Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost my Computer - Malware/Trojan/Don't Know?!?


  • This topic is locked This topic is locked
18 replies to this topic

#1 monkeybearmum

monkeybearmum

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 13 February 2010 - 08:35 PM

Help! I've been building up to this problem for a few weeks now. Started with the "Antivirus Live" infection. Going back to previous restore points helped twice (reinfected 2nd time?). Then got a virus that redirected me from the search results on Google. Was annoying, but going back on page usually got me to the right site or I could copy and paste the link. I tried running SUPERAntiSpyware several times to remove some stuff, but that didn't do it. Installed and ran MalwareBytes and did a system scan. Deleted everything it found. Now, I could NOT go to old restore points - kept saying "restore failed". This morning, my husband found the computer looping through a restart cycle and he says he just hit F10 and told it to reboot or something (he didn't describe it exactly). I found the screen on a "Welcome to HP" sort of page that took me through what looked like a reload of all the system stuff - like when you first get the PC. Went through all that and thought the computer was wiped clean of all my old files. Even did a search for the file name under which all my personal documents are stored and it found nothing. Ran another antispyware scan and noticed it was scanning all the files I could "not see" when I looked on my C drive. FINALLY got the thing to show me hidden folders and files and there were all our old files. I kept ending up in a dummy folder called "FrontRoom". Now the computer is acting nuts and starts out really fast then slows WAY down and finally goes into hibernation mode and shuts down. Went into the "power" files and disabled hibernation - still shut down.
I have tried to follow all the instructions on the Prep Guide for HijackThis, but when I get to the point where I run the GMER scan, it gets about 45 minutes into the scan and then the whole thing shuts down and restarts. I'm not sure which logs that I generated are any use. The computer seems to have NONE of the programs or software (Word, PowerPoint, Excel, Adobe) it had before this freakout, but it still has some of the programs on the desktop I used for generating these diagnostic logs. I am baffled and I have not got the experience or computer programming savvy to have a clue what to do. I am going to attach all the logs I have manged to generate in the last couple of weeks - don't know what to do about the GMER scan. I cannot (with holding F8 or continually tapping F8) get Windows to open up into "safe mode". Hope someone can help me. Thanks.


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 13:40:58.51 on Thu 02/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.272 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Defogger.exe
C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\hp_own~1.fro\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\sslaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\docume~1\hp_own~1.fro\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-1-24 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\hp_own~1.fro\locals~1\temp\sas_selfextract\SASKUTIL.sys [2010-1-24 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050309.032\NAVENG.Sys [2005-5-26 73728]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050309.032\NavEx15.Sys [2005-5-26 631040]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 SASENUM;SASENUM;\??\c:\docume~1\hp_own~1.fro\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\hp_own~1.fro\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

=============== Created Last 30 ================

2010-02-11 19:38:40 0 ----a-w- c:\documents and settings\hp_owner.frontroom\defogger_reenable
2010-02-11 15:12:46 0 d-----w- c:\docume~1\hp_own~1.fro\applic~1\SUPERAntiSpyware.com
2010-02-11 15:08:06 0 d-sh--r- C:\cmdcons
2010-02-11 15:07:49 0 d-----w- c:\windows\setupupd
2010-02-11 14:09:54 0 d-----w- c:\docume~1\hp_own~1.fro\applic~1\Symantec
2010-02-11 14:07:18 0 d-----w- c:\windows\system32\RTCOM
2010-02-11 14:01:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-11 14:01:46 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-11 13:32:53 0 d-sh--r- c:\windows\system32\dllcache
2010-02-11 13:14:13 0 d-s---w- c:\documents and settings\hp_owner.frontroom\UserData
2010-02-11 13:14:08 594960 ----a-w- c:\windows\hpdj3840.hi1
2010-02-11 13:14:08 10497 ----a-w- c:\windows\hpdj3840.bu1
2010-02-11 13:13:52 516 ----a-w- c:\windows\hpbvspst.ini
2010-02-11 13:13:52 2175 ----a-w- c:\windows\hpbvspst.his
2010-02-11 13:11:53 0 d-----w- c:\windows\system32\Lang
2010-02-11 13:11:32 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-02-11 13:10:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-11 13:10:35 1828 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PX740AA-ABA A1102N_YC_0Pavi_QMXK526_E53NAheBLU3_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXH2_L409_M504_J160_7Intel_8Pentium 4_92.93_#051018_N10EC8139_Z11C1048C_G80862582.MRK
2010-02-11 09:30:55 8212 ----a-w- c:\windows\mfebcdata
2010-02-03 18:54:37 0 d--h--w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-25 21:49:04 0 d-----w- c:\program files\TrendMicro
2010-01-25 18:48:42 0 d--h--w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 18:48:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 13:15:11 120 ----a-w- c:\windows\Vrozi.dat
2010-01-25 13:15:11 0 ----a-w- c:\windows\Pjepocu.bin

==================== Find3M ====================

2010-02-11 16:18:10 3645 ----a-w- c:\windows\viassary-hp.reg

============= FINISH: 13:41:52.28 ==============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 18 February 2010 - 12:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrtiHello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 18 February 2010 - 02:19 PM

Hi Myrti,
Since posting my original problem and logs, we have attempted and (slightly successfully) managed to load Microsoft Word and use it. Still all kinds of craziness and I would really like to have my "old" computer back - minus the bugs, of course! Below is most of my original description of the problem, as well as the two log reports you requested. Really appreciate your help.
Angie

Description of the problem:
I've been building up to this problem for a few weeks now. Started with the "Antivirus Live" infection. Going back to previous restore points helped twice (reinfected 2nd time?). Then got a virus that redirected me from the search results on Google. Was annoying, but going back on page usually got me to the right site or I could copy and paste the link. I tried running SUPERAntiSpyware several times to remove some stuff, but that didn't do it. Installed and ran MalwareBytes and did a system scan. Deleted everything it found. Now, I could NOT go to old restore points - kept saying "restore failed". When my husband found the computer looping through a restart cycle and he says he just hit F10 and told it to reboot or something (he didn't describe it exactly). I found the screen on a "Welcome to HP" sort of page that took me through what looked like a reload of all the system stuff - like when you first get the PC. Went through all that and thought the computer was wiped clean of all my old files. Even did a search for the file name under which all my personal documents are stored and it found nothing. Ran another antispyware scan and noticed it was scanning all the files I could "not see" when I looked on my C drive. FINALLY got the thing to show me hidden folders and files and there were all our old files. I kept ending up in a dummy folder called "FrontRoom". I tried to follow all the instructions on the Prep Guide for HijackThis, but when I got to the point where I ran the GMER scan, it got about 45 minutes into the scan and then the whole thing shut down and restarts. The computer seems to have NONE of the programs or software (Word, PowerPoint, Excel, Adobe) it had before this freakout, but it still has some of the programs on the desktop I used for generating these diagnostic logs.

Here is the OTL report:

OTL logfile created on: 2/18/2010 12:44:12 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 27.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 90.22 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.25 Gb Free Space | 18.03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTROOM
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 12:43:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\OTL.exe
PRC - [2006/02/19 05:24:52 | 000,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/26 17:41:09 | 001,191,936 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2005/05/26 17:05:17 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2005/04/12 02:10:22 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/04/06 19:57:12 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/04/06 19:53:00 | 002,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/02/02 16:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.exe
PRC - [2005/01/23 11:31:34 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/11/05 03:28:24 | 000,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/11/03 00:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/10/14 00:04:14 | 000,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/14 00:03:54 | 000,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/30 12:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/27 17:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/27 17:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004/08/27 17:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/27 17:22:40 | 000,058,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/27 16:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/06/29 11:06:38 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/06/07 12:42:30 | 000,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe
PRC - [2004/03/04 22:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [1998/05/07 10:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 12:43:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\OTL.exe
MOD - [2004/08/24 16:05:02 | 000,197,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2004/08/04 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/02/21 12:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/11/03 00:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/10/22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/14 00:03:54 | 000,327,680 | ---- | M] (Apple Computer, Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/08/30 20:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2004/08/30 12:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/27 17:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/27 17:22:48 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/27 17:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/27 17:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/27 16:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/07/23 13:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 10:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/07/15 09:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/24 13:52:12 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/24 13:52:12 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/26 22:40:06 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/27 19:24:29 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/27 19:24:28 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/04/15 19:05:42 | 002,564,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/09 10:00:00 | 000,631,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050309.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2005/03/09 10:00:00 | 000,073,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050309.032\NAVENG.SYS -- (NAVENG)
DRV - [2005/01/26 10:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/23 12:05:06 | 000,804,317 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/19 18:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/10/15 15:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/09/14 22:38:26 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/08/27 16:02:28 | 000,266,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/27 16:02:26 | 000,025,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/08/27 16:02:24 | 000,034,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/08/27 16:02:20 | 000,046,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/08/27 16:02:18 | 000,171,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/08/27 16:02:16 | 000,011,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/08/26 08:03:38 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 06:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/23 13:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 13:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 10:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 11:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/26 23:31:14 | 000,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/18 00:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/06/04 07:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\S-1-5-21-3376508186-1344245484-2252305914-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\S-1-5-21-3376508186-1344245484-2252305914-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/02/09 08:04:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Owner.FRONTROOM\Start Menu\Programs\Startup\HP Organize.lnk = C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe (NeoPlanet)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3376508186-1344245484-2252305914-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/26 18:12:26 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4964d060-1715-11df-8ec2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4964d060-1715-11df-8ec2-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/11 07:45:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 12:43:12 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\OTL.exe
[2010/02/16 07:30:55 | 000,000,000 | ---D | C] -- C:\CMER
[2010/02/15 20:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents\My Albums
[2010/02/15 20:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\IsolatedStorage
[2010/02/15 20:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents\My Scans
[2010/02/15 15:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\pics
[2010/02/14 21:30:55 | 000,000,000 | ---D | C] -- C:\HJT
[2010/02/13 16:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\HP
[2010/02/13 16:00:50 | 000,046,592 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll43a.dll
[2010/02/13 16:00:32 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/02/13 15:59:12 | 000,049,664 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2010/02/13 15:59:12 | 000,016,496 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2010/02/13 15:59:05 | 000,614,400 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl2.dll
[2010/02/13 15:59:05 | 000,602,112 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax2.dll
[2010/02/13 15:59:05 | 000,254,026 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst09.dll
[2010/02/13 14:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\AdobeUM
[2010/02/13 14:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Adobe
[2010/02/13 12:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents\My eBooks
[2010/02/13 12:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Adobe
[2010/02/12 03:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/02/12 03:26:31 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/02/12 03:25:10 | 002,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/12 03:25:10 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/12 03:25:09 | 002,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/12 03:25:08 | 002,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/12 03:24:45 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/02/12 03:20:07 | 000,453,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/12 03:01:05 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/02/12 03:01:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/02/11 23:47:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/02/11 15:05:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/11 13:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\gmer
[2010/02/11 10:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Help
[2010/02/11 10:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Help
[2010/02/11 09:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\SUPERAntiSpyware.com
[2010/02/11 09:08:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/11 09:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/02/11 08:09:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Microsoft
[2010/02/11 08:09:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Cookies
[2010/02/11 08:09:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\SendTo
[2010/02/11 08:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents\My Videos
[2010/02/11 08:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents\My Pictures
[2010/02/11 08:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents\My Music
[2010/02/11 08:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\My Documents
[2010/02/11 08:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Favorites
[2010/02/11 08:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data
[2010/02/11 08:09:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\PrintHood
[2010/02/11 08:09:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\NetHood
[2010/02/11 08:09:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Symantec
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\SampleView
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Real
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Microsoft
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\InterMute
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Identities
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Google
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\ApplicationHistory
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\Apple Computer
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Apple Computer
[2010/02/11 08:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/02/11 08:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Start Menu
[2010/02/11 08:09:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Templates
[2010/02/11 08:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\WINDOWS
[2010/02/11 08:07:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/02/11 07:32:53 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/02/11 07:14:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\UserData
[2010/02/11 07:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\Macromedia
[2010/02/11 07:12:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.FRONTROOM\Recent
[2010/02/11 07:11:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/02/11 07:11:32 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/02/03 12:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/25 15:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/25 12:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/25 12:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/12 10:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/03 11:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/10/02 10:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/18 21:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/07/10 09:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2005/05/26 16:56:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/26 16:56:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/05/26 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/05/26 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 12:43:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\OTL.exe
[2010/02/18 11:08:42 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\NTUSER.DAT
[2010/02/17 06:48:19 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/02/16 19:10:53 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Artesian Lakes.doc
[2010/02/16 10:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/16 10:22:17 | 000,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/02/16 09:22:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/16 09:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/16 07:30:05 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/15 21:30:05 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\XanReturn.doc
[2010/02/15 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/02/14 21:45:57 | 000,052,776 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 18:16:29 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 18:14:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\ntuser.ini
[2010/02/14 18:10:46 | 000,052,776 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 17:57:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/14 17:06:31 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/02/14 16:47:41 | 000,117,655 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/02/14 16:47:13 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/13 19:16:53 | 000,441,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/13 19:16:53 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/13 19:16:53 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/13 16:05:06 | 000,000,141 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\fusioncache.dat
[2010/02/13 16:02:16 | 000,103,193 | ---- | M] () -- C:\WINDOWS\hpoins08.dat
[2010/02/13 14:24:52 | 000,162,068 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Linen&Tableware Price-guide.pdf
[2010/02/11 20:46:20 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Pavia_Small_3e_metadata.xls
[2010/02/11 13:44:23 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\gmer.zip
[2010/02/11 13:40:57 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\dds.scr
[2010/02/11 13:38:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\defogger_reenable
[2010/02/11 13:38:37 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Defogger.exe
[2010/02/11 09:08:17 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2010/02/11 08:47:30 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 08:46:44 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Documentation.lnk
[2010/02/11 08:09:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 08:07:50 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/11 08:07:46 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/02/11 08:06:36 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/02/11 08:02:13 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/11 07:22:06 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/02/11 07:21:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/02/11 07:21:37 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/02/11 07:14:37 | 000,045,429 | ---- | M] () -- C:\WINDOWS\hpdj3840.his
[2010/02/11 07:14:37 | 000,006,023 | ---- | M] () -- C:\WINDOWS\hpdj3840.ini
[2010/02/11 07:14:28 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 3840 Series User's Guide.lnk
[2010/02/11 07:14:05 | 000,002,175 | ---- | M] () -- C:\WINDOWS\hpbvspst.his
[2010/02/11 07:14:05 | 000,000,516 | ---- | M] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/11 07:13:31 | 000,002,158 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/11 07:12:03 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Register with HP.url
[2010/02/11 07:10:53 | 000,001,828 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX740AA-ABA A1102N_YC_0Pavi_QMXK526_E53NAheBLU3_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXH2_L409_M504_J160_7Intel_8Pentium 4_92.93_#051018_N10EC8139_Z11C1048C_G80862582.MRK
[2010/02/11 03:30:55 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/02/02 20:19:55 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010/02/01 01:00:20 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/25 12:49:03 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 07:15:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vrozi.dat
[2010/01/25 07:15:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pjepocu.bin
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/16 18:15:14 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Artesian Lakes.doc
[2010/02/14 17:59:25 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\XanReturn.doc
[2010/02/14 17:06:31 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/02/13 16:05:06 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\fusioncache.dat
[2010/02/13 15:59:13 | 000,103,193 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/02/13 15:59:13 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/13 15:59:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/02/13 14:24:52 | 000,162,068 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Linen&Tableware Price-guide.pdf
[2010/02/11 20:46:19 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Pavia_Small_3e_metadata.xls
[2010/02/11 13:44:21 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\gmer.zip
[2010/02/11 13:40:18 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\dds.scr
[2010/02/11 13:38:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\defogger_reenable
[2010/02/11 13:38:23 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Defogger.exe
[2010/02/11 09:08:15 | 000,000,213 | RHS- | C] () -- C:\BOOT.BAK
[2010/02/11 08:47:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 08:09:57 | 000,001,135 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Help and Support.lnk
[2010/02/11 08:09:53 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\NTUSER.DAT
[2010/02/11 08:09:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\ntuser.ini
[2010/02/11 08:07:41 | 000,002,097 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play WildGames.lnk
[2010/02/11 08:07:41 | 000,001,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOLŪ for Broadband.lnk
[2010/02/11 08:07:41 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2010/02/11 08:07:41 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOLŪ.lnk
[2010/02/11 08:07:41 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Extended Service Plans.lnk
[2010/02/11 08:07:41 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Software Repair Wizard.lnk
[2010/02/11 08:07:31 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/02/11 07:22:07 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Start Menu\Programs\Startup\HP Organize.lnk
[2010/02/11 07:22:06 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/02/11 07:21:37 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/02/11 07:14:28 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 3840 Series User's Guide.lnk
[2010/02/11 07:14:08 | 000,594,960 | ---- | C] () -- C:\WINDOWS\hpdj3840.hi1
[2010/02/11 07:14:08 | 000,010,497 | ---- | C] () -- C:\WINDOWS\hpdj3840.bu1
[2010/02/11 07:13:52 | 000,002,175 | ---- | C] () -- C:\WINDOWS\hpbvspst.his
[2010/02/11 07:13:52 | 000,000,516 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/11 07:12:03 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop\Register with HP.url
[2010/02/11 07:10:35 | 000,001,828 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX740AA-ABA A1102N_YC_0Pavi_QMXK526_E53NAheBLU3_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXH2_L409_M504_J160_7Intel_8Pentium 4_92.93_#051018_N10EC8139_Z11C1048C_G80862582.MRK
[2010/02/11 03:30:55 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/01/25 12:49:03 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 07:15:11 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vrozi.dat
[2010/01/25 07:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pjepocu.bin
[2010/01/24 16:38:24 | 000,155,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/08/26 10:07:10 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/03/21 12:35:28 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/03/21 12:35:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/01/19 16:42:37 | 000,000,359 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/11/23 13:14:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/11/23 09:44:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/11/22 21:00:02 | 000,001,294 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/11/20 16:09:34 | 000,004,630 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/12 13:27:49 | 000,000,320 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/10/09 08:57:56 | 000,001,024 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/09/28 09:25:06 | 000,000,058 | ---- | C] () -- C:\WINDOWS\cgabc.ini
[2007/09/27 19:39:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
[2007/05/08 12:39:33 | 000,000,165 | ---- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2006/11/29 09:28:45 | 000,006,023 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2006/08/21 14:16:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/05/26 18:14:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/26 18:11:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/26 18:11:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/26 18:11:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/26 18:11:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/26 18:11:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/26 18:11:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/26 17:41:37 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/26 17:41:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/26 17:41:11 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/26 17:38:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/26 17:17:59 | 000,002,737 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/26 17:16:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/26 17:11:44 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/26 17:01:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/26 16:59:16 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/26 16:59:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/26 16:58:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 11:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/19 23:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 23:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/15 22:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/29 04:59:21 | 000,000,010 | R--- | C] () -- C:\WINDOWS\PostmanPat.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/21 23:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/12/21 23:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/12/21 23:42:45 | 000,251,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/14 09:40:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/10/14 09:40:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/14 09:40:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/10/14 09:40:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/03 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/03 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 22:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Here is the Extra report:

OTL Extras logfile created on: 2/18/2010 12:44:12 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Owner.FRONTROOM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 27.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 90.22 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.25 Gb Free Space | 18.03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTROOM
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"14DD9322-0AAE-4DA4-90A9-EB42CF296127" = Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62" = Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"741C4983-B139-407A-AD4E-3D6C7B29704B" = Final Drive Nitro from Hewlett-Packard Desktops (remove only)
"7CEF0F00-BA1B-4861-A102-38CC86CA622B" = Phoenix Assault from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1" = Polar Golfer from Hewlett-Packard Desktops (remove only)
"B41503CB-5FE0-47E0-87C1-47BA8E660BCC" = Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"E2A4EA31-80A1-4460-9510-631AF4D6A636" = Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.8.6
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SpySubtract" = SpySubtract
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"WeatherBug" = Remove WeatherBug installer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2010 1:47:23 PM | Computer Name = FRONTROOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module vgx.dll, version 6.0.2900.2180, fault address 0x0005c4c7.

Error - 2/17/2010 2:53:21 PM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 2/18/2010 8:48:57 AM | Computer Name = FRONTROOM | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/18/2010 8:48:58 AM | Computer Name = FRONTROOM | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/18/2010 8:48:59 AM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 2/18/2010 11:37:08 AM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1500. Another installation is in progress. You must complete that installation before
continuing this one.

Error - 2/18/2010 11:39:21 AM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1500. Another installation is in progress. You must complete that installation before
continuing this one.

Error - 2/18/2010 11:39:21 AM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1500. Another installation is in progress. You must complete that installation before
continuing this one.

Error - 2/18/2010 11:39:22 AM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11500
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1500. Another installation is in progress. You must complete that installation before
continuing this one.

Error - 2/18/2010 11:40:43 AM | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 2/18/2010 11:35:19 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2010 11:35:20 AM | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 18 February 2010 - 02:31 PM

Hi,

please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

But I fear that you lost your user account. I had this happen to me recently and lost all data. I will confer with my colleagues and see if and how things can be saved.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 19 February 2010 - 02:38 PM

Myrti,

I have tried every way I can think of to run the GMER scan - none have worked. Disabled every possible antivirus/spyware/firewall software I could find. Ran it from the "main mirror" file, it started out fast, then slowed to a crawl. After about 6 hours of scan time, I tried pulling up the start menu and the computer crashed. When it was rebooting, I tried F8 (which has NOT worked before at all - no response to holding or pressing repeatedly) and this time it let me go into safe mode. I used "Safe Mode" (no networking) and the Windows XP program and it gave me 3 user options. HP user, my husband's user name (he created a new account a couple of days ago to attempt to load MS Word) and Administrator. I went into Administrator account and ran the GMER scan. It seemed to be zipping through it, but after about 1 hour I tried to move the cursor and it crashed again. Rebooted into safe mode and tried to run the scan from HP User account. It appeared to finish the scan, but there was no file to save when it finished. Tried to run it again this morning, and it appeared to be scanning successfully. One difference with this scan is that it appeared to have finished - so I tried to "save" the file and I got the message - "Insufficient system resources exist to complete the required service". Have not seen that before.

Any suggestions on where to go from here? I know I still have most of my data somewhere on the drive because when I sat and watched the GMER scan running through the files, I saw all my saved files as they flashed by. Are they just unaccessible? Are all of my programs there, just being blocked from my access?

Any help would be much appreciated.

Thanks,
Angie

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 20 February 2010 - 06:31 AM

Hi,

that is what I am trying to figure out. Hopefully yes, if we are out of luck now.

Leave gmer be for now. It sometimes will not run.

Instead please run the following script:

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :dir
    C:\documents and settings
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
Then please download profiles.exe from here: Download link and save it to your desktop.
Double click it to launch. It will open a log file prof.txt and save it to your Desktop as well.
Please post the content of said log file in your next reply as well.

regards myrti

Edited by myrti, 20 February 2010 - 12:44 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 February 2010 - 11:05 AM

Hi,

I was able to download and run the SystemLook file, but your second link "profiles.exe" says "URL not found". Let me know if there is a different link I should go to.

Here is the log from SystemLook:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:56 on 20/02/2010 by HP_Owner (Administrator - Elevation successful)

========== dir ==========

C:\documents and settings - Parameters: "(none)"

---Files---
None found.

---Folders---
Administrator d----- [03:47 19/02/2010]
All Users d----- [23:52 27/01/2005]
Default User d----- [23:53 27/01/2005]
HP_Owner d----- [19:08 18/10/2005]
HP_Owner.FRONTROOM d----- [14:09 11/02/2010]
LocalService d--hs- [22:56 26/05/2005]
NetworkService d--hs- [22:56 26/05/2005]
Simon d----- [22:58 14/02/2010]

-=End Of File=-

Thanks,
Angie

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 20 February 2010 - 12:45 PM

Hi,

I fixed the link in my previous post. Please try to download it now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 February 2010 - 12:57 PM

Great - ran it and here are the results:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3376508186-1344245484-2252305914-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HP_Owner.FRONTROOM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3376508186-1344245484-2252305914-1010
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Simon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3376508186-1344245484-2252305914-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 20 February 2010 - 01:11 PM

Hi,

can you go to C:\documents and settings do a right click on HP_owner and select properties. Can you tell me how big the folder is?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 February 2010 - 02:25 PM

Yeah, that's the big one (where it appears EVERYTHING I had is now residing). From the properties:

13.6 GB (14,693,805,042 bytes)
13,445 files, 2,181 folders

I'm sorry my replies are so far apart. We're getting ready to take my son to a b-day party, so I can only check for updates periodically. Going to be leaving now for a few hours, but I will check back as soon as we are home.

Thanks again,
Angie

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 20 February 2010 - 02:37 PM

Hi,

no stress! smile.gif Do the things when you have the time for it.

If you have the space for it please make a backup of the files. Copy the folder to a different location. Let's see if we can move the files back into place once you have the backups done.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 February 2010 - 10:21 PM

Myrti,

Still trying to back up my files. I have a teeny jump drive (1GB) and a bunch of CD's, so I'm trying to determine what I need to back up. I don't think I can copy the whole folder intact and, it turns out, my husband actually moved a pretty significantly sized folder (HP_Owner's Documents) out of the C:/Doc&Settings/HP_Owner folder and into the Documents folder you access from the startup menu - that folder is 15.8 GB, so I'm trying to back that up too.

What are the chances that if I dump stuff onto a jump drive and load it onto another computer (like my husband's laptop) that I will be dumping virus/spyware/malware stuff onto his drive too and we'll end up with 2 fried computers? I'm afraid my technical background is in science - not computers - so the idea of spreading infection is pretty literal with me smile.gif

If I am unable to do a complete backup, could you suggest which things I should focus on? I mean, I am trying to get pics, documents, scans, and music - but what about program files and such that might not be obvious to me?

Gonna have to call it a night now, but I will get back to it tomorrow. Any hints/tips/info you give me is great. I just really appreciate the help.

Angie

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 21 February 2010 - 08:43 AM

Hi,

first let me say that I think our chances of recovering the old user profile are very high. I would just like to be sure that any imperative data (eg half finished Ph.D thesis or the almost finished (published) book wink.gif ) don't vanish because of one bad command.
Second a 16Gb flash drive or SD card should be available nowadays for somewhere around 30$ as well, in case you don't want to take any risks at all. If you have the space on the present disk, you could also copy the file over to a folder on the same disk.

If you want to transfer your files with a flash drive, you can stop the infection from spreading by running the following tool:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

This will disable autorun function on your flash drive. Malware will still be able to copy itself onto the flash drive, but it won't be able to copy itself from the flash drive onto other PCs, it is disabled. So the second PC won't get infected. (neither will any other PC be infected by that flash drive ever again, unless you format it)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 monkeybearmum

monkeybearmum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 26 February 2010 - 09:26 PM

Myrti,

If you have not completely given up on me, I have decided that I am going to risk losing stuff - rather than continue my attempts to backup stuff. I can only get so far on file backup stuff, and something interrupts me and I lose track of where I left off...

If you want to begin giving me some pointers on how I can try restoring my old profile/user account, I would greatly appreciate it.

Also, was there any indication in the logs I generated what the "bugs" were that wiped me out in the first place? I figure knowing what they were and how I got them might be a starting point for not letting it happen again. The really frustrating thing is that we pay about $40 a month to have coverage by McAffee, which obviously is not enough coverage for the stuff that did the worst damage we've had to a computer yet.

Maybe you could also give me some tips on how to prevent this in the future?

Thanks again,
Angie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users