Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirect and AXWIN Frame Window error


  • This topic is locked This topic is locked
16 replies to this topic

#1 VicW

VicW

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 01 February 2010 - 11:31 PM

Hi,

I have picked up a browser hijacker that redirects to random sites. Sometimes clicking on a Google search link will actually go to the correct site but not always. Along with this, a Data Execution Prevention dialog box comes up when Windows first displays the GUI stating that Windows has closed the Generic Host Process for Win32 Services program. Eventually, a dialog box comes up with the title 'AXWIN Frame Window: svchost.exe - Application Error'.

I am running Windows XP Home 2002 with service pack 3 on an HP Pavilion a1310n. I use Firefox version 3.5.7 for browsing. I have scanned with Ad-Aware, Malware-bytes Anti-Malware, and McAfee Security Center version 9.15. I use McAfee for my active virus protection.

I have read the preparation guide and am posting the DDS and RootRepeal logs below. Thank you for your help in advance.

Vic


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 19:08:38.75 on Mon 02/01/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.888 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ridgenet.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program

files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Wsufefokibofaxa] rundll32.exe "c:\windows\ipevulase.dll",Startup
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PCDrProfiler]
mRun: [NPSStartup]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cloudm~1.lnk - c:\windows\installer\{27240968-45dd-4c73-9efa-fe7d2854b673}\SC_1.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster gold 18\Remind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188355936322
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\hyjpadcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ridgenet.net/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\hp_administrator\application

data\mozilla\firefox\profiles\hyjpadcb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {22CDE29F-2521-4B2C-98DD-C9E4E93EC978} - c:\documents and settings\hp_administrator\local settings\application

data\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978}
FF - HiddenExtension: XULRunner: {A7442B05-673F-4F88-BCE0-5DAF2A1EBC39} - c:\documents and settings\lauren\local settings\application

data\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}
FF - HiddenExtension: XULRunner: {E70D1BF9-8C58-4891-B413-5BFB4B462E5F} - c:\documents and settings\sean\local settings\application

data\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-22 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-17 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-30 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-30 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-30 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-30 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe

[2009-6-16 20480]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-17 36608]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-30 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-30 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-30 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-30 40552]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-31 11520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-30 34248]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-02-01 00:51:53 0 d-----w- c:\docume~1\alluse~1\applic~1\WD_SmartWareCommon
2010-02-01 00:49:11 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Western Digital
2010-02-01 00:49:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-02-01 00:48:32 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-02-01 00:47:46 0 d-----w- c:\program files\Western Digital
2010-01-30 21:40:05 8551 ----a-w- c:\windows\system32\Config.MPF
2010-01-30 21:30:01 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-30 21:30:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-30 21:30:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-30 21:29:54 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-30 21:29:10 0 d-----w- c:\program files\common files\McAfee
2010-01-30 21:29:08 0 d-----w- c:\program files\McAfee.com
2010-01-30 21:28:47 0 d-----w- c:\program files\McAfee
2010-01-30 21:23:19 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-24 02:35:17 0 d-----w- c:\program files\trend micro
2010-01-23 08:05:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 03:08:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-23 02:57:02 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-23 02:40:58 0 d-----w- c:\program files\SpywareBlaster
2010-01-23 00:19:36 0 d-----w- c:\program files\SmartPCTools
2010-01-22 03:55:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-22 02:10:07 0 d-----w- c:\program files\Spyware Doctor
2010-01-17 06:42:51 0 ----a-w- c:\windows\system32\28145.exe
2010-01-17 06:22:50 0 ----a-w- c:\windows\system32\5705.exe
2010-01-17 05:22:05 0 ----a-w- c:\windows\system32\29358.exe
2010-01-17 05:02:05 0 ----a-w- c:\windows\system32\11478.exe
2010-01-17 04:42:04 0 ----a-w- c:\windows\system32\15724.exe
2010-01-17 04:22:03 0 ----a-w- c:\windows\system32\19169.exe
2010-01-17 04:02:03 0 ----a-w- c:\windows\system32\26500.exe
2010-01-17 03:42:02 0 ----a-w- c:\windows\system32\6334.exe
2010-01-17 03:22:02 0 ----a-w- c:\windows\system32\18467.exe
2010-01-16 07:12:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-16 07:11:44 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-16 07:11:44 0 d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2010-01-16 06:59:54 120 ----a-w- c:\windows\Imelobi.dat
2010-01-16 06:59:54 0 ----a-w- c:\windows\Xyuzahixu.bin
2010-01-16 01:47:19 0 d-----w- c:\program files\Microsoft
2010-01-16 01:46:58 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-12 19:48:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 04:54:25 1593 ----a-w- c:\windows\VPNUnInstall.MIF
2010-01-12 04:40:10 0 d-----w- c:\windows\Internet Logs
2010-01-12 04:39:40 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2010-01-12 04:39:40 101904 ----a-w- c:\windows\system32\dneinobj.dll
2010-01-12 04:39:06 0 d-----w- c:\program files\Cisco Systems
2010-01-12 04:38:51 1594 ----a-w- c:\windows\VPNInstall.MIF

==================== Find3M ====================

2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2008-08-28 03:00:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 19:12:35.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 08 February 2010 - 12:57 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 08 February 2010 - 09:52 PM

Thanks for replying back. I am still in need of help.

Since I previously posted, I ran Windows Live OneCare safety scanner from Microsoft's website. It identified but could not remove 2 items:
Trojan.Win32/Hiloti.gen!D
TrojanClicker:ASX/Wimad.gen!H

I am attaching and posting the DDS logs as requested.

I was unable to run GMER. I downloaded the file as a randomly named file but when I double-clicked on it, the computer restarted. No blue screen, just a good old-fashioned restart. I disabled McAfee and disconnected from the internet before running GMER.

I attempted to boot into safe mode but was unable to do so. The computer kept restarting each time I selected 'Safe Mode'. I had to boot normally and am now posting.

Thanks again,
Vic

Here is my log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 17:47:47.06 on Mon 02/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1100 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ridgenet.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Wsufefokibofaxa] rundll32.exe "c:\windows\ipevulase.dll",Startup
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PCDrProfiler]
mRun: [NPSStartup]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cloudm~1.lnk - c:\windows\installer\{27240968-45dd-4c73-9efa-fe7d2854b673}\SC_1.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster gold 18\Remind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188355936322
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\hyjpadcb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ridgenet.net/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\hyjpadcb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {22CDE29F-2521-4B2C-98DD-C9E4E93EC978} - c:\documents and settings\hp_administrator\local settings\application data\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978}
FF - HiddenExtension: XULRunner: {A7442B05-673F-4F88-BCE0-5DAF2A1EBC39} - c:\documents and settings\lauren\local settings\application data\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}
FF - HiddenExtension: XULRunner: {E70D1BF9-8C58-4891-B413-5BFB4B462E5F} - c:\documents and settings\sean\local settings\application data\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-22 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-17 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-30 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-30 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-30 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-30 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-17 36608]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-30 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-30 35272]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-31 11520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-30 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-30 40552]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-30 606736]

=============== Created Last 30 ================

2010-02-01 00:51:53 0 d-----w- c:\docume~1\alluse~1\applic~1\WD_SmartWareCommon
2010-02-01 00:49:11 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Western Digital
2010-02-01 00:49:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-02-01 00:48:32 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-02-01 00:47:46 0 d-----w- c:\program files\Western Digital
2010-01-30 21:40:05 8551 ----a-w- c:\windows\system32\Config.MPF
2010-01-30 21:30:01 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-30 21:30:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-30 21:30:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-30 21:29:54 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-30 21:29:10 0 d-----w- c:\program files\common files\McAfee
2010-01-30 21:29:08 0 d-----w- c:\program files\McAfee.com
2010-01-30 21:28:47 0 d-----w- c:\program files\McAfee
2010-01-30 21:23:19 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-24 02:35:17 0 d-----w- c:\program files\trend micro
2010-01-23 08:05:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 03:08:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-23 02:57:02 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-23 02:40:58 0 d-----w- c:\program files\SpywareBlaster
2010-01-23 00:19:36 0 d-----w- c:\program files\SmartPCTools
2010-01-22 03:55:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-22 02:10:07 0 d-----w- c:\program files\Spyware Doctor
2010-01-17 06:42:51 0 ----a-w- c:\windows\system32\28145.exe
2010-01-17 06:22:50 0 ----a-w- c:\windows\system32\5705.exe
2010-01-17 05:22:05 0 ----a-w- c:\windows\system32\29358.exe
2010-01-17 05:02:05 0 ----a-w- c:\windows\system32\11478.exe
2010-01-17 04:42:04 0 ----a-w- c:\windows\system32\15724.exe
2010-01-17 04:22:03 0 ----a-w- c:\windows\system32\19169.exe
2010-01-17 04:02:03 0 ----a-w- c:\windows\system32\26500.exe
2010-01-17 03:42:02 0 ----a-w- c:\windows\system32\6334.exe
2010-01-17 03:22:02 0 ----a-w- c:\windows\system32\18467.exe
2010-01-16 07:12:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-16 07:11:44 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-16 07:11:44 0 d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2010-01-16 06:59:54 120 ----a-w- c:\windows\Imelobi.dat
2010-01-16 06:59:54 0 ----a-w- c:\windows\Xyuzahixu.bin
2010-01-16 01:47:19 0 d-----w- c:\program files\Microsoft
2010-01-16 01:46:58 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-12 19:48:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 04:54:25 1593 ----a-w- c:\windows\VPNUnInstall.MIF
2010-01-12 04:40:10 0 d-----w- c:\windows\Internet Logs
2010-01-12 04:39:40 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2010-01-12 04:39:40 101904 ----a-w- c:\windows\system32\dneinobj.dll
2010-01-12 04:39:06 0 d-----w- c:\program files\Cisco Systems
2010-01-12 04:38:51 1594 ----a-w- c:\windows\VPNInstall.MIF

==================== Find3M ====================

2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2008-08-28 03:00:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 17:52:26.89 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 09 February 2010 - 02:40 PM

Hello, VicW
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 10 February 2010 - 12:15 AM

Tom,

Thanks for the help. I downloaded and ran ComboFix (renamed as suggested). It popped open a command window, backed up the registry files, and then began its scan. It did not install Windows Recovery Console. On three consecutive runs (I just wanted to make sure it was consistent), CombFix output 'Completed Stage_50' followed by 'Deleting Files:' and then the computer immediately restarted. Thus, I have no log to post.

Just a note: I am running McAfee Security Center version 9 which does not have the 'Exit' entry in the right-click menu. I did configure it to disable virus, spyware, system guards, and script scanning protection which seemed to work. I enabled these after scanning with ComboFix and schrauber.exe immediately disappeared from my desktop (I'm assuming McAfee removed it).

Please let me know how you would like me to proceed.

Thanks,
Vic


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 10 February 2010 - 03:24 PM

Hi,

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 10 February 2010 - 09:16 PM

Here are the logs.

OTL.txt:
OTL logfile created on: 2/10/2010 5:54:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 74.72 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.11 Gb Total Space | 432.62 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEXP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/02/04 19:09:28 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 19:08:24 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/10 10:50:18 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/05 18:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/01 11:42:28 | 000,263,416 | ---- | M] (Cloudmark, Inc.) -- C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 19:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/11/10 16:50:28 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/10/28 14:12:04 | 000,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/10/23 05:46:44 | 000,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/08/13 23:34:44 | 000,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/13 21:29:40 | 000,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/10 04:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/12/01 11:42:30 | 000,836,856 | ---- | M] (Cloudmark, Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Cloudmark\SpamNet\snoew32h_1.dll
MOD - [2008/04/13 16:12:08 | 000,171,520 | ---- | M] () -- C:\WINDOWS\ipevulase.dll
MOD - [2005/11/10 16:50:27 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - [2010/02/04 19:09:28 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/03 19:55:25 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/28 19:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005/10/23 05:46:44 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/08/13 21:29:40 | 000,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/13 20:05:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ridgenet.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ridgenet.net/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {22CDE29F-2521-4B2C-98DD-C9E4E93EC978}:1.9.1
FF - prefs.js..extensions.enabledItems: {A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}:1.9.1
FF - prefs.js..extensions.enabledItems: {E70D1BF9-8C58-4891-B413-5BFB4B462E5F}:1.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978} [2010/01/15 22:59:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}: C:\Documents and Settings\Lauren\Local Settings\Application Data\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39} [2010/01/17 19:35:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F}: C:\Documents and Settings\Sean\Local Settings\Application Data\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F} [2010/01/17 20:09:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/09 09:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 17:02:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 10:50:32 | 000,000,000 | ---D | M]

[2008/06/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/02/09 21:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions
[2009/11/07 10:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
[2009/08/23 09:15:22 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2009/11/07 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{4D8EA347-E120-4f00-A46B-6EBE988A6213}
[2009/03/29 16:56:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008/08/28 15:29:36 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2009/05/02 18:10:05 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2009/08/23 09:15:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/20 20:01:09 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2009/08/23 09:15:21 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2008/03/14 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\moveplayer@movenetworks.com
[2008/09/02 19:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Wsufefokibofaxa] C:\WINDOWS\ipevulase.DLL ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk = C:\WINDOWS\Installer\{27240968-45DD-4C73-9EFA-FE7D2854B673}\SC_1.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1188355936322 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 16:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 11:12:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/10 17:53:40 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/10 15:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/09 20:42:05 | 000,000,000 | --SD | C] -- C:\schrauber
[2010/02/09 20:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/09 19:27:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 19:27:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 19:27:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 19:27:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 19:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 19:25:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/04 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/31 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western_Digital
[2010/01/31 16:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/31 16:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Western Digital
[2010/01/31 16:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/01/31 16:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/01/31 16:48:32 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/01/31 16:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/01/31 16:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western Digital
[2010/01/30 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/30 13:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/01/30 13:30:01 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/01/30 13:30:01 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/01/30 13:30:01 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/01/30 13:29:54 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/01/30 13:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/30 13:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/01/30 13:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/30 13:23:19 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/01/30 13:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/01/21 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/21 21:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/14 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/01/29 18:12:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/08/15 12:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/10 15:53:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/12 06:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/10 17:56:01 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/10 15:11:21 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk
[2010/02/10 15:11:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Imelobi.dat
[2010/02/10 15:11:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xyuzahixu.bin
[2010/02/10 15:10:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 15:09:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/10 15:09:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/10 15:09:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 15:09:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/10 15:09:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/10 15:08:21 | 000,009,897 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/10 15:07:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 15:07:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/10 15:07:03 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 22:33:07 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/02/09 22:33:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/02/09 19:17:12 | 000,011,526 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Creighton Activity Resume.docx
[2010/02/08 22:06:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/08 17:53:45 | 000,005,892 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.zip
[2010/02/08 17:40:46 | 000,013,671 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Microsoft Office Word Document.docx
[2010/02/08 17:37:51 | 002,160,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Instructions.bmp
[2010/02/08 17:36:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tzuozprs.exe
[2010/02/08 17:28:16 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/02/07 20:22:57 | 000,169,857 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Come and Join Us.pptx
[2010/02/05 14:19:12 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 11:51:11 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 09:52:20 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrintMaster Gold 18.lnk
[2010/02/01 19:15:21 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\RootRepeal.exe
[2010/02/01 01:14:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/01 01:14:20 | 000,002,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install Rhapsody.lnk
[2010/01/31 16:48:53 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/01/31 16:48:52 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/01/31 16:47:19 | 000,475,512 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/31 16:47:19 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/31 16:47:19 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 13:35:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/30 13:29:28 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/27 19:27:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/09 19:27:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 19:27:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 19:27:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 19:27:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 19:27:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 19:17:11 | 000,011,526 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Creighton Activity Resume.docx
[2010/02/09 06:23:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/08 17:39:36 | 000,013,671 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Microsoft Office Word Document.docx
[2010/02/08 17:37:51 | 002,160,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Instructions.bmp
[2010/02/08 17:36:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tzuozprs.exe
[2010/02/08 17:34:54 | 000,005,892 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.zip
[2010/02/07 20:01:21 | 000,169,857 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Come and Join Us.pptx
[2010/02/04 15:46:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/04 15:46:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/04 15:46:21 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/01 19:06:48 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/01/31 16:48:53 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/01/31 16:48:51 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/01/30 13:40:05 | 000,009,897 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/30 13:35:53 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/30 13:29:28 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/30 13:29:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/17 20:25:19 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/17 20:25:19 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/17 20:23:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2007/12/12 18:52:49 | 000,040,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\FASTWiz.log
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/30 17:50:02 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/08/19 20:11:18 | 000,000,222 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/20 20:55:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/04/01 11:55:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/04/01 11:51:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/25 14:55:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2006/12/09 19:24:35 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/29 13:24:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/10/29 13:14:54 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/07/05 20:06:17 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/03 15:37:05 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/19 19:08:52 | 000,051,286 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/04/19 19:08:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/19 19:08:29 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
[2006/04/19 19:08:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/04/19 19:08:06 | 000,017,897 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/04/19 19:08:06 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/04/19 19:07:22 | 000,003,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log
[2006/04/19 19:07:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/19 19:05:58 | 000,006,617 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/19 19:05:58 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/19 19:02:31 | 000,041,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/19 19:02:31 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/02/13 18:31:40 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/01/09 12:00:07 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/08 19:59:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/10 17:15:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 16:54:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 16:49:39 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 16:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 16:46:56 | 000,001,211 | ---- | C] () -- C:\WINDOWS\Quicken-old.ini
[2005/11/10 16:43:35 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 16:38:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 16:38:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 16:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 16:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 16:32:35 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 16:31:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 16:20:01 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/10 16:18:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 16:02:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 15:55:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 15:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 15:55:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 12:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 04:00:00 | 000,171,520 | ---- | C] () -- C:\WINDOWS\ipevulase.dll
[2004/07/26 14:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/02/01 09:25:42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

========== LOP Check ==========

[2009/06/16 23:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/11/23 11:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2007/09/30 17:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2006/06/05 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/02/10 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/06/21 09:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/07/17 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/01/30 11:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/16 23:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/26 20:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2010/01/31 16:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/31 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/03/21 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/13 20:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/22 18:57:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/02/10 15:09:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/10 15:09:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/10 15:09:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 15:09:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/10 15:09:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/30 13:29:28 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/01 01:14:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] () MD5=1F0A0D2D75AC8CF2D823DDC358AF61FD -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\scholastic.ai:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras.txt:
OTL Extras logfile created on: 2/10/2010 5:54:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 74.72 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.11 Gb Total Space | 432.62 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEXP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- File not found
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24A71701-4BFD-4228-97B3-7D739195EC67}" = Walmart Digital Photo Manager
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{27240968-45DD-4C73-9EFA-FE7D2854B673}" = Cloudmark Desktop for Microsoft Outlook Express
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = Lord of the Rings: The Fellowship of the Ring
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA8C682-5BEF-421F-9032-FAECD1CFA2A1}" = Nemesis of the Roman Empire
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C96A65-AF5E-438B-900F-259869219BA0}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADD209A3-C05A-4988-B4CD-65B6B582F911}" = PrintMaster Gold 18
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"7-Zip" = 7-Zip 4.57
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DISCover" = DISCover
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"FileZilla Client" = FileZilla Client 3.1.1.1
"GameSpy Arcade" = GameSpy Arcade
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = Lord of the Rings: The Fellowship of the Ring
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyLogoMaker_is1" = MyLogoMaker 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PrintMaster 8.0" = PrintMaster® Premier 8.0
"PROR" = Microsoft Office Professional 2007
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpywareBlaster_is1" = SpywareBlaster 4.2
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VISPRO" = Microsoft Office Visio Professional 2007
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2010 11:01:32 PM | Computer Name = HOMEXP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0326f7a0.

Error - 2/9/2010 11:25:15 PM | Computer Name = HOMEXP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0336f7a0.

Error - 2/9/2010 11:25:31 PM | Computer Name = HOMEXP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x032ef7a0.

Error - 2/9/2010 11:29:31 PM | Computer Name = HOMEXP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02e6f7a0.

Error - 2/9/2010 11:45:28 PM | Computer Name = HOMEXP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02e6f7a0.

Error - 2/10/2010 12:07:12 AM | Computer Name = HOMEXP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02e6f7a0.

Error - 2/10/2010 12:58:16 AM | Computer Name = HOMEXP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02e6f7a0.

Error - 2/10/2010 1:16:07 AM | Computer Name = HOMEXP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02f2f7a0.

Error - 2/10/2010 7:11:03 PM | Computer Name = HOMEXP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02f2f7a0.

Error - 2/10/2010 7:19:18 PM | Computer Name = HOMEXP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3564 (0xdec) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\VirusScan\Engine\5301.4018\config.dat

by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ OSession Events ]
Error - 10/9/2007 12:49:03 AM | Computer Name = HOMEXP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1831
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 4/17/2008 10:52:48 PM | Computer Name = HOMEXP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1945
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/10/2010 12:31:02 AM | Computer Name = HOMEXP | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/10/2010 12:43:35 AM | Computer Name = HOMEXP | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/10/2010 12:57:47 AM | Computer Name = HOMEXP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 SBRE

Error - 2/10/2010 12:59:20 AM | Computer Name = HOMEXP | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%2147549465

Error - 2/10/2010 12:59:42 AM | Computer Name = HOMEXP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 2/10/2010 1:00:52 AM | Computer Name = HOMEXP | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 88e5a160, parameter3
88e5a578, parameter4 1a830017.

Error - 2/10/2010 1:01:04 AM | Computer Name = HOMEXP | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 88f0e3c8, parameter3
88f0e7e0, parameter4 1a830014.

Error - 2/10/2010 7:08:07 PM | Computer Name = HOMEXP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 SBRE

Error - 2/10/2010 7:19:51 PM | Computer Name = HOMEXP | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/10/2010 7:20:19 PM | Computer Name = HOMEXP | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.


< End of report >


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 13 February 2010 - 06:29 AM

Hi,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.






Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 13 February 2010 - 04:44 PM

Hi,

I noticed MBAM and the TDSS command prompt output showed nothing removed. So I did a test of Google search (we run Firefox) to see if I get any redirects. None so far after clicking on about 10 different links. When I was having the problem, it redirected about one out of every two links. I understand that I haven't been given the 'all clear' but wanted to pass that along.

We are still getting a 'Data Execution Prevention' error popping up when we start up the computer. I figured I'd address that after I know the computer is clean.

Here are the results of the scans:

TDSSKiller.txt:

11:58:39:046 1612 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
11:58:39:046 1612 ================================================================================
11:58:39:046 1612 SystemInfo:

11:58:39:046 1612 OS Version: 5.1.2600 ServicePack: 3.0
11:58:39:046 1612 Product type: Workstation
11:58:39:046 1612 ComputerName: HOMEXP
11:58:39:046 1612 UserName: HP_Administrator
11:58:39:046 1612 Windows directory: C:\WINDOWS
11:58:39:046 1612 Processor architecture: Intel x86
11:58:39:046 1612 Number of processors: 1
11:58:39:046 1612 Page size: 0x1000
11:58:39:046 1612 Boot type: Normal boot
11:58:39:046 1612 ================================================================================
11:58:39:046 1612 UnloadDriverW: NtUnloadDriver error 2
11:58:39:046 1612 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
11:58:39:046 1612 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
11:58:39:218 1612 UtilityInit: KLMD drop and load success
11:58:39:218 1612 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
11:58:39:218 1612 UtilityInit: KLMD open success
11:58:39:218 1612 UtilityInit: Initialize success
11:58:39:218 1612
11:58:39:218 1612 Scanning Services ...
11:58:39:218 1612 CreateRegParser: Registry parser init started
11:58:39:218 1612 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
11:58:39:218 1612 CreateRegParser: DisableWow64Redirection error
11:58:39:218 1612 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
11:58:39:218 1612 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
11:58:39:218 1612 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:58:39:218 1612 wfopen_ex: Trying to KLMD file open
11:58:39:218 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
11:58:39:218 1612 wfopen_ex: File opened ok (Flags 2)
11:58:39:218 1612 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384CD8
11:58:39:218 1612 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
11:58:39:218 1612 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
11:58:39:218 1612 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:58:39:218 1612 wfopen_ex: Trying to KLMD file open
11:58:39:218 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
11:58:39:218 1612 wfopen_ex: File opened ok (Flags 2)
11:58:39:218 1612 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384B50
11:58:39:218 1612 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
11:58:39:218 1612 CreateRegParser: EnableWow64Redirection error
11:58:39:218 1612 CreateRegParser: RegParser init completed
11:58:39:875 1612 GetAdvancedServicesInfo: Raw services enum returned 376 services
11:58:39:890 1612 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
11:58:39:890 1612 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
11:58:39:890 1612
11:58:39:890 1612 Scanning Kernel memory ...
11:58:39:890 1612 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
11:58:39:890 1612 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A512A08
11:58:39:890 1612 DetectCureTDL3: KLMD_GetDeviceObjectList returned 13 DevObjects
11:58:39:890 1612
11:58:39:890 1612 DetectCureTDL3: DEVICE_OBJECT: 89E0C780
11:58:39:890 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E0C780
11:58:39:890 1612 KLMD_ReadMem: Trying to ReadMemory 0x89E0C780[0x38]
11:58:39:890 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:890 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:890 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:890 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:890 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:890 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:890 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:890 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:890 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:890 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:890 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:890 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:890 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:890 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:890 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:890 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:890 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:890 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:890 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:921 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:921 1612
11:58:39:921 1612 DetectCureTDL3: DEVICE_OBJECT: 89E0DC18
11:58:39:921 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E0DC18
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0x89E0DC18[0x38]
11:58:39:921 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:921 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:921 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:921 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:921 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:921 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:921 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:921 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:921 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:921 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:921 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:921 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:921 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:921 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:921 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:921 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:921 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:921 1612
11:58:39:921 1612 DetectCureTDL3: DEVICE_OBJECT: 89DD7408
11:58:39:921 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DD7408
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DD7408[0x38]
11:58:39:921 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:921 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:921 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:921 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:921 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:921 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:921 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:921 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:921 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:921 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:921 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:921 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:921 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:921 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:921 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:921 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:921 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:921 1612
11:58:39:921 1612 DetectCureTDL3: DEVICE_OBJECT: 89DA07A8
11:58:39:921 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DA07A8
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DA07A8[0x38]
11:58:39:921 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:921 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:921 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:921 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:921 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:921 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:921 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:937 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:937 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:937 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:937 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:937 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:937 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:937 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:937 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:937 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:937 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:937 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:937 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:937 1612
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 89C67570
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C67570
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x89C67570[0x38]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:937 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:937 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:937 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:937 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:937 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:937 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:937 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:937 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:937 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:937 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:937 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:937 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:937 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:937 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:937 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:937 1612
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 8A1F6AB8
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1F6AB8
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 89D74C90
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D74C90
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x89D74C90[0x38]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT: 89DAB870
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DAB870[0xA8]
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xE181B418[0x1E]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
11:58:39:937 1612 DetectCureTDL3: IrpHandler (0) addr: BAC3D218
11:58:39:937 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (2) addr: BAC3D218
11:58:39:937 1612 DetectCureTDL3: IrpHandler (3) addr: BAC3D23C
11:58:39:937 1612 DetectCureTDL3: IrpHandler (4) addr: BAC3D23C
11:58:39:937 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (14) addr: BAC3D180
11:58:39:937 1612 DetectCureTDL3: IrpHandler (15) addr: BAC389E6
11:58:39:937 1612 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (22) addr: BAC3C5F0
11:58:39:937 1612 DetectCureTDL3: IrpHandler (23) addr: BAC3AA6E
11:58:39:937 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xBAC39F26[0x400]
11:58:39:937 1612 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
11:58:39:937 1612 TDL3_FileDetect: Processing driver: usbstor
11:58:39:937 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:937 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:937 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
11:58:39:937 1612
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 8A40D8D0
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A40D8D0
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 8A260930
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A260930
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A260930[0x38]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT: 89DAB870
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DAB870[0xA8]
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xE181B418[0x1E]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
11:58:39:937 1612 DetectCureTDL3: IrpHandler (0) addr: BAC3D218
11:58:39:937 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (2) addr: BAC3D218
11:58:39:937 1612 DetectCureTDL3: IrpHandler (3) addr: BAC3D23C
11:58:39:937 1612 DetectCureTDL3: IrpHandler (4) addr: BAC3D23C
11:58:39:937 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (14) addr: BAC3D180
11:58:39:937 1612 DetectCureTDL3: IrpHandler (15) addr: BAC389E6
11:58:39:937 1612 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (22) addr: BAC3C5F0
11:58:39:937 1612 DetectCureTDL3: IrpHandler (23) addr: BAC3AA6E
11:58:39:937 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xBAC39F26[0x400]
11:58:39:937 1612 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
11:58:39:937 1612 TDL3_FileDetect: Processing driver: usbstor
11:58:39:937 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:937 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:937 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
11:58:39:937 1612
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 8A3A1290
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3A1290
11:58:39:937 1612 DetectCureTDL3: DEVICE_OBJECT: 89DEE030
11:58:39:937 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DEE030
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DEE030[0x38]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT: 89DAB870
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DAB870[0xA8]
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xE181B418[0x1E]
11:58:39:937 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
11:58:39:937 1612 DetectCureTDL3: IrpHandler (0) addr: BAC3D218
11:58:39:937 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (2) addr: BAC3D218
11:58:39:937 1612 DetectCureTDL3: IrpHandler (3) addr: BAC3D23C
11:58:39:937 1612 DetectCureTDL3: IrpHandler (4) addr: BAC3D23C
11:58:39:937 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (14) addr: BAC3D180
11:58:39:937 1612 DetectCureTDL3: IrpHandler (15) addr: BAC389E6
11:58:39:937 1612 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (22) addr: BAC3C5F0
11:58:39:937 1612 DetectCureTDL3: IrpHandler (23) addr: BAC3AA6E
11:58:39:937 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:937 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:937 1612 KLMD_ReadMem: Trying to ReadMemory 0xBAC39F26[0x400]
11:58:39:937 1612 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
11:58:39:937 1612 TDL3_FileDetect: Processing driver: usbstor
11:58:39:937 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:937 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:968 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
11:58:39:968 1612
11:58:39:968 1612 DetectCureTDL3: DEVICE_OBJECT: 8A214378
11:58:39:968 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A214378
11:58:39:968 1612 DetectCureTDL3: DEVICE_OBJECT: 89EE2030
11:58:39:968 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EE2030
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0x89EE2030[0x38]
11:58:39:968 1612 DetectCureTDL3: DRIVER_OBJECT: 89DAB870
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DAB870[0xA8]
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0xE181B418[0x1E]
11:58:39:968 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
11:58:39:968 1612 DetectCureTDL3: IrpHandler (0) addr: BAC3D218
11:58:39:968 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (2) addr: BAC3D218
11:58:39:968 1612 DetectCureTDL3: IrpHandler (3) addr: BAC3D23C
11:58:39:968 1612 DetectCureTDL3: IrpHandler (4) addr: BAC3D23C
11:58:39:968 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (14) addr: BAC3D180
11:58:39:968 1612 DetectCureTDL3: IrpHandler (15) addr: BAC389E6
11:58:39:968 1612 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (22) addr: BAC3C5F0
11:58:39:968 1612 DetectCureTDL3: IrpHandler (23) addr: BAC3AA6E
11:58:39:968 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0xBAC39F26[0x400]
11:58:39:968 1612 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
11:58:39:968 1612 TDL3_FileDetect: Processing driver: usbstor
11:58:39:968 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:968 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:968 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
11:58:39:968 1612
11:58:39:968 1612 DetectCureTDL3: DEVICE_OBJECT: 89E023C8
11:58:39:968 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E023C8
11:58:39:968 1612 DetectCureTDL3: DEVICE_OBJECT: 89C66858
11:58:39:968 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C66858
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0x89C66858[0x38]
11:58:39:968 1612 DetectCureTDL3: DRIVER_OBJECT: 89DAB870
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0x89DAB870[0xA8]
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0xE181B418[0x1E]
11:58:39:968 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
11:58:39:968 1612 DetectCureTDL3: IrpHandler (0) addr: BAC3D218
11:58:39:968 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (2) addr: BAC3D218
11:58:39:968 1612 DetectCureTDL3: IrpHandler (3) addr: BAC3D23C
11:58:39:968 1612 DetectCureTDL3: IrpHandler (4) addr: BAC3D23C
11:58:39:968 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (14) addr: BAC3D180
11:58:39:968 1612 DetectCureTDL3: IrpHandler (15) addr: BAC389E6
11:58:39:968 1612 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (22) addr: BAC3C5F0
11:58:39:968 1612 DetectCureTDL3: IrpHandler (23) addr: BAC3AA6E
11:58:39:968 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0xBAC39F26[0x400]
11:58:39:968 1612 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
11:58:39:968 1612 TDL3_FileDetect: Processing driver: usbstor
11:58:39:968 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:968 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:39:968 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
11:58:39:968 1612
11:58:39:968 1612 DetectCureTDL3: DEVICE_OBJECT: 8A50FC68
11:58:39:968 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A50FC68
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A50FC68[0x38]
11:58:39:968 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:968 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:968 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:968 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:968 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:968 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:968 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:968 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:968 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:968 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:968 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:968 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:968 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:984 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:984 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:984 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:984 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:984 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:984 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:984 1612
11:58:39:984 1612 DetectCureTDL3: DEVICE_OBJECT: 8A5439F0
11:58:39:984 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5439F0
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A5439F0[0x38]
11:58:39:984 1612 DetectCureTDL3: DRIVER_OBJECT: 8A512A08
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A512A08[0xA8]
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0xE1022830[0x18]
11:58:39:984 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:58:39:984 1612 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
11:58:39:984 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
11:58:39:984 1612 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
11:58:39:984 1612 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
11:58:39:984 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
11:58:39:984 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
11:58:39:984 1612 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
11:58:39:984 1612 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
11:58:39:984 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
11:58:39:984 1612 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
11:58:39:984 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:984 1612 TDL3_FileDetect: Processing driver: Disk
11:58:39:984 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:984 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:39:984 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
11:58:39:984 1612
11:58:39:984 1612 DetectCureTDL3: DEVICE_OBJECT: 8A544AB8
11:58:39:984 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A544AB8
11:58:39:984 1612 DetectCureTDL3: DEVICE_OBJECT: 8A551F18
11:58:39:984 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A551F18
11:58:39:984 1612 DetectCureTDL3: DEVICE_OBJECT: 8A592940
11:58:39:984 1612 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A592940
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A592940[0x38]
11:58:39:984 1612 DetectCureTDL3: DRIVER_OBJECT: 8A5516E8
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0x8A5516E8[0xA8]
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0xE17E75B8[0x1A]
11:58:39:984 1612 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
11:58:39:984 1612 DetectCureTDL3: IrpHandler (0) addr: BA6406F2
11:58:39:984 1612 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (2) addr: BA6406F2
11:58:39:984 1612 DetectCureTDL3: IrpHandler (3) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (4) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (14) addr: BA640712
11:58:39:984 1612 DetectCureTDL3: IrpHandler (15) addr: BA63C852
11:58:39:984 1612 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (22) addr: BA64073C
11:58:39:984 1612 DetectCureTDL3: IrpHandler (23) addr: BA647336
11:58:39:984 1612 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:58:39:984 1612 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:58:39:984 1612 KLMD_ReadMem: Trying to ReadMemory 0xBA63D864[0x400]
11:58:39:984 1612 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
11:58:39:984 1612 TDL3_FileDetect: Processing driver: atapi
11:58:39:984 1612 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
11:58:39:984 1612 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
11:58:40:000 1612 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
11:58:40:000 1612
11:58:40:000 1612 Completed
11:58:40:000 1612
11:58:40:000 1612 Results:
11:58:40:000 1612 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
11:58:40:000 1612 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:58:40:000 1612 File objects infected / cured / cured on reboot: 0 / 0 / 0
11:58:40:000 1612
11:58:40:000 1612 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
11:58:40:000 1612 UtilityDeinit: KLMD(ARK) unloaded successfully

MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3734
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/13/2010 1:29:50 PM
mbam-log-2010-02-13 (13-29-50).txt

Scan type: Quick Scan
Objects scanned: 246320
Time elapsed: 47 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again for your help!
Vic

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 13 February 2010 - 05:50 PM

Hi,


We need to repair some of windows' internal registration settings
  1. Please download Dial-A-Fix from one of the following mirrors:
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




Also please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 15 February 2010 - 11:33 PM

Tom,

Everything ran correctly. Here are the logs:

ESET Scan:

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE\get[1].htm a variant of Win32/Cimag.BN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\screensavers_28[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\ipevulase.dll a variant of Win32/Cimag.BN trojan cleaned by deleting (after the next restart) - quarantined

OTL log:

OTL logfile created on: 2/15/2010 8:13:26 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 74.01 Gb Free Space | 41.63% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.11 Gb Total Space | 432.34 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEXP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/02/04 19:09:28 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 19:08:24 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/10 10:50:18 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/08/17 22:48:08 | 018,341,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/06 17:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/05 18:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/01 11:42:28 | 000,263,416 | ---- | M] (Cloudmark, Inc.) -- C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 19:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/05/21 00:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/11/10 16:50:28 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/10/28 14:12:04 | 000,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/10/23 05:46:44 | 000,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/08/13 23:34:44 | 000,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/13 21:29:40 | 000,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/10 04:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/12/01 11:42:30 | 000,836,856 | ---- | M] (Cloudmark, Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Cloudmark\SpamNet\snoew32h_1.dll
MOD - [2005/11/10 16:50:27 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - [2010/02/04 19:09:28 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/03 19:55:25 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/28 19:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005/10/23 05:46:44 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/08/13 21:29:40 | 000,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/13 20:05:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ridgenet.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ridgenet.net/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {22CDE29F-2521-4B2C-98DD-C9E4E93EC978}:1.9.1
FF - prefs.js..extensions.enabledItems: {A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}:1.9.1
FF - prefs.js..extensions.enabledItems: {E70D1BF9-8C58-4891-B413-5BFB4B462E5F}:1.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978} [2010/01/15 22:59:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}: C:\Documents and Settings\Lauren\Local Settings\Application Data\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39} [2010/01/17 19:35:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F}: C:\Documents and Settings\Sean\Local Settings\Application Data\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F} [2010/01/17 20:09:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/09 09:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 17:02:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 10:50:32 | 000,000,000 | ---D | M]

[2008/06/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/02/15 13:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions
[2009/11/07 10:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
[2009/08/23 09:15:22 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2009/11/07 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{4D8EA347-E120-4f00-A46B-6EBE988A6213}
[2009/03/29 16:56:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008/08/28 15:29:36 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2009/05/02 18:10:05 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2009/08/23 09:15:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/20 20:01:09 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2009/08/23 09:15:21 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2008/03/14 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\moveplayer@movenetworks.com
[2008/09/02 19:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Wsufefokibofaxa] C:\WINDOWS\ipevulase.DLL File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk = C:\WINDOWS\Installer\{27240968-45DD-4C73-9EFA-FE7D2854B673}\SC_1.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1188355936322 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 16:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 11:12:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/15 15:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/15 15:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/15 14:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Dial-a-fix-v0.60.0.24
[2010/02/15 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/02/15 14:23:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/15 14:23:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/02/15 14:22:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/02/15 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/02/13 12:00:37 | 000,000,000 | ---D | C] -- C:\Desktop
[2010/02/13 11:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller
[2010/02/12 22:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Tracing
[2010/02/10 17:53:40 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/09 20:42:05 | 000,000,000 | --SD | C] -- C:\schrauber
[2010/02/09 20:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/09 19:27:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 19:27:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 19:27:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 19:27:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 19:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 19:25:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/04 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/04 14:34:32 | 000,175,880 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/01/31 16:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/01/30 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/21 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/21 21:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/14 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/01/29 18:12:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/08/15 12:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/10 15:53:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/12 06:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/15 20:16:01 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/15 19:08:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 19:08:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/15 19:06:51 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$Lauren_school_sheet.xlsx
[2010/02/15 15:18:14 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/15 15:04:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/15 15:04:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/15 14:58:35 | 000,356,352 | ---- | M] (DjLizard.net) -- C:\Documents and Settings\HP_Administrator\Desktop\Dial-a-fix.exe
[2010/02/15 14:52:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/15 14:52:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/15 14:52:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/15 14:45:43 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk
[2010/02/15 14:45:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/15 14:45:19 | 000,011,199 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/15 14:44:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/15 14:44:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/15 14:44:24 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/15 14:42:59 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/02/15 14:42:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/02/15 14:42:09 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series User Registration.LNK
[2010/02/15 14:28:58 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/02/15 14:28:46 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/02/15 14:26:53 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 2.1.lnk
[2010/02/15 14:26:00 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2010/02/15 14:25:48 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2010/02/15 14:25:26 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series On-screen Manual.lnk
[2010/02/15 14:20:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Imelobi.dat
[2010/02/15 09:36:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xyuzahixu.bin
[2010/02/13 11:56:43 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/02/12 23:20:29 | 002,113,722 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/02/12 19:19:04 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to simscd.ico.lnk
[2010/02/10 22:06:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 20:05:57 | 000,012,927 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Creighton Activity Resume.docx
[2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/08 22:06:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/08 17:53:45 | 000,005,892 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.zip
[2010/02/08 17:40:46 | 000,013,671 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Microsoft Office Word Document.docx
[2010/02/08 17:37:51 | 002,160,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Instructions.bmp
[2010/02/08 17:36:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tzuozprs.exe
[2010/02/08 17:28:16 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/02/07 20:22:57 | 000,169,857 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Come and Join Us.pptx
[2010/02/05 14:19:12 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 11:51:11 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 09:52:20 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrintMaster Gold 18.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/15 19:06:51 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$Lauren_school_sheet.xlsx
[2010/02/15 15:17:59 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/15 14:42:09 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series User Registration.LNK
[2010/02/15 14:28:58 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/02/15 14:28:46 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/02/15 14:26:53 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 2.1.lnk
[2010/02/15 14:26:00 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2010/02/15 14:25:48 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2010/02/15 14:25:26 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series On-screen Manual.lnk
[2010/02/15 14:23:57 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\CNC1735D.TBL
[2010/02/15 14:22:20 | 000,117,850 | ---- | C] () -- C:\WINDOWS\System32\Cnmnput.chm
[2010/02/12 19:19:04 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to simscd.ico.lnk
[2010/02/11 16:12:10 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/09 19:27:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 19:27:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 19:27:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 19:27:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 19:27:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 19:17:11 | 000,012,927 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Creighton Activity Resume.docx
[2010/02/08 17:39:36 | 000,013,671 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Microsoft Office Word Document.docx
[2010/02/08 17:37:51 | 002,160,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Instructions.bmp
[2010/02/08 17:36:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tzuozprs.exe
[2010/02/08 17:34:54 | 000,005,892 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.zip
[2010/02/07 20:01:21 | 000,169,857 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Come and Join Us.pptx
[2010/02/04 15:46:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/04 15:46:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/04 15:46:21 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/07/17 20:25:19 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/17 20:25:19 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/17 20:23:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2007/12/12 18:52:49 | 000,040,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\FASTWiz.log
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/30 17:50:02 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/08/19 20:11:18 | 000,000,222 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/20 20:55:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/04/01 11:55:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/04/01 11:51:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/25 14:55:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2006/12/09 19:24:35 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/29 13:24:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/10/29 13:14:54 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/07/05 20:06:17 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/03 15:37:05 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/19 19:08:52 | 000,051,286 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/04/19 19:08:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/19 19:08:29 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
[2006/04/19 19:08:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/04/19 19:08:06 | 000,017,897 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/04/19 19:08:06 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/04/19 19:07:22 | 000,003,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log
[2006/04/19 19:07:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/19 19:05:58 | 000,006,617 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/19 19:05:58 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/19 19:02:31 | 000,041,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/19 19:02:31 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/02/13 18:31:40 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/01/09 12:00:07 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/08 19:59:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/10 17:15:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 16:54:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 16:49:39 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 16:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 16:46:56 | 000,001,211 | ---- | C] () -- C:\WINDOWS\Quicken-old.ini
[2005/11/10 16:43:35 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 16:38:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 16:38:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 16:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 16:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 16:32:35 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 16:31:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 16:20:01 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/10 16:18:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 16:02:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 15:55:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 15:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 15:55:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 12:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 14:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/02/01 09:25:42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

========== LOP Check ==========

[2009/06/16 23:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/11/23 11:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/15 14:23:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/09/30 17:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2006/06/05 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/02/10 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/06/21 09:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/07/17 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/01/30 11:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/16 23:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/26 20:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2010/01/31 16:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/31 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/03/21 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/13 20:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/22 18:57:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/02/15 19:08:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/15 14:52:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/15 14:52:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/15 14:52:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/15 19:08:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/30 13:29:28 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/01 01:14:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/27 14:09:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] () MD5=1F0A0D2D75AC8CF2D823DDC358AF61FD -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\scholastic.ai:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Thanks,
Vic

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 16 February 2010 - 03:35 PM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [Wsufefokibofaxa] C:\WINDOWS\ipevulase.DLL File not found
    O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 16 February 2010 - 11:37 PM

Hi,

Both OTL scans ran successfully. Here are the logs.

'Run Fix' log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wsufefokibofaxa deleted successfully.
D:\Autorun.inf moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.28.0 log created on 02162010_193251

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Follow up scan log:

OTL logfile created on: 2/16/2010 7:43:30 PM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 73.93 Gb Free Space | 41.58% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.11 Gb Total Space | 432.57 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEXP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe (Cloudmark, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Cloudmark\SpamNet\snoew32h_1.dll (Cloudmark, Inc.)
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll (BackWeb)


========== Win32 Services (SafeList) ==========

SRV - (Pml Driver HPZ12) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Soft India)
DRV - (UsbDiag) LGE CDMA USB Diagnostic Serial Port Drivers (WDM) -- C:\WINDOWS\system32\drivers\lgUsbDiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ridgenet.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ridgenet.net/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {22CDE29F-2521-4B2C-98DD-C9E4E93EC978}:1.9.1
FF - prefs.js..extensions.enabledItems: {A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}:1.9.1
FF - prefs.js..extensions.enabledItems: {E70D1BF9-8C58-4891-B413-5BFB4B462E5F}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7


FF - HKLM\software\mozilla\Firefox\Extensions\\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{22CDE29F-2521-4B2C-98DD-C9E4E93EC978} [2010/01/15 22:59:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39}: C:\Documents and Settings\Lauren\Local Settings\Application Data\{A7442B05-673F-4F88-BCE0-5DAF2A1EBC39} [2010/01/17 19:35:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F}: C:\Documents and Settings\Sean\Local Settings\Application Data\{E70D1BF9-8C58-4891-B413-5BFB4B462E5F} [2010/01/17 20:09:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/09 09:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 17:02:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 10:50:32 | 000,000,000 | ---D | M]

[2008/06/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2008/06/18 17:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/16 15:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions
[2009/11/07 10:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
[2009/08/23 09:15:22 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2009/11/07 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{4D8EA347-E120-4f00-A46B-6EBE988A6213}
[2009/03/29 16:56:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008/08/28 15:29:36 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2009/05/02 18:10:05 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2009/08/23 09:15:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/20 20:01:09 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2009/08/23 09:15:21 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2008/03/14 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hyjpadcb.default\extensions\moveplayer@movenetworks.com
[2008/09/02 19:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/10 10:50:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/10 10:50:13 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/10 10:50:13 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/01/10 10:50:23 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/10 20:52:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/10 10:50:25 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/10 10:50:25 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/10 10:50:25 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/10 10:50:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/10 10:50:25 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/10 10:50:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/10 10:50:25 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk = C:\WINDOWS\Installer\{27240968-45DD-4C73-9EFA-FE7D2854B673}\SC_1.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1188355936322 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 16:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/16 19:32:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/15 22:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/15 15:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/15 15:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/15 14:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Dial-a-fix-v0.60.0.24
[2010/02/15 14:36:17 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/02/15 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/02/15 14:23:58 | 000,192,512 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC860O.DLL
[2010/02/15 14:23:58 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.DLL
[2010/02/15 14:23:57 | 001,331,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC860C.DLL
[2010/02/15 14:23:57 | 000,274,432 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC860L.DLL
[2010/02/15 14:23:57 | 000,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC860I.DLL
[2010/02/15 14:23:54 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serscan.sys
[2010/02/15 14:23:54 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjUS.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjTH.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjSE.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjRU.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjPT.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjPL.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjNL.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjIT.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjID.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjGR.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjFR.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjFI.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjES.DLL
[2010/02/15 14:23:41 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjDE.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjTR.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjNO.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjKR.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjJP.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjHU.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjDK.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjCZ.DLL
[2010/02/15 14:23:41 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjAR.DLL
[2010/02/15 14:23:41 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjTW.DLL
[2010/02/15 14:23:41 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLjCN.DLL
[2010/02/15 14:23:40 | 000,225,792 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCF2Lj.DLL
[2010/02/15 14:23:40 | 000,167,936 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFMSj.EXE
[2010/02/15 14:23:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/15 14:23:19 | 000,236,032 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9N.DLL
[2010/02/15 14:23:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/02/15 14:22:59 | 000,104,960 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC860Z.DLL
[2010/02/15 14:22:56 | 000,178,176 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIU9N.DLL
[2010/02/15 14:22:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/02/15 14:22:20 | 000,363,008 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL
[2010/02/15 14:22:20 | 000,143,360 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL
[2010/02/15 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/02/13 12:00:37 | 000,000,000 | ---D | C] -- C:\Desktop
[2010/02/13 11:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller
[2010/02/12 22:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Tracing
[2010/02/10 17:53:40 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/09 20:42:05 | 000,000,000 | --SD | C] -- C:\schrauber
[2010/02/09 20:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/09 19:27:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 19:27:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 19:27:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 19:27:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 19:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 19:25:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/04 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/04 14:34:32 | 000,175,880 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/01/31 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western_Digital
[2010/01/31 16:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/31 16:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Western Digital
[2010/01/31 16:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/01/31 16:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/01/31 16:48:32 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/01/31 16:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/01/31 16:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western Digital
[2010/01/30 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/30 13:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/01/30 13:30:01 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/01/30 13:30:01 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/01/30 13:30:01 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/01/30 13:29:54 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/01/30 13:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/30 13:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/01/30 13:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/30 13:23:19 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/01/30 13:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/01/23 18:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/01/23 18:35:17 | 000,000,000 | ---D | C] -- C:\rsit
[2010/01/23 18:30:38 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\RootRepeal.exe
[2010/01/22 19:08:23 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/22 18:57:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/22 18:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/22 16:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2010/01/21 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/21 19:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/21 18:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/07/21 21:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/14 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/01/29 18:12:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/08/15 12:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/10 15:53:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/12 06:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/16 19:46:01 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/16 19:42:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/16 19:42:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/16 19:42:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/16 19:42:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/16 19:42:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/16 19:36:40 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk
[2010/02/16 19:35:46 | 000,012,817 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/16 19:35:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/16 19:35:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/16 19:35:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/16 19:34:58 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 19:33:51 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/02/16 19:33:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/02/15 22:36:05 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/15 22:06:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 15:18:14 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/15 15:04:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/15 15:04:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/15 14:58:35 | 000,356,352 | ---- | M] (DjLizard.net) -- C:\Documents and Settings\HP_Administrator\Desktop\Dial-a-fix.exe
[2010/02/15 14:42:09 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series User Registration.LNK
[2010/02/15 14:28:58 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/02/15 14:28:46 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/02/15 14:26:53 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 2.1.lnk
[2010/02/15 14:26:00 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2010/02/15 14:25:48 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2010/02/15 14:25:26 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series On-screen Manual.lnk
[2010/02/15 14:20:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Imelobi.dat
[2010/02/15 09:36:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xyuzahixu.bin
[2010/02/13 11:56:43 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/02/12 23:20:29 | 002,113,722 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/02/12 19:19:04 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to simscd.ico.lnk
[2010/02/10 22:06:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 20:05:57 | 000,012,927 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Creighton Activity Resume.docx
[2010/02/10 17:53:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/08 17:53:45 | 000,005,892 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.zip
[2010/02/08 17:40:46 | 000,013,671 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Microsoft Office Word Document.docx
[2010/02/08 17:37:51 | 002,160,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Instructions.bmp
[2010/02/08 17:36:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tzuozprs.exe
[2010/02/08 17:28:16 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/02/07 20:22:57 | 000,169,857 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Come and Join Us.pptx
[2010/02/05 14:19:12 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 11:51:11 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 09:52:20 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrintMaster Gold 18.lnk
[2010/02/01 19:15:21 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\RootRepeal.exe
[2010/02/01 01:14:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/01 01:14:20 | 000,002,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install Rhapsody.lnk
[2010/01/31 16:48:53 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/01/31 16:48:52 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/01/31 16:47:19 | 000,475,512 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/31 16:47:19 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/31 16:47:19 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 13:35:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/30 13:29:28 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/25 19:05:35 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\spider.sav
[2010/01/23 18:34:52 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
[2010/01/23 18:31:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\settings.dat
[2010/01/23 06:20:14 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/01/23 06:20:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/22 18:56:59 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/22 18:40:59 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2010/01/22 16:27:38 | 012,134,840 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\FullRegistryBackup100122.cab
[2010/01/22 08:56:12 | 000,001,593 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2010/01/18 13:30:35 | 000,014,651 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Seans Resume.docx
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/15 22:36:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/15 15:17:59 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/15 14:42:09 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series User Registration.LNK
[2010/02/15 14:28:58 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/02/15 14:28:46 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/02/15 14:26:53 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 2.1.lnk
[2010/02/15 14:26:00 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2010/02/15 14:25:48 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2010/02/15 14:25:26 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX860 series On-screen Manual.lnk
[2010/02/15 14:23:57 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\CNC1735D.TBL
[2010/02/15 14:22:20 | 000,117,850 | ---- | C] () -- C:\WINDOWS\System32\Cnmnput.chm
[2010/02/12 19:19:04 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to simscd.ico.lnk
[2010/02/11 16:12:10 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/09 19:27:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 19:27:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 19:27:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 19:27:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 19:27:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 19:17:11 | 000,012,927 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Creighton Activity Resume.docx
[2010/02/08 17:39:36 | 000,013,671 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Microsoft Office Word Document.docx
[2010/02/08 17:37:51 | 002,160,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Instructions.bmp
[2010/02/08 17:36:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tzuozprs.exe
[2010/02/08 17:34:54 | 000,005,892 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.zip
[2010/02/07 20:01:21 | 000,169,857 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Come and Join Us.pptx
[2010/02/04 15:46:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/04 15:46:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/04 15:46:21 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/01 19:06:48 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/01/31 16:48:53 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/01/31 16:48:51 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/01/30 13:40:05 | 000,012,817 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/30 13:35:53 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/30 13:29:28 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/30 13:29:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/23 18:34:52 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
[2010/01/23 18:31:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\settings.dat
[2010/01/23 00:05:41 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/22 19:08:50 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/22 18:56:58 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/22 18:40:59 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2010/01/22 16:27:38 | 012,134,840 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\FullRegistryBackup100122.cab
[2010/01/22 08:57:20 | 000,002,349 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cloudmark Desktop for Outlook Express.lnk
[2010/01/22 08:57:20 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
[2010/01/22 08:57:20 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/01/22 08:57:20 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
[2010/01/22 08:57:20 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
[2010/01/18 13:30:35 | 000,014,651 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Seans Resume.docx
[2009/07/17 20:25:19 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/17 20:25:19 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/17 20:23:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2007/12/12 18:52:49 | 000,040,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\FASTWiz.log
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/30 17:50:02 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/08/19 20:11:18 | 000,000,222 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/20 20:55:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/04/01 11:55:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/04/01 11:51:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/25 14:55:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2006/12/09 19:24:35 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/29 13:24:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/10/29 13:14:54 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/07/05 20:06:17 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/03 15:37:05 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/19 19:08:52 | 000,051,286 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/04/19 19:08:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/19 19:08:29 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
[2006/04/19 19:08:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/04/19 19:08:06 | 000,017,897 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/04/19 19:08:06 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/04/19 19:07:22 | 000,003,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log
[2006/04/19 19:07:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/19 19:05:58 | 000,006,617 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/19 19:05:58 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/19 19:02:31 | 000,041,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/19 19:02:31 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/02/13 18:31:40 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/01/09 12:00:07 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/08 19:59:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/10 17:15:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 16:54:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 16:49:39 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 16:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 16:46:56 | 000,001,211 | ---- | C] () -- C:\WINDOWS\Quicken-old.ini
[2005/11/10 16:43:35 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 16:38:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 16:38:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 16:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 16:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 16:32:35 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 16:31:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 16:20:01 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/10 16:18:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 16:02:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 15:55:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 15:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 15:55:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 12:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 14:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/02/01 09:25:42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\scholastic.ai:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Thanks!
Vic

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:20 PM

Posted 18 February 2010 - 01:41 PM

Hi,

How is it running now? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 VicW

VicW
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 18 February 2010 - 07:32 PM

Hi,

I have tested the Google links redirect and everything is working correctly there. thumbup.gif I think things are working again.

I still get a 'Data Execution Prevention' dialog box popping up every time we log into our account. The dialog box states that Windows has closed the program 'Generic Host Process for Win32 Services'. I began using msconfig to try to track this one down before contacting you but decided to wait until the computer was clean to see if it went away.

Do you have a link or guidance for tracking this one down?

Thanks again for your help. I couldn't have figured this one out this it.

v/r,
Vic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users