Jump to content


Photo

PC slow with user account and firefox issues - please help!


  • Please log in to reply
22 replies to this topic

#1 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 21 May 2009 - 09:19 AM

Hi and thank you so much again for your help in advance!

Here's what's going on this time: Since my Firefox updated automatically to the newest version (3.0.10) couple weeks ago I've been having a lot of issues. Firefox itself is very slow to start up now and goes into a CPU overdrive if I open my hotmail account. Also it doesn't keep my cookies for account logins as it used to and when I close the Firefox application it logs me out of everything I've logged in, even when selected "remember me" etc. options. And my cookies are enabled and not set to wipe out every time I close the application.

When I researched the logout problem I found a Mozilla FAQ/forum to try and fix this which only lead to further issues I wasn't aware of. The Mozilla advice was to access my Mozilla file and edit the settings. However when I tried to open the HP_User folder on my C:\ drive where the Mozilla/Firefox is installed I got a pop up saying access denied, only admin has access to this folder (or something similar).

I am the only user on this PC and have admin status. At this point I contacted HP tech support for help. They gave me a script to run to correct what they though was a corrupted user account setting, but this only made matters worse. Now I can't access more folders on my PC e.g. My Pictures, My Documents and not all my fonts are working in Word or Photoshop.

I have a HP PC and run Windows XP Home edition with Service Pack 3.

Below is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:23, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.one.com/en_GB/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - http://iloapp.susies...ImageUpload.dll
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.susiesho...ImageUpload.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10445 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 23 May 2009 - 09:20 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 26 May 2009 - 03:10 PM

Hello and Welcome to the forums. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

It may take some time and a couple of attempts to provide you with the correct help. Many of today's infections are advanced and install other infections on the computer.

It is almost impossible to remove the entire infection and to check for leftovers in one go. Please be patient. Thank you. :thumbup:

Step 1
Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take a few minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • Once it is finished, you can delete it.

Step 2
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3
Please download JavaRa to your Desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step 4
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step 5
Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#4 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 27 May 2009 - 05:12 AM

Thanks for your reply! :)

This is what I did today:

1. Ran the comedian.

2. Ran the security check, here's the log:

Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
TrendMicroInternetSecurity
TrendMicroInternetSecurity
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Ad-Aware
SpywareBlaster 4.2
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````


Scan took 44 seconds.
`````````End of Log```````````


3. Ran JavaRa and removed older version and installed the latest JRE.

4. Ran the ATF cleaner.

5. Ran F-Secure. Will post report separately when complete.

#5 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 27 May 2009 - 06:36 AM

F-Secure complete, but I still cannot access fonts or C:\Documents and Settings (still get access denied).

Here is the F-Secure log:

Scanning Report
Wednesday, May 27, 2009 12:25:56 - 13:18:18

Computer name: NEKU
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ J:\ K:\
No malware found
Statistics
Scanned:

* Files: 54411
* System: 3396
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\HP_OWNER.NEKU\LOCAL SETTINGS\TEMP\ETILQS_EDFXE3XFGTE8CQADU4NV

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.8.9080, 2009-05-27
* F-Secure AVP: 7.0.171, 2009-05-26
* F-Secure Pegasus: 1.20.0
* F-Secure Blacklight

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#6 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 27 May 2009 - 04:18 PM

Hello,

Lets dig a little deeper.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output leave it at Standard Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Edited by MoNsTeReNeRgY22, 27 May 2009 - 04:19 PM.

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#7 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 29 May 2009 - 02:32 PM

Installed and ran the OTL tonight. Here's the first log:

OTL logfile created on: 29/05/2009 21:23:35 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Owner.NEKU\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 63.00% Memory free
3.35 Gb Paging File | 2.93 Gb Available in Paging File | 87.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 109.10 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.09 Gb Free Space | 34.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 149.04 Gb Total Space | 27.50 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 304.90 Gb Free Space | 65.46% Space Free | Partition Type: NTFS

Computer Name: NEKU
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2005/08/18 15:20:28 | 14,820,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/01/02 12:29:02 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/04/01 04:26:08 | 00,995,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2008/11/04 11:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/21 10:26:10 | 01,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2009/05/27 12:06:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/08 19:06:48 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/03/20 14:32:32 | 01,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/04/30 21:22:40 | 02,329,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/03/03 09:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/27 12:06:27 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/21 10:26:10 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2005/07/25 07:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/08/02 16:30:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/08/09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
PRC - [2009/04/01 04:25:42 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/04/01 04:26:02 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/04/01 04:26:06 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/09 13:44:12 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/11/26 12:35:00 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/29 21:23:12 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.NEKU\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/09/29 19:35:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/27 12:06:27 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/21 10:26:10 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2009/05/26 22:26:12 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2005/07/25 07:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/08/02 16:30:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2009/04/01 04:25:42 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
SRV - [2009/03/03 09:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
SRV - [2009/04/01 04:26:02 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Running])
SRV - [2009/04/01 04:26:06 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/06/30 21:16:26 | 01,094,848 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
DRV - [2008/10/01 14:44:21 | 00,099,904 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2004/10/15 00:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/18 23:35:04 | 03,856,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/03/03 23:26:24 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009/02/09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2009/02/09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2005/08/02 16:30:00 | 03,199,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2005/07/04 08:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/09 05:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/06/27 18:05:38 | 00,472,332 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Running])
DRV - [2004/08/04 05:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/04/03 00:08:54 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
DRV - [2009/03/03 10:08:15 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
DRV - [2009/04/03 00:08:48 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2009/04/03 00:08:52 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
DRV - [2009/03/06 03:17:48 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
DRV - [2009/03/04 00:12:44 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2009/03/06 03:17:48 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
DRV - [2009/02/09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/04/13 19:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2009/02/09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2009/03/06 03:17:48 | 01,195,512 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.one.com/en_GB/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.00
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.704
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/07 20:00:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009/04/20 18:23:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/27 12:06:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 20:28:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/18 16:08:24 | 00,000,000 | ---D | M]

[2008/12/08 19:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Extensions
[2008/12/08 19:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/28 21:16:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions
[2009/03/01 17:20:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/04/24 09:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/16 18:53:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/19 22:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/12/14 11:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2008/12/14 11:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009/05/27 12:09:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\mozilla\Firefox\Profiles\yuqb9buy.default\extensions\fsonlinescanner@f-secure.com
[2009/01/06 11:47:59 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\Mozilla\FireFox\Profiles\yuqb9buy.default\searchplugins\imdb.xml
[2009/05/29 20:04:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/18 16:08:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/11 09:35:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/09/29 12:07:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/06 16:07:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/05/27 12:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 07:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 07:00:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - Startup: C:\Documents and Settings\HP_Owner.NEKU\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html (Google Inc.)
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html (Google Inc.)
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} http://iloapp.susies...ImageUpload.dll (IlosoftMultipleImageCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.susiesho...ImageUpload.dll (IlosoftImageUploadCtl Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 21:20:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/29 21:23:01 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/05/29 21:23:01 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.NEKU\Desktop\OTL.exe
[2009/05/27 11:56:00 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/27 11:55:57 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/23 20:36:08 | 00,103,407 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\palm_springs_wedding_photographer_sosodf98f033rr34.jpg
[2009/05/23 20:26:11 | 00,060,691 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410585_1126213.jpg
[2009/05/23 20:25:53 | 00,052,419 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410697_7614170.jpg
[2009/05/23 20:25:36 | 00,059,111 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410620_3565632.jpg
[2009/05/23 20:25:28 | 00,038,379 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410618_2018554.jpg
[2009/05/23 20:24:40 | 00,047,169 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410698_1227748.jpg
[2009/05/23 20:22:08 | 00,023,135 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\4449_1156592267427_1006340397_456779_1614182_n.jpg
[2009/05/21 16:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.NEKU\Application Data\IObit
[2009/05/21 16:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/05/21 16:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/05/20 16:18:53 | 00,927,528 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3546899719_223c054f53_o.jpg
[2009/05/19 20:36:59 | 00,099,840 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\090525_cartoon_8_a13500_p465.gif
[2009/05/19 19:29:55 | 06,939,492 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3519973256_398fe94223_o.jpg
[2009/05/19 19:29:23 | 00,515,773 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3542819984_9696934bd3_o.jpg
[2009/05/19 19:27:51 | 07,119,855 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3519990590_f860c85025_o.jpg
[2009/05/16 22:05:59 | 00,042,906 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n851030594_6978870_2664757.jpg
[2009/05/16 16:26:52 | 16,090,23488 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/16 13:47:53 | 00,138,828 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\dangling.jpg
[2009/05/16 13:47:05 | 00,138,828 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\new1web2.jpg
[2009/05/16 13:46:29 | 00,151,579 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\cityupsidedown.jpg
[2009/05/16 13:23:06 | 00,141,763 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\Dark-Forest-35836.jpg
[2009/05/15 21:51:47 | 00,055,461 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\come-find-me.jpg
[2009/05/15 21:36:32 | 00,041,484 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n642729648_1526325_5610605.jpg
[2009/05/15 09:11:57 | 00,034,432 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\funny-pictures-cats-think-about-life.jpg
[2009/05/12 19:40:11 | 00,052,301 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\2e6epud.jpg
[2009/05/11 19:59:21 | 00,041,220 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\scout2ee158d879b5bddf57da93f7d905907941a135fd.jpg
[2009/05/09 17:59:43 | 00,049,318 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\2800_93832625020_543190020_2829602_6348919_n.jpg
[2009/05/09 17:58:54 | 00,064,626 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\2912_78498049638_665259638_1823733_2331961_n.jpg
[2009/05/07 22:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Phase One
[2009/05/07 21:25:24 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/05/04 17:45:27 | 00,056,184 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\Contract photography agreement.pdf
[2009/05/01 19:57:00 | 00,293,171 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\swapbottoms.jpg
[2009/04/30 23:09:07 | 00,635,487 | ---- | C] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\NYC wallpaper3.jpg
[2008/10/01 18:19:10 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/30 21:29:12 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/09/30 21:28:51 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/09/30 21:07:44 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/09/30 21:07:08 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/09/30 21:06:06 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/08/21 17:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/10 00:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/01/02 13:00:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/02 12:39:28 | 00,016,358 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/02 12:39:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/02 12:32:27 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/02 12:32:27 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/02 12:32:27 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/02 12:32:27 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/02 12:32:27 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/02 12:32:27 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/02 12:30:22 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/01/02 12:15:35 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/02 12:12:59 | 00,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/01/02 12:12:40 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/01/02 12:12:40 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/01/02 12:12:40 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/01/02 12:12:39 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/01/02 11:59:46 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/02 11:56:10 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/01/02 11:56:10 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/01/02 11:55:47 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/09 21:20:04 | 00,000,612 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/09 21:11:48 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/25 03:10:06 | 00,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 23:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/29 21:23:12 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.NEKU\Desktop\OTL.exe
[2009/05/29 20:03:15 | 00,395,776 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\Thumbs.db
[2009/05/29 19:59:49 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/29 19:59:49 | 00,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/29 19:59:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/29 19:59:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\Local Settings\desktop.ini
[2009/05/29 19:59:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/29 19:59:40 | 16,090,23488 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/28 23:38:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/28 23:38:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/28 22:26:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/05/28 21:02:07 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/27 18:00:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/27 18:00:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/27 11:56:00 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/26 11:55:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/23 20:36:08 | 00,103,407 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\palm_springs_wedding_photographer_sosodf98f033rr34.jpg
[2009/05/23 20:26:11 | 00,060,691 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410585_1126213.jpg
[2009/05/23 20:25:53 | 00,052,419 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410697_7614170.jpg
[2009/05/23 20:25:36 | 00,059,111 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410620_3565632.jpg
[2009/05/23 20:25:28 | 00,038,379 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410618_2018554.jpg
[2009/05/23 20:24:40 | 00,047,169 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n777615151_2410698_1227748.jpg
[2009/05/23 20:22:09 | 00,023,135 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\4449_1156592267427_1006340397_456779_1614182_n.jpg
[2009/05/21 16:41:05 | 00,098,816 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\Desktop\Thumbs.db
[2009/05/20 16:18:57 | 00,927,528 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3546899719_223c054f53_o.jpg
[2009/05/19 20:37:00 | 00,099,840 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\090525_cartoon_8_a13500_p465.gif
[2009/05/19 20:19:06 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\My Sharing Folders.lnk
[2009/05/19 19:29:55 | 06,939,492 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3519973256_398fe94223_o.jpg
[2009/05/19 19:29:24 | 00,515,773 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3542819984_9696934bd3_o.jpg
[2009/05/19 19:27:54 | 07,119,855 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\3519990590_f860c85025_o.jpg
[2009/05/16 22:06:01 | 00,042,906 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n851030594_6978870_2664757.jpg
[2009/05/16 13:47:53 | 00,138,828 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\dangling.jpg
[2009/05/16 13:47:05 | 00,138,828 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\new1web2.jpg
[2009/05/16 13:46:30 | 00,151,579 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\cityupsidedown.jpg
[2009/05/16 13:23:07 | 00,141,763 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\Dark-Forest-35836.jpg
[2009/05/15 21:51:48 | 00,055,461 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\come-find-me.jpg
[2009/05/15 21:36:38 | 00,041,484 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\n642729648_1526325_5610605.jpg
[2009/05/15 09:11:58 | 00,034,432 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\funny-pictures-cats-think-about-life.jpg
[2009/05/12 19:40:15 | 00,052,301 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\2e6epud.jpg
[2009/05/12 00:44:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/12 00:43:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/11 19:59:22 | 00,041,220 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\scout2ee158d879b5bddf57da93f7d905907941a135fd.jpg
[2009/05/11 00:55:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/11 00:55:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/10 15:16:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/10 15:16:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/09 22:35:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/09 22:35:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/09 17:59:43 | 00,049,318 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\2800_93832625020_543190020_2829602_6348919_n.jpg
[2009/05/09 17:58:56 | 00,064,626 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\2912_78498049638_665259638_1823733_2331961_n.jpg
[2009/05/09 12:26:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/09 12:26:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/08 00:07:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/08 00:07:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/07 21:51:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/07 21:51:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 23:23:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/05/06 23:23:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/05/05 23:39:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/05/05 23:39:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/05/04 23:16:52 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/05/04 23:16:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/05/04 17:45:28 | 00,056,184 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\Contract photography agreement.pdf
[2009/05/04 12:45:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/05/04 12:45:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/05/04 11:04:25 | 00,087,839 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\invoice 270409 09001.docx
[2009/05/04 01:49:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/04 01:49:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/05/03 17:05:43 | 01,669,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/03 14:22:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/05/03 14:22:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/05/03 01:16:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/05/03 01:16:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/01 23:40:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/05/01 23:40:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/05/01 19:57:02 | 00,293,171 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\swapbottoms.jpg
[2009/05/01 18:45:16 | 00,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Friday scan).job
[2009/04/30 23:10:53 | 00,635,487 | ---- | M] () -- C:\Documents and Settings\HP_Owner.NEKU\My Documents\NYC wallpaper3.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:9082BD587A23947D
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00D439
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D492DA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
< End of report >

#8 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 29 May 2009 - 02:33 PM

And here is the extra's log:

OTL Extras logfile created on: 29/05/2009 21:23:35 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Owner.NEKU\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 63.00% Memory free
3.35 Gb Paging File | 2.93 Gb Available in Paging File | 87.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 109.10 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.09 Gb Free Space | 34.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 149.04 Gb Total Space | 27.50 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 304.90 Gb Free Space | 65.46% Space Free | Partition Type: NTFS

Computer Name: NEKU
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/05/20 19:45:54 | 02,592,656 | ---- | M] (Spotify AB) -- C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
[2007/08/29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/21 10:26:10 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2009/02/22 21:58:30 | 01,823,992 | ---- | M] (Nokia Corporation) -- C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
[2009/02/22 21:17:24 | 00,430,080 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
[2008/10/29 16:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
[2009/03/27 09:55:06 | 24,103,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804" = CanoScan 8600F
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{EA35370F-586C-45E1-AC6C-A4E275C6B762}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AnyDVD" = AnyDVD
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CaptureOne4_is1" = Capture One 4.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Exposure 2" = Alien Skin Exposure 2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"Jewel Quest® III" = Jewel Quest® III
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Snap Art" = Alien Skin Snap Art
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.2
"VISPRO" = Microsoft Office Visio Professional 2007
"Vuze" = Vuze
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

Error - 08/04/2009 17:45:52 | Computer Name = NEKU | Source = nview_info | ID = 11141121
Description =

[ OSession Events ]
Error - 13/12/2008 07:20:47 | Computer Name = NEKU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 9999.9999.9999.9999. This session lasted
417 seconds with 60 seconds of active time. This session ended with a crash.

Error - 14/12/2008 08:38:40 | Computer Name = NEKU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 9999.9999.9999.9999. This session lasted
332 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/05/2009 12:53:36 | Computer Name = NEKU | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 27/05/2009 06:01:00 | Computer Name = NEKU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013D4D21088 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 27/05/2009 06:01:35 | Computer Name = NEKU | Source = Service Control Manager | ID = 7000
Description = The Phase One 1394 Camera Driver service failed to start due to the
following error: %%2

Error - 27/05/2009 06:02:47 | Computer Name = NEKU | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 27/05/2009 07:21:16 | Computer Name = NEKU | Source = Service Control Manager | ID = 7000
Description = The Phase One 1394 Camera Driver service failed to start due to the
following error: %%2

Error - 27/05/2009 07:38:06 | Computer Name = NEKU | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
first being prepared for removal.

Error - 28/05/2009 16:02:07 | Computer Name = NEKU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013D4D21088 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/05/2009 16:02:47 | Computer Name = NEKU | Source = Service Control Manager | ID = 7000
Description = The Phase One 1394 Camera Driver service failed to start due to the
following error: %%2

Error - 29/05/2009 14:59:46 | Computer Name = NEKU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013D4D21088 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 29/05/2009 15:00:35 | Computer Name = NEKU | Source = Service Control Manager | ID = 7000
Description = The Phase One 1394 Camera Driver service failed to start due to the
following error: %%2


< End of report >

#9 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 29 May 2009 - 10:00 PM

Hi,

Try the fix described in the first post and let me know if it works.

http://forums.techgu...nts-folder.html

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#10 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 30 May 2009 - 02:31 PM

When I follow the steps I can't get further from this:

To resolve this issue, you must turn off Simple File Sharing, and then take ownership of the folder:

1. Turn off Simple File Sharing: a. Click Start, and then click My Computer.
b. On the Tools menu, click Folder Options, and then click the View tab.
c. Under Advanced Settings, click to clear the Use simple file sharing...


I don't seem to get an option to access "advanced settings" in the view tab - any ideas?

Thanks so much for helping me with this issue btw! :)

#11 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 31 May 2009 - 07:04 PM

Hi,

Are you sure you can't see the advanced settings?

It is the scroll box that should take up a majority of the space in the View tab.

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#12 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 01 June 2009 - 05:39 AM

Ah yes, a little blonde moment there! :huh:

I can indeed see the "advanced settings", but don't have an option to selcet "Use simple file sharing (Recommended)".
The only thing similar I have on that list is: "Display simple folder view in Explorer's folder list" and that is already ticked.

#13 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 02 June 2009 - 03:28 PM

I can see it in mine.

Try scrolling down to the bottom, and it should be right above Icon Cache Size.

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#14 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 03 June 2009 - 02:18 AM

Have double checked and I don't have that option, and actually no option for "icon cache size" either!

#15 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 05 June 2009 - 10:06 PM

Let me know if any of this helps. It says it applies to XP Home Edition.

http://support.microsoft.com/kb/304040

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#16 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 08 June 2009 - 01:50 PM

This link wasn't helpful as it was practically the same advice you were recommending earlier, but as said I can't complete this step:
1. Double-click My Computer on the desktop.
2. On the Tools menu, click Folder Options.
3. Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing.
as I don't have an option to tick for Use Simple File Sharing in the advanced options at all.

#17 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 08 June 2009 - 10:22 PM

Hi,

Try the Fix it for me in the following link and let me know if that works.
http://support.micro...307874#fixit4me

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#18 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 09 June 2009 - 02:19 PM

I get a pop up message saying "this fix it does not apply to your system" when I try to run it.
Then another pop up appears that says "disable simple file sharing fix it failed to process".

#19 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 16 June 2009 - 02:25 PM

Any other ideas/fixes I could try?

#20 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 19 June 2009 - 01:39 PM

Hi,

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#21 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 20 June 2009 - 03:50 AM

Ran Rooter, log as follows:

Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 4 Stepping 4, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:180 Go - Free:107 Go )
D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Fixed-NTFS] .. ( Total:149 Go - Free:27 Go )
K:\ [Fixed-NTFS] .. ( Total:465 Go - Free:292 Go )
¨
Scan : 10:49.03
Path : C:\Documents and Settings\HP_Owner.NEKU\Desktop\Rooter.exe
User : HP_Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (892)
______ \??\C:\WINDOWS\system32\csrss.exe (948)
______ \??\C:\WINDOWS\system32\winlogon.exe (972)
______ C:\WINDOWS\system32\services.exe (1016)
______ C:\WINDOWS\system32\lsass.exe (1028)
______ C:\WINDOWS\system32\svchost.exe (1204)
______ C:\WINDOWS\system32\svchost.exe (1324)
______ C:\WINDOWS\System32\svchost.exe (1448)
______ C:\WINDOWS\system32\svchost.exe (1484)
______ C:\WINDOWS\system32\svchost.exe (1624)
______ C:\WINDOWS\system32\spoolsv.exe (1816)
______ C:\WINDOWS\Explorer.EXE (152)
______ C:\windows\system\hpsysdrv.exe (300)
______ C:\WINDOWS\RTHDCPL.EXE (304)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (332)
______ C:\WINDOWS\system32\rundll32.exe (356)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (368)
______ C:\HP\KBD\KBD.EXE (376)
______ C:\Program Files\QuickTime\QTTask.exe (384)
______ C:\Program Files\iTunes\iTunesHelper.exe (412)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (452)
______ C:\Program Files\Kontiki\KHost.exe (612)
______ C:\Program Files\Java\jre6\bin\jusched.exe (668)
Locked avp.exe (680)
______ C:\WINDOWS\system32\ctfmon.exe (700)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (712)
______ C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (720)
______ C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (740)
______ C:\WINDOWS\system32\svchost.exe (1276)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1540)
Locked avp.exe (1308)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1600)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1568)
______ C:\Program Files\Kontiki\KService.exe (1928)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1312)
______ C:\WINDOWS\system32\nvsvc32.exe (220)
______ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (364)
______ C:\WINDOWS\system32\svchost.exe (2168)
______ C:\Program Files\iPod\bin\iPodService.exe (3904)
______ C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (3880)
______ C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (2492)
______ C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (2664)
______ C:\WINDOWS\System32\alg.exe (2748)
______ C:\Program Files\Mozilla Firefox\firefox.exe (284)
______ C:\Program Files\Spotify\spotify.exe (3628)
______ C:\Documents and Settings\HP_Owner.NEKU\Desktop\Rooter.exe (3460)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:6440361984)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:6440394240 | Length:193598415360)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
Rootkit! ... [HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys]
Rootkit! ... [HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys]
Rootkit! ... [HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys]
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 10:49.31
¨
C:\Rooter$\Rooter_1.txt - (20/06/2009 | 10:49.31)

#22 Andro1d

Andro1d

    Malware = Nuked

  • Helper
  • PipPipPipPipPip
  • 1,252 posts

Posted 21 June 2009 - 09:45 PM

Hi,

Step 1
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Services
    msqpdxserv
    
    :Reg
    [-HKEY_LOCAL_MACHINE\ControlSet001\Services\msqpdxserv.sys]
    [-HKEY_LOCAL_MACHINE\ControlSet002\Services\msqpdxserv.sys]
    [-HKEY_LOCAL_MACHINE\CurrentControlSet\Services\msqpdxserv.sys]
    
    :Files
    C:\tdl.dat
    C:\resycled\boot.com
    C:\autorun.inf
    %System%\drivers\msqpdxserv.sys
    %System%\drivers\msqpdx*.sys
    %System%\msqpdx*.dll
    %System%\dll.dll
    %Temp%\tempo-*.tmp
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2
Please download the latest version of Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

CompTIA A+ & Security+ Certified
If I haven't replied in 48 hours, please send me a friendly PM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.


#23 meyerowitz

meyerowitz

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 23 June 2009 - 02:14 PM

Here is the OTM log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver msqpdxserv not found.
Service\Driver msqpdxserv not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\ControlSet001\Services\msqpdxserv.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\ControlSet002\Services\msqpdxserv.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\CurrentControlSet\Services\msqpdxserv.sys\ not found.
========== FILES ==========
File/Folder C:\tdl.dat not found.
File/Folder C:\resycled\boot.com not found.
File/Folder C:\autorun.inf not found.
Invalid Environment Variable: System
Invalid Environment Variable: System
Invalid Environment Variable: System
Invalid Environment Variable: System
Folder C:\DOCUME~1\HP_OWN~1.NEK\LOCALS~1\Temp\tempo-*.tmp not found.
File/Folder C:\Program Files\Mozilla Firefox\components\iamfamous.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150183 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HP_Owner

User: HP_Owner.NEKU
->Temp folder emptied: 75052820 bytes
File delete failed. C:\Documents and Settings\HP_Owner.NEKU\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 34543848 bytes
->Java cache emptied: 7618262 bytes
->FireFox cache emptied: 88256821 bytes
->Google Chrome cache emptied: 720 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 142103 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
Windows Temp folder emptied: 2967729 bytes

RecycleBin emptied: 566566282 bytes

Total Files Cleaned = 742.02 mb


OTM by OldTimer - Version 3.0.0.1 log created on 06232009_190820

Files moved on Reboot...

Registry entries deleted on Reboot...

___________________________________________________________________________

And here is the MBAM log:

Malwarebytes' Anti-Malware 1.38
Database version: 2325
Windows 5.1.2600 Service Pack 3

23/06/2009 21:13:50
mbam-log-2009-06-23 (21-13-50).txt

Scan type: Full Scan (C:\|D:\|J:\|K:\|)
Objects scanned: 308205
Time elapsed: 1 hour(s), 57 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Member of UNITE
Support SpywareInfo Forum - click the button