- c:\program files\iTunes
2009-06-13 05:43 . 2009-06-13 05:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-13 05:43 . 2009-06-13 05:43 -------- d-----w- c:\program files\iPod
2009-06-13 05:42 . 2008-10-02 19:18 -------- d-----w- c:\program files\Bonjour
2009-06-13 05:41 . 2008-09-19 18:14 -------- d-----w- c:\program files\QuickTime
2009-06-13 05:41 . 2005-09-28 00:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-06-13 05:40 . 2009-06-13 05:40 -------- d-----w- c:\program files\Apple Software Update
2009-06-13 05:39 . 2009-06-13 05:39 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 05:39 . 2009-06-13 05:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-06-03 19:09 . 2004-08-10 19:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 08:02 . 2009-04-03 21:22 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 08:00 . 2009-04-03 21:22 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 07:45 . 2009-04-03 21:22 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-03-25 02:52 . 2009-03-25 02:52 124928 --sha-w- c:\windows\system32\woivpq.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-04-03 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-28 180269]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-04-03 492808]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\1221844225\\ee\\aexplore.exe"=
"c:\\Program Files\\IceChat7\\IceChat7.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1221844225\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [7/26/2009 1:56 AM 2789672]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [4/3/2009 5:22 PM 36368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/2/2009 4:27 PM 15504]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [4/3/2009 5:22 PM 335376]
S2 MBAMService;MBAMService;"c:\program files\Mnb\mbamservice.exe" --> c:\program files\Mnb\mbamservice.exe [?]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/3/2009 5:28 PM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [4/3/2009 5:29 PM 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [4/3/2009 5:29 PM 677128]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/2/2009 4:27 PM 38496]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\docume~1\HP_ADM~1\APPLIC~1\Mozilla\Firefox\Profiles\poh7rdcr.default\
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: XUL Cache: {2DEBDA91-F020-4489-9315-B390F17EB6A7} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{2DEBDA91-F020-4489-9315-B390F17EB6A7}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3307622020-4119798536-475401091-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454841:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}\Version 1.1]
@DACL=
"dat"="806585365:{6530878D-03DC-4E10-319E-0D7801C603CB}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454862:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{B4448E04-E491-2A6A-9121-5BF4836C6F8C}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516231512:{1B9D55D5-C91B-6450-1D22-54F1192CB72B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{A7D9D647-4A5A-2780-F260-D8371BAE47F9}\Version 3.x]
@DACL=
"dat"="1767914624:{CAB8ED43-2695-6FEB-5E83-578190CFB1FF}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{E7EB038D-6FFE-32C7-5E05-09E5212358E1}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923715495:{5F35115D-36F1-5415-6066-0D40A0183977}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{3AEDF414-9CA9-5E4F-7074-BB03CCDAAED9}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522227:{1FE20483-DC6C-40EF-83F7-4D18F25495C4}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="9:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1188)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-10 17:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 21:32

Pre-Run: 95,985,954,816 bytes free
Post-Run: 95,849,766,912 bytes free

Current=1 Default=1 Failed=4 LastKnownGood=2 Sets=,1,2,3,4
332 --- E O F --- 2009-07-31 21:54

Attached Files



#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 11 August 2009 - 06:46 AM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

c:\docume~1\ALLUSE~1\APPLIC~1\07F088842A.sys
c:\docume~1\ALLUSE~1\APPLIC~1\46F8AB8E03.sys
c:\docume~1\ALLUSE~1\APPLIC~1\C983549217.sys

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 11 August 2009 - 02:25 PM

They both found nothing with the above files should I "worry" but I have to say after combo fix ran, my main symptoms went away, no more redirects, and I can run my more intensive programs without blue screening and, I can use my CD drives again.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 11 August 2009 - 04:25 PM

No it's almost over I would like to run a couple more scans to double check but we are almost there. :thumbup2:

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=================
Please perform the following online scan:

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 11 August 2009 - 09:35 PM

ESET Log
====================================================
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqgvwoenrer.dll.vir Win32/Olmarik.IJ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsvfwkbauxo.dll.vir Win32/Olmarik.KI trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACfdkkaojuma.sys.vir Win32/Olmarik.JR trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\woivpq.dll a variant of Win32/Kryptik.OG trojan cleaned by deleting - quarantined
====================================================
MBAM Log
====================================================
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

8/11/2009 10:31:28 PM
mbam-log-2009-08-11 (22-31-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 313435
Time elapsed: 1 hour(s), 42 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 12 August 2009 - 06:34 AM

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 Ninco

Ninco
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 12 August 2009 - 03:22 PM

OTL logfile created on: 8/12/2009 4:21:24 PM - Run 3
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 391.19 Mb Available Physical Memory | 40.81% Memory free
2.26 Gb Paging File | 1.68 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 89.06 Gb Free Space | 49.95% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.88 Gb Free Space | 10.96% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B27FB1C401
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\program files\steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\IceChat7\IceChat7.exe (IceChat Networks)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MBAMService [Auto | Stopped]) -- File not found
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Boot | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (PSI_SVC_2 [Auto | Running]) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SfCtlCom [Auto | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TabletServiceWacom [Auto | Running]) -- C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (TMBMServer [Auto | Stopped]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [Auto | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy [Auto | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- File not found
SRV - (spupdsvc [Auto | Stopped]) -- C:\WINDOWS\System32\spupdsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (bb-run [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (d347bus [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Stopped]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (NWRDR [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (tmactmon [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WUSB54GPV4SRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: {2DEBDA91-F020-4489-9315-B390F17EB6A7}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{2DEBDA91-F020-4489-9315-B390F17EB6A7}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{2DEBDA91-F020-4489-9315-B390F17EB6A7} [2009/03/24 23:15:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 18:35:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 21:23:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/10 21:23:10 | 00,000,000 | ---D | M]

[2008/11/16 09:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2008/11/16 09:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/10 21:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions
[2009/06/25 20:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/25 14:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/24 10:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/17 15:23:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\poh7rdcr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/10 17:44:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/10 21:23:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/10 21:23:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/10 21:23:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/08/10 21:23:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/13 01:41:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/23 14:22:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/23 14:22:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/23 14:22:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/23 14:22:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/23 14:22:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/23 14:22:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/23 14:22:10 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.37.23 205.152.144.23
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\ITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\ITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 02:15:02 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/09/27 20:30:06 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\navupehu
[2009/08/12 16:19:09 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2009/08/12 15:43:27 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 15:43:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/11 17:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/08/11 17:31:17 | 02,668,240 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2009/08/11 15:17:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/11 15:16:55 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/10 21:48:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009/08/10 21:47:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009/08/10 21:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/08/10 17:44:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/10 17:33:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/10 17:32:13 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/10 17:32:13 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/10 17:32:13 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/10 17:32:13 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/10 17:32:13 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/10 17:32:13 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/10 17:32:13 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/10 17:32:13 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/10 17:32:13 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/10 17:32:13 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/10 17:32:13 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/10 17:32:13 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/10 17:32:13 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/10 17:32:13 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/10 17:32:13 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/10 17:32:13 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/10 17:32:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/10 17:32:13 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/10 17:32:13 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/10 17:32:13 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/10 17:32:13 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/10 17:32:13 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/10 17:32:13 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/10 17:32:13 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/10 17:32:13 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/10 17:32:13 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/10 17:32:13 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/10 17:32:13 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/10 17:32:13 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/10 17:32:13 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/10 17:32:13 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/10 17:32:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/10 17:32:13 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/10 17:32:13 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/10 17:32:13 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/10 17:32:13 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/10 17:32:13 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/10 17:32:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/10 17:32:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/10 17:32:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/10 17:32:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/10 17:32:13 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/10 17:32:13 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/10 17:32:13 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/10 17:32:13 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/10 17:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/10 15:29:30 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/10 15:29:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/10 15:29:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/10 15:29:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/10 15:29:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/10 15:29:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/10 15:29:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/10 15:29:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/10 15:29:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/10 15:29:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/05 20:53:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wildtangent
[2009/08/05 20:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\wt
[2009/08/05 20:48:07 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\EE0288C097.sys
[2009/08/05 20:48:06 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\740FBA2E54.sys
[2009/08/05 20:46:05 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0AE6D9F6EA.sys
[2009/08/05 20:45:29 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2F29456AE0.sys
[2009/08/05 20:44:38 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\074110C59C.sys
[2009/08/05 20:42:42 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C983549217.sys
[2009/08/05 20:42:06 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DCE0AC8432.sys
[2009/08/05 20:39:38 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\46F8AB8E03.sys
[2009/08/05 20:38:03 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0F6564DC45.sys
[2009/08/05 20:38:02 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\07F088842A.sys
[2009/08/05 20:37:58 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8BE231EBF5.sys
[2009/08/05 05:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 17:09:03 | 00,457,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-1.RIF
[2009/08/02 03:07:45 | 00,935,408 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-4.RIF
[2009/07/31 16:38:52 | 00,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Newerth.lnk
[2009/07/31 16:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Heroes of Newerth
[2009/07/31 16:38:29 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/07/31 16:38:29 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/07/31 16:38:28 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/07/31 16:38:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/07/31 16:38:21 | 00,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2009/07/26 13:55:27 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Corel Painter 11.lnk
[2009/07/26 11:23:05 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C032808858.sys
[2009/07/26 11:20:59 | 00,002,776 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DEB2E03096.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\874658F2A3.sys
[2009/07/26 11:20:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Corel
[2009/07/26 05:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/07/26 02:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Autodesk
[2009/07/26 02:16:25 | 75,114,869 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[10] How to Draw Manga - Anime and Game Characters.pdf
[2009/07/26 02:16:21 | 47,976,628 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[1] - How To Draw Manga - Getting Started.pdf
[2009/07/26 02:15:45 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk SketchBookExpress 2010.lnk
[2009/07/26 02:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alias
[2009/07/26 02:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2009/07/26 02:15:02 | 00,000,000 | ---D | C] -- C:\Autodesk
[2009/07/26 02:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\MSSecurityNS
[2009/07/26 02:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\MSSecurityNi
[2009/07/26 01:57:53 | 00,000,362 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/07/26 01:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2009/07/26 01:56:08 | 02,789,672 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
[2009/07/26 01:56:08 | 00,213,288 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2009/07/26 01:56:08 | 00,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2009/07/26 01:56:06 | 00,000,000 | ---D | C] -- C:\Program Files\Tablet
[2009/07/26 01:51:33 | 06,088,464 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CEP-3.0-WacomEdition6.exe
[2009/07/26 01:28:48 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/07/25 23:50:23 | 00,001,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to [EBOOKS - EN] How To Draw Manga - Collection Of Manuals To Learn To Draw Manga.rar.lnk
[2009/07/25 21:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/07/25 20:49:28 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/07/25 20:49:28 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/07/25 20:49:24 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/07/25 20:49:24 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/07/25 13:50:21 | 00,006,462 | ---- | C] () -- C:\WINDOWS\System32\uacinit.dll
[2009/07/23 17:56:56 | 00,000,000 | ---D | C] -- C:\Program Files\Who Killed Touchfuzzy
[2009/07/21 08:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Temp
[2009/07/17 15:01:06 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/05/28 19:49:20 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/28 19:49:20 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/30 15:47:58 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/27 17:37:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/01/27 16:51:24 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/01/01 01:37:47 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/14 13:41:26 | 00,001,938 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/12 20:06:56 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008/10/12 20:06:55 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/10/12 13:25:09 | 00,000,114 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/10/02 15:15:54 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/01 12:22:21 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/09/26 14:13:53 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/19 12:58:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/17 16:37:59 | 00,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLAN.INI
[2008/09/17 16:21:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/09/27 20:57:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/27 20:33:17 | 00,014,290 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/27 20:33:11 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/27 20:30:51 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/27 20:26:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/27 20:21:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/27 20:21:10 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/27 20:21:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/27 20:21:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/27 20:21:10 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/27 20:21:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/27 20:15:16 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/27 20:01:34 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/27 19:44:08 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/27 19:39:00 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/27 19:39:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/27 19:38:39 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/21 12:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/10 02:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/17 07:32:38 | 00,000,742 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/16 23:21:56 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/07/27 01:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/19 00:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/08/12 16:19:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2009/08/12 16:00:03 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/08/12 15:49:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 15:48:24 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D6B5C465-2F41-4944-AE6E-B0A152F9F830}.job
[2009/08/12 15:44:17 | 00,000,362 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/08/12 15:41:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/12 15:41:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/12 15:41:30 | 00,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/08/12 15:41:29 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 17:31:40 | 02,668,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2009/08/11 16:10:21 | 00,002,776 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/08/10 17:26:11 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/10 17:25:34 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/10 15:25:04 | 00,006,462 | ---- | M] () -- C:\WINDOWS\System32\uacinit.dll
[2009/08/10 15:12:57 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/05 20:48:07 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\EE0288C097.sys
[2009/08/05 20:48:06 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\740FBA2E54.sys
[2009/08/05 20:46:05 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\8BE231EBF5.sys
[2009/08/05 20:46:05 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0AE6D9F6EA.sys
[2009/08/05 20:45:29 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\2F29456AE0.sys
[2009/08/05 20:44:38 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\074110C59C.sys
[2009/08/05 20:42:42 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\C983549217.sys
[2009/08/05 20:42:06 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\DCE0AC8432.sys
[2009/08/05 20:39:38 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\46F8AB8E03.sys
[2009/08/05 20:38:03 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0F6564DC45.sys
[2009/08/05 20:38:02 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\07F088842A.sys
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 17:09:07 | 00,457,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-1.RIF
[2009/08/02 03:07:49 | 00,935,408 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Untitled-4.RIF
[2009/07/31 16:38:52 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Heroes of Newerth.lnk
[2009/07/31 15:59:54 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 18:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/26 13:55:27 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Corel Painter 11.lnk
[2009/07/26 11:23:05 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\C032808858.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\DEB2E03096.sys
[2009/07/26 11:20:59 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\874658F2A3.sys
[2009/07/26 11:18:25 | 00,150,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/26 11:17:24 | 02,395,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/26 02:15:45 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk SketchBookExpress 2010.lnk
[2009/07/26 01:51:57 | 06,088,464 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CEP-3.0-WacomEdition6.exe
[2009/07/25 23:50:23 | 00,001,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to [EBOOKS - EN] How To Draw Manga - Collection Of Manuals To Learn To Draw Manga.rar.lnk
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/07/17 15:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
< End of report >

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 12 August 2009 - 05:32 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- File not found
    [2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\navupehu
    [2009/08/10 15:25:04 | 00,006,462 | ---- | M] () -- C:\WINDOWS\System32\uacinit.dll
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply and let me know how things are running?

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users