Please Help[RESOLVED]


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:26:46 AM, on 4/18/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...440/mcfscan.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 6943 bytes

Thanks alot!

Link to post
Share on other sites

hello

Download Security Check here or here and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\drivers\royal.sys
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

Thanks for helping.....heres the security scan

Results of screen317's Security Check version 0.98.3

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

``````````````````````````````

Windows Firewall Enabled!

``````````````````````````````

Anti-malware/Other Utilities Check:

``````````````````````````````

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 11

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

``````````````````````````````

``````````````````````````````

DNS Vulnerability Check:

``````````````````````````````

GREAT! (Very random)

Scan took 12 seconds.

`````````End of Log```````````

Link to post
Share on other sites

OTListIt Extras logfile created on: 4/19/2009 8:08:56 AM - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Local Settings\Temporary Internet Files\Content.IE5\7OIY7GYR

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 91.48 Mb Available Physical Memory | 36.96% Memory free

606.60 Mb Paging File | 403.64 Mb Available in Paging File | 66.54% Paging File free

Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 32.69 Gb Total Space | 15.13 Gb Free Space | 46.30% Space Free | Partition Type: NTFS

Drive D: | 5.58 Gb Total Space | 0.85 Gb Free Space | 15.26% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-86339EB2BF

Current User Name: HP_Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Disabled:BackWeb for Pavilion ()

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink File not found

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)

C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)

C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)

C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo

"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600

"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices

"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3FECA0B9-37A7-471C-AA8E-DB29FB0E936C}" = SA3020 Device Manager

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{8307E622-89E1-435A-BC8A-678C678F6A43}" = SA30xx Media Converter

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1

"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436

"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"BackWeb-309731 Uninstaller" = Updates from HP

"Free Window Registry Repair" = Free Window Registry Repair

"Help and Support Additions" = Help and Support Additions

"HijackThis" = HijackThis 2.0.2

"HP Photo & Imaging" = HP Image Zone 4.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"LimeWire" = LimeWire 4.18.8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MP3MMS" = USB MP3 Player Music Manage System

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"RealPlayer 6.0" = RealPlayer

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/5/2009 5:33:28 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2009 7:26:28 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2009 2:58:31 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 3:36:09 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 9:27:44 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2009 2:56:55 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/17/2009 2:41:48 AM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2009 3:56:00 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2009 3:56:09 PM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1001

Description = Fault bucket 126637809.

Error - 1/21/2009 10:05:30 AM | Computer Name = YOUR-86339EB2BF | Source = Application Hang | ID = 1002

Description = Hanging application USBMP3.exe, version 1.0.0.1, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 4/13/2009 9:13:11 AM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 4/13/2009 9:13:12 AM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 4/13/2009 9:13:12 AM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 4/13/2009 9:13:12 AM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 4/13/2009 9:13:12 AM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 4/16/2009 7:28:58 AM | Computer Name = YOUR-86339EB2BF | Source = Dhcp | ID = 1002

Description = The IP address lease 24.3.10.143 for the Network Card with network

address 00110946C015 has been denied by the DHCP server 192.168.100.1 (The DHCP

Server sent a DHCPNACK message).

Error - 4/16/2009 6:46:12 PM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the JavaQuickStarterService service.

Error - 4/17/2009 6:54:02 PM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the JavaQuickStarterService service.

Error - 4/18/2009 11:13:04 AM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

viaagp1

Error - 4/18/2009 1:40:54 PM | Computer Name = YOUR-86339EB2BF | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the JavaQuickStarterService service.

< End of report >

Link to post
Share on other sites

OTListIt logfile created on: 4/19/2009 8:08:56 AM - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Local Settings\Temporary Internet Files\Content.IE5\7OIY7GYR

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 91.48 Mb Available Physical Memory | 36.96% Memory free

606.60 Mb Paging File | 403.64 Mb Available in Paging File | 66.54% Paging File free

Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 32.69 Gb Total Space | 15.13 Gb Free Space | 46.30% Space Free | Partition Type: NTFS

Drive D: | 5.58 Gb Total Space | 0.85 Gb Free Space | 15.26% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-86339EB2BF

Current User Name: HP_Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)

PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Local Settings\Temporary Internet Files\Content.IE5\7OIY7GYR\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HCF_MSFT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys (Conexant)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (viaagp1 [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/23 09:34:19 | 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Key error. File not found

O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...440/mcfscan.cab (McFreeScan Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]

O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 -

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: AudioSrv - C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)

NetSvcs: Browser - C:\WINDOWS\System32\browser.dll (Microsoft Corporation)

NetSvcs: CryptSvc - C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)

NetSvcs: DMServer - C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)

NetSvcs: DHCP - C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)

NetSvcs: ERSvc - C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)

NetSvcs: EventSystem - C:\WINDOWS\system32\es.dll (Microsoft Corporation)

NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias -

NetSvcs: Iprip -

NetSvcs: Irmon -

NetSvcs: LanmanServer - C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)

NetSvcs: LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)

NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)

NetSvcs: Netman - C:\WINDOWS\System32\netman.dll (Microsoft Corporation)

NetSvcs: Nla - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

NetSvcs: Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation -

NetSvcs: Nwsapagent -

NetSvcs: Rasauto - C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)

NetSvcs: Rasman - C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)

NetSvcs: Remoteaccess - C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)

NetSvcs: Schedule - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)

NetSvcs: Seclogon - C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)

NetSvcs: SENS - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)

NetSvcs: Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)

NetSvcs: SRService - C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)

NetSvcs: Tapisrv - C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)

NetSvcs: Themes - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)

NetSvcs: TrkWks - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)

NetSvcs: W32Time - C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)

NetSvcs: WZCSVC - C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)

NetSvcs: Wmi -

NetSvcs: WmdmPmSp -

NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll (Microsoft Corporation)

NetSvcs: wscsvc - C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation)

NetSvcs: xmlprov - C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)

NetSvcs: BITS - C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)

NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

NetSvcs: ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

NetSvcs: WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll (Microsoft Corporation)

SafeBootMin: AppMgmt - %SystemRoot%\system32\svchost.exe (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)

SafeBootMin: DcomLaunch - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)

SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)

SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)

SafeBootMin: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)

SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Netlogon - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys (Microsoft Corporation)

SafeBootMin: SRService - %SystemRoot%\system32\srsvc.dll (Microsoft Corporation)

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)

SafeBootMin: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)

SafeBootNet: AppMgmt - %SystemRoot%\system32\svchost.exe (Microsoft Corporation)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: Browser - %SystemRoot%\System32\browser.dll (Microsoft Corporation)

SafeBootNet: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)

SafeBootNet: DcomLaunch - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootNet: Dhcp - %SystemRoot%\System32\dhcpcsvc.dll (Microsoft Corporation)

SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)

SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)

SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)

SafeBootNet: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)

SafeBootNet: DnsCache - %SystemRoot%\System32\dnsrslvr.dll (Microsoft Corporation)

SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: ip6fw.sys - %SystemRoot%\system32\DRIVERS\Ip6Fw.sys (Microsoft Corporation)

SafeBootNet: ipnat.sys - %SystemRoot%\system32\DRIVERS\ipnat.sys (Microsoft Corporation)

SafeBootNet: LanmanServer - %SystemRoot%\System32\srvsvc.dll (Microsoft Corporation)

SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll (Microsoft Corporation)

SafeBootNet: LmHosts - %SystemRoot%\System32\lmhsvc.dll (Microsoft Corporation)

SafeBootNet: Messenger - %SystemRoot%\System32\msgsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: Ndisuio - %SystemRoot%\system32\DRIVERS\ndisuio.sys (Microsoft Corporation)

SafeBootNet: NetBIOS - %SystemRoot%\system32\DRIVERS\netbios.sys (Microsoft Corporation)

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetBT - %SystemRoot%\system32\DRIVERS\netbt.sys (Microsoft Corporation)

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Netlogon - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)

SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NtLmSsp - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys (Microsoft Corporation)

SafeBootNet: rdpdd.sys - %SystemRoot%\System32\rdpdd.dll (Microsoft Corporation)

SafeBootNet: rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys (Microsoft Corporation)

SafeBootNet: rdsessmgr - %SystemRoot%\system32\sessmgr.exe (Microsoft Corporation)

SafeBootNet: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: SharedAccess - %SystemRoot%\System32\ipnathlp.dll (Microsoft Corporation)

SafeBootNet: sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys (Microsoft Corporation)

SafeBootNet: SRService - %SystemRoot%\system32\srsvc.dll (Microsoft Corporation)

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: Tcpip - %SystemRoot%\system32\DRIVERS\tcpip.sys (Microsoft Corporation)

SafeBootNet: TDI - Driver Group

SafeBootNet: tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys (Microsoft Corporation)

SafeBootNet: tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys (Microsoft Corporation)

SafeBootNet: termservice - %SystemRoot%\System32\termsrv.dll (Microsoft Corporation)

SafeBootNet: vga.sys - Driver

SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)

SafeBootNet: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)

SafeBootNet: WZCSVC - %SystemRoot%\System32\wzcsvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)

Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.LEAD - C:\WINDOWS\system32\LCODCCMP.DLL (LEAD Technologies, Inc.)

Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]

[2009/04/18 10:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Malwarebytes

[2009/04/18 10:57:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/04/18 10:57:03 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/04/18 10:57:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/04/18 10:56:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/04/18 10:26:24 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Desktop\HijackThis.lnk

[2009/04/10 07:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2009/04/09 08:52:37 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2009/04/09 08:52:37 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll

[2009/04/09 08:52:37 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/03/24 13:50:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2009/03/20 18:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\My Documents\Lizzie McGuire CD-ROMS

[2008/10/24 17:35:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/10/24 17:35:12 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/10/24 17:35:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/10/24 17:35:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/10/24 17:35:12 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/10/24 17:35:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2007/07/02 14:16:33 | 00,001,515 | ---- | C] () -- C:\WINDOWS\yahtzee.ini

[2007/01/08 23:52:59 | 00,000,434 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/10/07 00:32:47 | 00,000,910 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/04/06 23:24:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006/03/19 17:05:05 | 00,000,260 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2006/03/12 17:02:20 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/04/23 15:17:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2005/03/10 21:12:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2004/09/06 20:21:30 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/12 02:30:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/12 00:21:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/08/12 00:14:51 | 00,026,941 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/08/12 00:14:13 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/08/12 00:05:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/08/11 23:14:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/11 22:25:38 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/08/11 22:25:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/08/11 22:25:16 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/08/11 21:16:20 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 21:00:08 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/08/11 20:59:50 | 00,000,653 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/11 20:59:47 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2004/06/29 08:58:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/03/07 01:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll

[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2009/04/19 07:52:08 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2009/04/19 07:52:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/04/19 07:52:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/04/19 07:52:02 | 25,957,5808 | -HS- | M] () -- C:\hiberfil.sys

[2009/04/18 10:57:03 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/04/18 10:26:24 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Desktop\HijackThis.lnk

[2009/04/16 06:49:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/04/16 06:49:14 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/04/16 06:49:14 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/04/16 06:49:12 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/04/16 06:34:59 | 00,000,653 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/04/15 07:32:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/04/14 20:04:28 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\My Documents\spider.sav

[2009/04/10 09:09:01 | 00,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/03/27 03:09:32 | 01,193,414 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2009/03/21 10:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll

[2009/03/21 10:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll

========== LOP Check ==========

[2008/12/22 16:43:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/12/20 11:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2004/08/11 23:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2007/10/22 14:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe(2)

[2007/01/31 03:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL

[2006/04/06 23:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads

[2008/12/20 11:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2008/12/20 11:18:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2007/10/22 14:57:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7

[2006/03/23 22:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC

[2006/03/23 22:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software

[2008/09/29 12:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2007/10/22 14:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2004/08/11 23:32:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

[2008/07/15 14:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/10/24 19:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2008/12/29 17:06:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2004/08/12 00:22:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2007/11/16 15:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2008/07/23 18:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2007/10/18 10:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games

[2005/08/17 21:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks

[2004/08/12 00:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2004/08/11 21:18:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008/12/22 19:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2008/12/23 09:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2007/10/11 13:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2008/10/24 18:11:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2008/12/29 17:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2005/08/17 21:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2006/04/29 08:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/10/24 20:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!

[2009/04/18 10:57:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data

[2008/11/14 08:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Adobe

[2008/11/14 08:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\AdobeUM

[2004/08/12 00:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Apple Computer

[2008/11/21 19:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Auslogics

[2004/08/11 21:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Identities

[2008/12/29 20:51:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\InstallShield

[2008/10/30 11:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Leadertech

[2009/04/12 09:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\LimeWire

[2008/10/24 17:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Macromedia

[2009/04/18 10:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Malwarebytes

[2009/03/24 13:55:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Microsoft

[2008/11/22 13:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Motive

[2008/12/29 17:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Pogo Games

[2008/11/04 10:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Real

[2004/08/12 00:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\SampleView

[2008/10/30 11:33:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Sonic

[2004/08/11 22:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Sun

[2004/08/12 02:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Symantec

[2008/10/24 20:40:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\Yahoo!

[2009/04/15 07:32:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/04 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2008/10/07 06:39:32 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2008/10/07 06:39:29 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2009/04/19 07:52:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %SYSTEMDRIVE%\*. >

[2009/04/18 11:20:59 | 00,000,000 | ---D | M] -- C:

[2007/02/01 14:51:24 | 00,000,000 | RH-D | M] -- C:\$VAULT$.AVG

[2008/10/24 18:08:39 | 00,000,000 | RHSD | M] -- C:\cmdcons

[2006/02/25 01:15:01 | 00,000,000 | ---D | M] -- C:\cmdcons(2)

[1999/03/21 10:11:05 | 00,000,000 | ---D | M] -- C:\cmdcons(3)

[2009/04/16 06:37:29 | 00,000,000 | -H-D | M] -- C:\Config.Msi

[2008/10/24 17:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings

[2008/05/11 08:57:40 | 00,000,000 | -HSD | M] -- C:\found.001

[2009/04/10 12:51:01 | 00,000,000 | ---D | M] -- C:\fsaua.data

[2008/10/24 16:43:08 | 00,000,000 | -H-D | M] -- C:\hp

[2006/03/12 19:56:16 | 00,000,000 | ---D | M] -- C:\Install ICQ

[2006/03/12 19:56:18 | 00,000,000 | ---D | M] -- C:\Install iTunes

[2008/10/24 16:35:09 | 00,000,000 | RH-D | M] -- C:\MSOCache

[2009/04/18 11:21:00 | 00,000,000 | R--D | M] -- C:\Program Files

[2004/08/11 22:25:47 | 00,000,000 | -H-D | M] -- C:\Python22

[2008/10/24 18:17:27 | 00,000,000 | -HSD | M] -- C:\RECYCLER

[2008/10/24 17:37:25 | 00,000,000 | ---D | M] -- C:\sysprep

[2008/10/24 17:38:26 | 00,000,000 | -HSD | M] -- C:\System Volume Information

[2004/08/11 22:25:16 | 00,000,000 | -H-D | M] -- C:\system.sav

[2008/11/15 16:41:32 | 00,000,000 | ---D | M] -- C:\temp

[2009/04/16 15:37:35 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*. >

[2009/04/18 11:21:00 | 00,000,000 | R--D | M] -- C:\Program Files

[2004/08/11 23:56:19 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2008/12/20 11:16:49 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2008/11/21 13:09:50 | 00,000,000 | ---D | M] -- C:\Program Files\Ascentive

[2004/08/12 00:20:08 | 00,000,000 | ---D | M] -- C:\Program Files\BackWeb

[2007/12/26 16:02:41 | 00,000,000 | ---D | M] -- C:\Program Files\Barbie® idesign Ultimate Stylist

[2008/12/20 11:19:37 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour

[2008/02/24 20:45:49 | 00,000,000 | ---D | M] -- C:\Program Files\Broderbund

[2008/06/13 08:35:47 | 00,000,000 | ---D | M] -- C:\Program Files\CenterLock

[2007/10/11 13:06:29 | 00,000,000 | ---D | M] -- C:\Program Files\Comcast

[2007/10/22 14:49:43 | 00,000,000 | ---D | M] -- C:\Program Files\Comcast Play Games

[2008/12/22 16:41:34 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2004/08/11 21:10:43 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2005/02/25 20:23:13 | 00,000,000 | ---D | M] -- C:\Program Files\Creative

[2005/02/25 20:20:42 | 00,000,000 | ---D | M] -- C:\Program Files\directx

[2008/10/24 18:00:21 | 00,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup

[2005/02/25 20:16:59 | 00,000,000 | ---D | M] -- C:\Program Files\Empire Interactive

[2007/10/22 14:51:47 | 00,000,000 | ---D | M] -- C:\Program Files\ForestWaterfallScreensaverDemo

[2008/07/24 10:44:32 | 00,000,000 | ---D | M] -- C:\Program Files\Free Screensavers Home

[2008/11/21 13:01:37 | 00,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair

[2008/12/19 20:39:17 | 00,000,000 | ---D | M] -- C:\Program Files\Google

[2007/10/12 10:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\Grisoft

[2006/12/29 03:19:43 | 00,000,000 | ---D | M] -- C:\Program Files\Hasbro

[2004/08/12 00:22:59 | 00,000,000 | ---D | M] -- C:\Program Files\Help and Support Additions

[2004/08/12 00:15:48 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard

[2004/08/11 23:41:45 | 00,000,000 | ---D | M] -- C:\Program Files\HP

[2008/12/29 20:56:59 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2004/08/11 23:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo

[2005/04/23 13:31:58 | 00,000,000 | ---D | M] -- C:\Program Files\InterActual

[2005/03/10 20:26:53 | 00,000,000 | ---D | M] -- C:\Program Files\InterMute

[2009/04/16 06:49:15 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2004/09/07 02:19:31 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo

[2008/12/20 11:56:04 | 00,000,000 | ---D | M] -- C:\Program Files\iPod

[2008/12/20 11:56:41 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes

[2008/12/23 09:34:12 | 00,000,000 | ---D | M] -- C:\Program Files\Java

[2005/08/17 21:37:05 | 00,000,000 | ---D | M] -- C:\Program Files\Learn2.com

[2008/12/20 10:55:48 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire

[2009/04/18 10:57:05 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/11/22 11:34:12 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee

[2008/10/07 06:39:14 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com

[2008/12/04 09:10:38 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger

[2004/08/12 00:03:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync

[2009/04/10 07:33:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2004/08/11 21:13:03 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2004/08/12 00:03:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2004/08/11 23:59:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE

[2004/08/12 00:03:33 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio

[2009/04/10 07:25:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2004/08/12 00:03:05 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2008/10/24 16:39:08 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2007/12/25 09:56:51 | 00,000,000 | ---D | M] -- C:\Program Files\MP3

[2008/12/23 09:38:12 | 00,000,000 | ---D | M] -- C:\Program Files\MSN

[2004/08/11 23:51:26 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard

[2004/08/11 21:09:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2007/10/23 20:38:51 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2007/01/11 18:14:46 | 00,000,000 | ---D | M] -- C:\Program Files\MumboJumbo

[2004/09/07 02:21:24 | 00,000,000 | ---D | M] -- C:\Program Files\muvee Technologies

[2008/09/24 17:37:09 | 00,000,000 | ---D | M] -- C:\Program Files\MySpace

[2008/10/24 16:39:10 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2008/07/23 18:36:56 | 00,000,000 | ---D | M] -- C:\Program Files\NOS

[2008/12/29 20:47:49 | 00,000,000 | ---D | M] -- C:\Program Files\Oberon Media

[2004/08/12 00:37:00 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services

[2009/01/14 08:02:32 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2008/12/29 20:57:02 | 00,000,000 | ---D | M] -- C:\Program Files\Philips

[2006/12/26 23:29:08 | 00,000,000 | ---D | M] -- C:\Program Files\Pure Networks

[2008/10/23 15:42:13 | 00,000,000 | ---D | M] -- C:\Program Files\QUAD Utilities

[2007/10/14 18:12:24 | 00,000,000 | ---D | M] -- C:\Program Files\Quicken

[2008/12/20 11:19:21 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2008/12/19 20:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\Real

[2007/01/31 03:28:33 | 00,000,000 | ---D | M] -- C:\Program Files\Rockstar Games

[2004/08/11 23:50:30 | 00,000,000 | ---D | M] -- C:\Program Files\Sonic

[2004/08/11 23:50:33 | 00,000,000 | ---D | M] -- C:\Program Files\Sonic RecordNow!

[2008/09/25 14:20:05 | 00,000,000 | ---D | M] -- C:\Program Files\support.com

[2008/10/24 18:11:38 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec

[2005/02/25 14:00:03 | 00,000,000 | ---D | M] -- C:\Program Files\SymNetDrv

[2006/04/04 20:52:18 | 00,000,000 | ---D | M] -- C:\Program Files\SysProtect

[2007/01/31 03:28:45 | 00,000,000 | ---D | M] -- C:\Program Files\THQ

[2008/07/22 10:05:10 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro

[2004/08/11 21:16:01 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2004/08/12 00:20:06 | 00,000,000 | ---D | M] -- C:\Program Files\Updates from HP

[2005/08/17 21:37:00 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint

[2008/08/11 09:57:53 | 00,000,000 | ---D | M] -- C:\Program Files\Web Publish

[2006/11/13 18:31:06 | 00,000,000 | ---D | M] -- C:\Program Files\WildTangent

[2009/01/05 15:59:25 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2

[2009/01/14 08:03:40 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2008/10/24 16:39:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2004/08/11 21:11:22 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2004/08/11 21:13:03 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

[2008/12/20 10:53:53 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5A35877

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >

Link to post
Share on other sites

hello

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.36

Database version: 2000

Windows 5.1.2600 Service Pack 2

4/19/2009 11:40:33 AM

mbam-log-2009-04-19 (11-40-33).txt

Scan type: Quick Scan

Objects scanned: 103781

Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

if it fails do this

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    F8
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit
    enter
    .


  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory

  • Startup Objects

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

disinfected: Trojan program Trojan-Downloader.WMA.GetCodec.a File: C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\My Documents\LimeWire\Incomplete\T-3545428-Puddle Of Mudd - Basement.wma

disinfected: Trojan program Trojan-Downloader.WMA.GetCodec.u File: C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\My Documents\LimeWire\Incomplete\T-4045425-the hights sound track.mp3

deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe//WiseSFXDropper//WISE0015.BIN

deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP174\A0330916.exe//WiseSFXDropper//WISE0015.BIN

deleted: Trojan program Trojan-Spy.Win32.VBStat.c File: D:\do_work\BPDPVRAW.0XE

deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9

Link to post
Share on other sites

your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

  • Click the Pt. Restauration button and press OK to the prompts.
  • Click the Corbeille button and press OK to the prompt.
  • Click the Fichiers temp button and press OK to the prompt.
  • Click the Recherche button and let it run ( it may look like it freezes but let it continue )
  • Once it is done click the Suppression button and let it remove anything it finds.
  • Close the program

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :

http://www.adobe.com/products/acrobat/readstep2.html

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

    [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.