Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

worm


  • This topic is locked This topic is locked
8 replies to this topic

#1 CRANSTON

CRANSTON

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 02 December 2009 - 09:17 PM

computer began displaying multiple pop ups from an anti virus program stating that i must download and pay for the neccesary software to repair an attack.
computer was shut down and rebooted then i was prompted to perform a system recovery. system recovery was performed. the recovery restore date was only available for the current date. upon completion, all of my documents were missing and empty, microsoft office and several other programs were missing and my printer was removed.

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 19:13:37.07 on Wed 12/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.95 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\sslaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: {04EA18E0-D7CD-424C-8BA4-6FE9315FC880} = 68.28.186.91 68.28.178.91
Notify: igfxcui - igfxsrvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NAVENG.Sys [2005-2-17 72712]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NavEx15.Sys [2005-2-17 629544]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-8-16 99200]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

=============== Created Last 30 ================

2009-12-03 00:45:27 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-01 03:05:47 154 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2009-11-30 13:27:10 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-30 13:27:10 1409 ----a-w- c:\windows\QTFont.for
2009-11-30 13:26:15 0 d-sh--r- C:\cmdcons
2009-11-29 04:00:18 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-29 04:00:18 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-29 03:56:03 0 d-----w- c:\windows\system32\Lang
2009-11-29 03:55:59 94208 ----a-w- c:\windows\system32\igfxcpl.cpl
2009-11-29 03:55:51 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-11-29 03:55:23 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-11-29 03:55:17 1850 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PS583AA-ABA a1020n_YC_0Pavi_QCNH516_E52NAheBLU1_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXH2_L409_M504_J200_7Intel_8Pentium 4_93.06_#050622_N10EC8139_Z11C1048C_G80862582.MRK
2009-11-29 03:54:54 0 d-----w- c:\docume~1\hp_owner\applic~1\Symantec
2009-11-29 03:53:10 0 d-----w- c:\windows\system32\RTCOM
2009-11-29 03:50:03 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2009-11-29 03:50:01 324608 ----a-w- c:\windows\system32\hpojwia.dll
2009-11-29 03:50:01 18411 ----a-w- c:\windows\system32\hpo5500a.aio
2009-11-29 03:50:01 18411 ----a-w- c:\windows\system32\hpo5400a.aio
2009-11-29 03:50:00 18411 ----a-w- c:\windows\system32\hpo5300a.aio
2009-11-29 03:49:59 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2009-11-29 03:49:58 207360 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-11-29 02:35:50 0 d-sh--r- c:\windows\system32\dllcache
2009-11-29 02:07:51 296462 ----a-w- c:\windows\~DF2638.tmp

==================== Find3M ====================

2009-12-01 03:11:03 3645 ----a-w- c:\windows\viassary-hp.reg
2005-07-22 17:06:40 38773329 -c--a-w- c:\program files\aP4.1_Full_4.1.3.1_586.exe
2005-07-22 14:20:49 15694117 -c--a-w- c:\program files\coolStyles_1_V4.2.exe

============= FINISH: 19:14:10.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:56 PM

Posted 16 December 2009 - 11:33 AM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
Thanks

unite.jpg


#3 CRANSTON

CRANSTON
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 18 December 2009 - 09:10 PM

OTL logfile created on: 12/18/2009 7:51:00 PM - Run 2
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.30 Mb Total Physical Memory | 131.07 Mb Available Physical Memory | 26.04% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.09% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.70 Gb Total Space | 160.59 Gb Free Space | 89.87% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 2.17 Gb Free Space | 28.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/18 19:46:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL(2).exe
PRC - [2009/12/17 07:23:58 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 08:19:01 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2007/08/24 17:14:52 | 00,229,376 | ---- | M] () -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
PRC - [2007/08/24 17:11:02 | 00,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
PRC - [2005/02/17 01:37:06 | 00,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2005/02/17 01:35:05 | 01,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2005/02/17 01:03:44 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2004/12/15 09:41:28 | 00,454,656 | ---- | M] () -- C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
PRC - [2004/11/05 04:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/11/02 16:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/10/14 22:54:32 | 00,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/10/14 01:04:14 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/14 01:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/10/14 00:17:06 | 02,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/14 00:00:10 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/13 22:01:50 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/09/23 16:30:48 | 00,038,912 | ---- | M] () -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/08/31 03:29:46 | 00,078,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2004/08/30 19:34:20 | 00,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/28 00:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/28 00:22:46 | 00,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004/08/28 00:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/28 00:22:40 | 00,058,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/27 23:02:54 | 00,206,048 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/08/06 02:23:10 | 00,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 12:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/21 17:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2004/07/08 15:13:42 | 00,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2004/06/29 18:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/06/07 19:42:30 | 00,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe
PRC - [2003/11/21 20:02:42 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2003/04/09 05:56:24 | 00,598,150 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2003/02/11 20:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/08/21 14:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/18 19:46:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL(2).exe
MOD - [2005/02/17 01:37:06 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/24 23:05:02 | 00,197,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2004/08/04 19:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 12:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2003/02/21 13:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2007/08/24 17:11:02 | 00,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2004/10/14 01:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/09/23 16:30:48 | 00,038,912 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/08/31 03:29:46 | 00,078,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2004/08/30 19:34:20 | 00,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/28 00:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/28 00:22:48 | 00,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/28 00:22:46 | 00,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/28 00:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/27 23:02:54 | 00,206,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/08/06 02:23:10 | 00,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/23 20:47:22 | 00,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 17:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2007/08/16 15:24:38 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/08/16 15:24:36 | 00,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2007/08/16 15:24:34 | 00,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/08/16 15:24:32 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/08/16 15:24:32 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/08/16 15:24:32 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2005/02/17 01:24:42 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/11/17 10:00:00 | 00,629,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/11/17 10:00:00 | 00,072,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS -- (NAVENG)
DRV - [2004/11/02 17:27:20 | 00,773,565 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/14 01:33:20 | 02,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/14 23:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/08/27 23:02:28 | 00,266,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/27 23:02:26 | 00,025,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/08/27 23:02:24 | 00,034,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/08/27 23:02:20 | 00,046,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/08/27 23:02:18 | 00,171,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/08/27 23:02:16 | 00,011,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/08/26 15:03:38 | 00,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 14:31:36 | 00,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 22:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/03 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/23 20:47:24 | 00,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 20:47:22 | 00,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 17:24:02 | 00,341,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 18:07:18 | 01,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/27 00:31:14 | 00,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/18 01:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 10:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 08:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 18:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 22:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/06/04 14:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\S-1-5-21-2705083740-1142235013-1390634443-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 07:24:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 07:24:03 | 00,000,000 | ---D | M]

[2009/11/28 20:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/11/28 20:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ahry2sum.default\extensions
[2009/12/18 10:59:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/14 19:34:14 | 00,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [HP_AIO_SETUP_MUTEX] C:\DOCUME~1\HP_OWNER\LOCALS~1\TEMP\HP_OFFICEJET_G_SERIES\CDIMAGE\setup.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk = C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe (NeoPlanet)
O4 - Startup: C:\Documents and Settings\HP_Owner.YOUR-4F1261A8E5\Start Menu\Programs\Startup\HP Organize.lnk = C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe (NeoPlanet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2705083740-1142235013-1390634443-1009\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/17 02:05:32 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{d47622b4-dc99-11de-a86a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d47622b4-dc99-11de-a86a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/18 19:46:40 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL(2).exe
[2009/12/18 19:36:09 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2009/12/16 08:19:01 | 00,073,728 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2009/12/07 17:45:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/07 17:45:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\AiOTemp
[2009/12/07 17:31:40 | 41,427,024 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\HP_Owner\Desktop\A140609_ENU_XP.exe
[2009/12/07 13:21:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\IObit
[2009/12/06 13:18:29 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner\UserData
[2009/12/05 10:17:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/12/05 10:04:34 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/05 09:55:18 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/03 10:05:54 | 00,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/03 09:57:17 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/03 09:57:16 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/03 09:57:16 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/03 09:57:15 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/03 09:38:19 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/12/03 09:38:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/02 19:25:06 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HP_Owner\Desktop\RootRepeal.exe
[2009/12/02 19:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
[2009/12/02 19:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Adobe
[2009/12/02 19:02:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My eBooks
[2009/12/02 18:45:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/11/30 21:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Template
[2009/11/30 16:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities
[2009/11/30 07:26:15 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/29 17:15:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
[2009/11/29 17:15:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Adobe
[2009/11/28 22:00:18 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/11/28 21:56:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2009/11/28 21:56:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/11/28 21:56:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\LightScribe
[2009/11/28 21:55:59 | 00,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2009/11/28 21:55:51 | 00,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/11/28 21:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InterMute
[2009/11/28 21:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Identities
[2009/11/28 21:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
[2009/11/28 21:54:54 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
[2009/11/28 21:54:54 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner\Cookies
[2009/11/28 21:54:54 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Application Data
[2009/11/28 21:54:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Favorites
[2009/11/28 21:54:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner\Local Settings
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Symantec
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Sun
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\SampleView
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Real
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\ApplicationHistory
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Apple Computer
[2009/11/28 21:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2009/11/28 21:54:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\SendTo
[2009/11/28 21:54:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Start Menu
[2009/11/28 21:54:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My Videos
[2009/11/28 21:54:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My Pictures
[2009/11/28 21:54:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My Music
[2009/11/28 21:54:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\My Documents
[2009/11/28 21:54:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner\Templates
[2009/11/28 21:54:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner\PrintHood
[2009/11/28 21:54:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner\NetHood
[2009/11/28 21:54:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\WINDOWS
[2009/11/28 21:53:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/11/28 21:50:01 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpojwia.dll
[2009/11/28 20:35:50 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/28 20:01:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2009/11/28 20:01:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
[2009/11/28 10:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2007/11/22 09:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/09/13 19:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/07/22 11:06:38 | 38,773,329 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\aP4.1_Full_4.1.3.1_586.exe
[2005/07/22 08:20:48 | 15,694,117 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\coolStyles_1_V4.2.exe
[2005/02/04 18:53:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/02/04 18:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/02/04 18:53:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/04 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/18 19:46:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL(2).exe
[2009/12/18 19:36:13 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2009/12/17 19:28:22 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2009/12/17 19:23:08 | 00,000,916 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2009/12/17 11:38:26 | 02,455,040 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\art.wps
[2009/12/17 10:33:45 | 00,067,914 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image49.gif
[2009/12/17 10:33:45 | 00,052,221 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image51.gif
[2009/12/17 10:33:45 | 00,017,042 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image45.gif
[2009/12/17 10:33:45 | 00,012,514 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image44.gif
[2009/12/17 10:33:45 | 00,011,491 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image46.gif
[2009/12/17 10:33:45 | 00,010,453 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image50.gif
[2009/12/17 10:33:45 | 00,009,637 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image52.gif
[2009/12/17 10:33:45 | 00,005,987 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image48.gif
[2009/12/17 10:33:45 | 00,004,752 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image47.gif
[2009/12/17 10:33:45 | 00,002,874 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\art1.htm
[2009/12/17 10:33:44 | 00,026,046 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image32.gif
[2009/12/17 10:33:44 | 00,017,705 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image35.gif
[2009/12/17 10:33:44 | 00,013,907 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image33.gif
[2009/12/17 10:33:44 | 00,012,755 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image37.gif
[2009/12/17 10:33:44 | 00,012,587 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image41.gif
[2009/12/17 10:33:44 | 00,008,917 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image39.gif
[2009/12/17 10:33:44 | 00,008,347 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image40.gif
[2009/12/17 10:33:44 | 00,007,892 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image36.gif
[2009/12/17 10:33:44 | 00,007,864 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image43.gif
[2009/12/17 10:33:44 | 00,005,378 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image34.gif
[2009/12/17 10:33:44 | 00,005,134 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image42.gif
[2009/12/17 10:33:44 | 00,003,240 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image38.gif
[2009/12/17 10:33:43 | 00,026,206 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image27.gif
[2009/12/17 10:33:43 | 00,017,356 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image30.gif
[2009/12/17 10:33:43 | 00,012,755 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image29.gif
[2009/12/17 10:33:43 | 00,010,038 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image26.gif
[2009/12/17 10:33:43 | 00,009,524 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image25.gif
[2009/12/17 10:33:43 | 00,008,723 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image21.gif
[2009/12/17 10:33:43 | 00,007,988 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image22.gif
[2009/12/17 10:33:43 | 00,005,649 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image31.gif
[2009/12/17 10:33:43 | 00,005,604 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image24.gif
[2009/12/17 10:33:43 | 00,005,070 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image28.gif
[2009/12/17 10:33:43 | 00,003,499 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image23.gif
[2009/12/17 10:33:42 | 00,021,808 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image15.gif
[2009/12/17 10:33:42 | 00,012,755 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image20.gif
[2009/12/17 10:33:42 | 00,010,511 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image6.gif
[2009/12/17 10:33:42 | 00,009,644 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image17.gif
[2009/12/17 10:33:42 | 00,008,816 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image19.gif
[2009/12/17 10:33:42 | 00,007,821 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image10.gif
[2009/12/17 10:33:42 | 00,007,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image5.gif
[2009/12/17 10:33:42 | 00,006,274 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image9.gif
[2009/12/17 10:33:42 | 00,005,929 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image8.gif
[2009/12/17 10:33:42 | 00,005,782 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image14.gif
[2009/12/17 10:33:42 | 00,004,786 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image7.gif
[2009/12/17 10:33:42 | 00,004,075 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image18.gif
[2009/12/17 10:33:42 | 00,003,509 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image16.gif
[2009/12/17 10:33:42 | 00,003,318 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image11.gif
[2009/12/17 10:33:42 | 00,003,270 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image13.gif
[2009/12/17 10:33:42 | 00,002,574 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image12.gif
[2009/12/17 10:33:41 | 00,030,543 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image3.gif
[2009/12/17 10:33:41 | 00,023,592 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image2.gif
[2009/12/17 10:33:41 | 00,005,025 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image4.gif
[2009/12/17 10:33:41 | 00,003,572 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Image1.gif
[2009/12/17 10:32:44 | 39,051,155 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\art.wps.doc
[2009/12/16 13:08:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/16 08:19:02 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/12/16 08:19:02 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/12/16 08:19:01 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/12/16 08:19:01 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2009/12/13 16:00:41 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\civics 2.wps
[2009/12/13 15:03:09 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\civics.wps
[2009/12/13 11:26:38 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Documentation.lnk
[2009/12/13 11:17:04 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/13 03:20:04 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 03:20:04 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 03:20:04 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 03:19:04 | 00,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/12/13 03:18:46 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/13 03:18:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 03:18:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 03:18:29 | 52,781,4656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/13 03:17:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2009/12/13 03:02:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/12 17:21:31 | 00,182,606 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\lil wayne.pdf
[2009/12/07 18:55:27 | 00,340,992 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\obama.wps
[2009/12/07 18:09:26 | 00,124,798 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IBERIABANK0001.mdi
[2009/12/07 17:44:36 | 41,427,024 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\HP_Owner\Desktop\A140609_ENU_XP.exe
[2009/12/06 17:17:43 | 00,001,856 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Retry AOL 9.0 or call 866.489.4698 for assistance.lnk
[2009/12/06 17:17:42 | 00,000,322 | -H-- | M] () -- C:\IPH.PH
[2009/12/06 13:14:12 | 00,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/05 10:02:19 | 00,042,632 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/02 19:25:11 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HP_Owner\Desktop\RootRepeal.exe
[2009/12/02 19:12:55 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2009/11/30 21:09:21 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Untitled Document.wps
[2009/11/30 21:08:18 | 00,005,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Untitled.mdi
[2009/11/30 07:27:10 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/30 07:26:30 | 00,000,283 | RHS- | M] () -- C:\boot.ini
[2009/11/28 21:59:44 | 00,001,081 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sprint Mobile Broadband (Novatel Wireless).lnk
[2009/11/28 21:57:21 | 00,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2009/11/28 21:57:14 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2009/11/28 21:57:04 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2009/11/28 21:56:07 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Register with HP.url
[2009/11/28 21:55:20 | 00,001,850 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PS583AA-ABA a1020n_YC_0Pavi_QCNH516_E52NAheBLU1_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXH2_L409_M504_J200_7Intel_8Pentium 4_93.06_#050622_N10EC8139_Z11C1048C_G80862582.MRK
[2009/11/28 21:54:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 21:53:52 | 00,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/28 21:53:48 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/28 21:53:47 | 00,002,154 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2009/11/28 21:52:42 | 00,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2009/11/28 21:50:22 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/17 10:33:45 | 00,067,914 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image49.gif
[2009/12/17 10:33:45 | 00,052,221 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image51.gif
[2009/12/17 10:33:45 | 00,017,042 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image45.gif
[2009/12/17 10:33:45 | 00,011,491 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image46.gif
[2009/12/17 10:33:45 | 00,010,453 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image50.gif
[2009/12/17 10:33:45 | 00,009,637 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image52.gif
[2009/12/17 10:33:45 | 00,005,987 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image48.gif
[2009/12/17 10:33:45 | 00,004,752 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image47.gif
[2009/12/17 10:33:44 | 00,017,705 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image35.gif
[2009/12/17 10:33:44 | 00,013,907 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image33.gif
[2009/12/17 10:33:44 | 00,012,755 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image37.gif
[2009/12/17 10:33:44 | 00,012,587 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image41.gif
[2009/12/17 10:33:44 | 00,012,514 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image44.gif
[2009/12/17 10:33:44 | 00,008,917 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image39.gif
[2009/12/17 10:33:44 | 00,008,347 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image40.gif
[2009/12/17 10:33:44 | 00,007,892 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image36.gif
[2009/12/17 10:33:44 | 00,007,864 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image43.gif
[2009/12/17 10:33:44 | 00,005,378 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image34.gif
[2009/12/17 10:33:44 | 00,005,134 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image42.gif
[2009/12/17 10:33:44 | 00,003,240 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image38.gif
[2009/12/17 10:33:43 | 00,026,206 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image27.gif
[2009/12/17 10:33:43 | 00,026,046 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image32.gif
[2009/12/17 10:33:43 | 00,017,356 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image30.gif
[2009/12/17 10:33:43 | 00,012,755 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image29.gif
[2009/12/17 10:33:43 | 00,010,038 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image26.gif
[2009/12/17 10:33:43 | 00,009,524 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image25.gif
[2009/12/17 10:33:43 | 00,007,988 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image22.gif
[2009/12/17 10:33:43 | 00,005,649 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image31.gif
[2009/12/17 10:33:43 | 00,005,604 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image24.gif
[2009/12/17 10:33:43 | 00,005,070 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image28.gif
[2009/12/17 10:33:43 | 00,003,499 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image23.gif
[2009/12/17 10:33:42 | 00,021,808 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image15.gif
[2009/12/17 10:33:42 | 00,012,755 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image20.gif
[2009/12/17 10:33:42 | 00,010,511 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image6.gif
[2009/12/17 10:33:42 | 00,009,644 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image17.gif
[2009/12/17 10:33:42 | 00,008,816 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image19.gif
[2009/12/17 10:33:42 | 00,008,723 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image21.gif
[2009/12/17 10:33:42 | 00,007,821 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image10.gif
[2009/12/17 10:33:42 | 00,006,274 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image9.gif
[2009/12/17 10:33:42 | 00,005,929 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image8.gif
[2009/12/17 10:33:42 | 00,005,782 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image14.gif
[2009/12/17 10:33:42 | 00,004,786 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image7.gif
[2009/12/17 10:33:42 | 00,004,075 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image18.gif
[2009/12/17 10:33:42 | 00,003,509 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image16.gif
[2009/12/17 10:33:42 | 00,003,318 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image11.gif
[2009/12/17 10:33:42 | 00,003,270 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image13.gif
[2009/12/17 10:33:42 | 00,002,574 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image12.gif
[2009/12/17 10:33:41 | 00,030,543 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image3.gif
[2009/12/17 10:33:41 | 00,023,592 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image2.gif
[2009/12/17 10:33:41 | 00,007,753 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image5.gif
[2009/12/17 10:33:41 | 00,005,025 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image4.gif
[2009/12/17 10:33:40 | 00,003,572 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Image1.gif
[2009/12/17 10:33:39 | 00,002,874 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\art1.htm
[2009/12/17 10:32:42 | 39,051,155 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\art.wps.doc
[2009/12/16 08:19:02 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/12/16 08:19:02 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/12/13 16:00:41 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\civics 2.wps
[2009/12/13 12:49:58 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\civics.wps
[2009/12/12 17:21:31 | 00,182,606 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\lil wayne.pdf
[2009/12/07 17:55:00 | 00,124,798 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IBERIABANK0001.mdi
[2009/12/06 17:17:35 | 00,001,856 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Retry AOL 9.0 or call 866.489.4698 for assistance.lnk
[2009/12/06 17:17:34 | 00,000,322 | -H-- | C] () -- C:\IPH.PH
[2009/12/05 11:21:02 | 02,455,040 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\art.wps
[2009/12/05 10:05:44 | 00,340,992 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\obama.wps
[2009/12/02 19:12:37 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2009/11/30 21:09:21 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Untitled Document.wps
[2009/11/30 21:08:17 | 00,005,826 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Untitled.mdi
[2009/11/30 21:05:47 | 00,000,916 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2009/11/30 07:27:10 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/30 07:27:10 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/28 21:57:21 | 00,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2009/11/28 21:57:21 | 00,001,687 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
[2009/11/28 21:57:04 | 00,000,278 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2009/11/28 21:56:07 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Register with HP.url
[2009/11/28 21:55:17 | 00,001,850 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PS583AA-ABA a1020n_YC_0Pavi_QCNH516_E52NAheBLU1_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXH2_L409_M504_J200_7Intel_8Pentium 4_93.06_#050622_N10EC8139_Z11C1048C_G80862582.MRK
[2009/11/28 21:55:14 | 52,781,4656 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/28 21:54:59 | 00,002,235 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Help and Support.lnk
[2009/11/28 21:54:58 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2009/11/28 21:54:53 | 01,572,864 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2009/11/28 21:54:53 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2009/11/28 21:50:01 | 00,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5500a.aio
[2009/11/28 21:50:01 | 00,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5400a.aio
[2009/11/28 21:50:00 | 00,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5300a.aio
[2009/11/28 12:46:34 | 00,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOLŪ.lnk
[2009/11/28 12:46:14 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2008/12/26 11:08:44 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2007/04/10 09:02:31 | 00,002,897 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/21 18:26:44 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/13 20:07:24 | 00,008,913 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/04/13 20:07:24 | 00,007,454 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/04/13 20:07:24 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2005/07/11 17:35:34 | 00,000,122 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/02/17 02:07:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/17 02:03:38 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/17 02:03:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/17 02:03:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/17 02:03:38 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/17 02:03:37 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/17 02:03:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/17 01:35:35 | 00,014,555 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/17 01:35:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/17 01:35:06 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/17 01:31:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/17 01:13:47 | 00,001,446 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/02/17 01:11:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/17 01:09:10 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/17 01:00:20 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/16 15:38:19 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/02/04 18:56:42 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 18:56:42 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 18:56:20 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/14 00:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 04:14:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 04:14:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/16 05:38:02 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 00:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:56 PM

Posted 18 December 2009 - 09:54 PM

Hi Cranston,

Can you tell me what problems you are currently having?


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

unite.jpg


#5 CRANSTON

CRANSTON
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 19 December 2009 - 05:43 PM

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/19/2009 4:37:19 PM
mbam-log-2009-12-19 (16-37-19).txt

Scan type: Quick Scan
Objects scanned: 113723
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0







Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




The only remaining problem seems to be the lost items. all of my documents are missing and empty, microsoft office and several other programs are missing. Can this stuff be recovered?

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:56 PM

Posted 20 December 2009 - 12:45 PM

The only remaining problem seems to be the lost items. all of my documents are missing and empty, microsoft office and several other programs are missing. Can this stuff be recovered?


Unless these files are in your recycle bin, then it might not be possible to recover them although their are some programs that may be able too, like File Recover.

Any programs should just be able to be reinstalled, let me know if this helps.

unite.jpg


#7 CRANSTON

CRANSTON
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 22 December 2009 - 10:26 PM

Do I have to purchase this program? I can do the scan on it but then I get a message saying that the files can't be recovered without the registered version.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:56 PM

Posted 23 December 2009 - 12:36 PM

You may have to purchase it I haven't ever used it, you can give Recuva a go instead, this is free.

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:56 PM

Posted 28 December 2009 - 12:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users