PDA

View Full Version : Virtumonde



Speeddemon
2008-08-18, 10:28
Looks to be pretty common. Ok so I have run Spybot a few times, deleting it, tried safemode, different programs... Nothing, so here we go...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:48 AM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\HP_Administrator\My Documents\hottproxy\HoTTProxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Trillian4\trillian.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian4\trillian.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O20 - AppInit_DLLs: mprryd.dll ngzwdp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8678 bytes

Shaba
2008-08-19, 09:21
Hi Speeddemon

Rename HijackThis.exe to Speeddemon.exe and post back a fresh HijackThis log, please :)

Speeddemon
2008-08-19, 10:27
here you go
--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:23 AM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\HP_Administrator\My Documents\hottproxy\HoTTProxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CallWave\IAM.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trillian4\trillian.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\Speeddemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2015573E-E2D3-4A80-A111-BCD48471916A} - C:\WINDOWS\system32\mlJYPGyY.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94F3B0A3-6D1F-4885-9646-06338A01A56C} - (no file)
O2 - BHO: {a8e69f7d-4bbf-e9c9-f0f4-8c995f5aac9b} - {b9caa5f5-99c8-4f0f-9c9e-fbb4d7f96e8a} - C:\WINDOWS\system32\isiuri.dll
O2 - BHO: (no name) - {D43D4837-419F-4683-8A52-83C0C3F87339} - C:\WINDOWS\system32\yayVnomn.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [40750812] rundll32.exe "C:\WINDOWS\system32\yeyiqixs.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian4\trillian.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O20 - AppInit_DLLs: mprryd.dll ngzwdp.dll isiuri.dll
O20 - Winlogon Notify: yayVnomn - C:\WINDOWS\SYSTEM32\yayVnomn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9838 bytes

Shaba
2008-08-19, 10:46
We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Speeddemon
2008-08-19, 11:08
combofix will not load. It keeps saying for 2000 and xp only. well i have 32 bit xp mediacenter sp3. could the sp3 be the problem with the incompatibility?

Shaba
2008-08-19, 11:42
Yes it can.

Please do this instead:

Please download Malwarebytes' Anti-Malware (http://www.malwaresupport.com/mbam/program/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply along with a fresh HijackThis log.

Speeddemon
2008-08-19, 22:38
so malwarebytes wants me to reboot, but I am hesitant knowing that virtumonde is very good at reinfecting even after reboots. should i still go through with this reboot?
ok so here is the malware log:
--------------------------------------------

Malwarebytes' Anti-Malware 1.25
Database version: 1070
Windows 5.1.2600 Service Pack 3

12:31:06 PM 8/19/2008
mbam-log-08-19-2008 (12-31-06).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 268910
Time elapsed: 2 hour(s), 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mlJYPGyY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yeyiqixs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayVnomn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qmjxlarw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\isiuri.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2015573e-e2d3-4a80-a111-bcd48471916a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2015573e-e2d3-4a80-a111-bcd48471916a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9caa5f5-99c8-4f0f-9c9e-fbb4d7f96e8a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b9caa5f5-99c8-4f0f-9c9e-fbb4d7f96e8a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d43d4837-419f-4683-8a52-83c0c3f87339} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvnomn (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d43d4837-419f-4683-8a52-83c0c3f87339} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40750812 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d43d4837-419f-4683-8a52-83c0c3f87339} (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljypgyy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljypgyy -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mlJYPGyY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\YyGPYJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YyGPYJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isiuri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayVnomn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yeyiqixs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sxiqiyey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmjxlarw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\AFCO0FJE\kb767887[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\DSV3BQBS\kb456456[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvusPfGX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xctuvapd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM43463b8e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM43463b8e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



And the HJT log:
-----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:49 PM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\HP_Administrator\My Documents\hottproxy\HoTTProxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trillian4\trillian.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Speeddemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2015573E-E2D3-4A80-A111-BCD48471916A} - C:\WINDOWS\system32\mlJYPGyY.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94F3B0A3-6D1F-4885-9646-06338A01A56C} - (no file)
O2 - BHO: {6e1b558c-0032-1cc9-faa4-e3c1e3fdbe79} - {97ebdf3e-1c3e-4aaf-9cc1-2300c855b1e6} - C:\WINDOWS\system32\rubwtm.dll
O2 - BHO: (no name) - {D43D4837-419F-4683-8A52-83C0C3F87339} - C:\WINDOWS\system32\yayVnomn.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian4\trillian.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O20 - Winlogon Notify: yayVnomn - C:\WINDOWS\SYSTEM32\yayVnomn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9630 bytes

Shaba
2008-08-20, 11:39
"so malwarebytes wants me to reboot, but I am hesitant knowing that virtumonde is very good at reinfecting even after reboots. should i still go through with this reboot?"

Yes you should as MBAM can't delete certain files otherwise :)

Please do that and post back a fresh HijackThis log afterwards.

Speeddemon
2008-08-20, 11:53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:15 AM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\HP_Administrator\My Documents\hottproxy\HoTTProxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Trillian4\trillian.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\Speeddemon.exe
C:\Program Files\Safari\Safari.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94F3B0A3-6D1F-4885-9646-06338A01A56C} - (no file)
O2 - BHO: {6e1b558c-0032-1cc9-faa4-e3c1e3fdbe79} - {97ebdf3e-1c3e-4aaf-9cc1-2300c855b1e6} - C:\WINDOWS\system32\rubwtm.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian4\trillian.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9646 bytes

Shaba
2008-08-20, 11:58
Looks better :)

Download OTScanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe) to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.

In the Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft

Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Speeddemon
2008-08-20, 12:07
[code]
OTScanIt logfile created on: 8/20/2008 2:02:43 AM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 60.83% Memory free
2.70 Gb Paging File | 2.25 Gb Available in Paging File | 83.58% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.31 Gb Total Space | 45.46 Gb Free Space | 33.60% Space Free | Partition Type: NTFS
Drive D: | 135.31 Gb Total Space | 100.91 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
Drive E: | 8.82 Gb Total Space | 0.58 Gb Free Space | 6.61% Space Free | Partition Type: FAT32
Drive F: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPEED
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
hottproxy.exe -> %UserProfile%\My Documents\hottproxy\HoTTProxy.exe -> AWE Technology, Inc. [Ver = 0.24.0.0 | Size = 1237054 bytes | Modified Date = 10/9/2005 10:15:44 PM | Attr = ]
taskswitch.exe -> %SystemRoot%\system32\TaskSwitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 5:30:00 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr = ]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/6/2006 4:07:31 PM | Attr = ]
xmousebuttoncontrol.exe -> %ProgramFiles%\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe -> Highresolution Enterprises [Ver = 1.34.0.0 | Size = 356352 bytes | Modified Date = 7/18/2007 9:13:56 PM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.7.0 | Size = 16855552 bytes | Modified Date = 10/25/2007 4:57:56 AM | Attr = ]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/4/2008 1:13:59 AM | Attr = ]
cfp.exe -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> [Ver = | Size = 1655552 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:50:00 AM | Attr = ]
iam.exe -> %ProgramFiles%\CallWave\IAM.exe -> CallWave, Inc. [Ver = 4.0.11 (20-Feb-2008) | Size = 1940280 bytes | Modified Date = 3/14/2008 9:19:41 PM | Attr = ]
trillian.exe -> %ProgramFiles%\Trillian4\trillian.exe -> Cerulean Studios [Ver = 4, 0, 0, 83 | Size = 1597288 bytes | Modified Date = 7/18/2008 | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 11:19:16 PM | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/4/2008 1:13:55 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 4:08:48 AM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/15/2007 10:29:14 AM | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 7/4/2008 1:13:53 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 9:04:38 AM | Attr = ]
safari.exe -> %ProgramFiles%\Safari\Safari.exe -> Apple Inc. [Ver = 3.1.2 (525.21) | Size = 3463976 bytes | Modified Date = 6/17/2008 4:16:12 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/16/2008 2:25:04 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/16/2008 2:25:04 AM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 6/10/2007 10:09:20 AM | Attr = ]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 11:19:16 PM | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/4/2008 1:13:55 AM | Attr = ]
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 4:08:48 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/15/2007 10:29:14 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ]
Alcmtr -> [ALCMTR.EXE] -> File not found
AlwaysReady Power Message APP -> [ARPWRMSG.EXE] -> File not found
amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe [C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe] -> AMD [Ver = 1, 1, 1, 0 | Size = 77824 bytes | Modified Date = 11/17/2006 4:49:48 PM | Attr = ]
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/4/2008 1:13:59 AM | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe ["C:\Program Files\COMODO\Firewall\cfp.exe" -h] -> [Ver = | Size = 1655552 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
CoolSwitch -> %SystemRoot%\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 5:30:00 PM | Attr = ]
ftutil2 -> [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> File not found
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/15/2006 10:34:58 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr = ]
KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found
Logitech Utility -> [Logi_MwX.Exe] -> File not found
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 86016 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
nwiz -> [nwiz.exe /install] -> File not found
PCDrProfiler -> [] -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/22/2005 10:14:00 PM | Attr = ]
RTHDCPL -> [RTHDCPL.EXE] -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/6/2006 4:07:31 PM | Attr = ]
XMouseButton -> %ProgramFiles%\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe [C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe] -> Highresolution Enterprises [Ver = 1.34.0.0 | Size = 356352 bytes | Modified Date = 7/18/2007 9:13:56 PM | Attr = ]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe [C:\Program Files\Logitech\iTouch\iTouch.exe] -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\CallWave.lnk -> %ProgramFiles%\CallWave\IAM.exe -> CallWave, Inc. [Ver = 4.0.11 (20-Feb-2008) | Size = 1940280 bytes | Modified Date = 3/14/2008 9:19:41 PM | Attr = ]
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 8:16:50 PM | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\Trillian.lnk -> %ProgramFiles%\Trillian4\trillian.exe -> Cerulean Studios [Ver = 4, 0, 0, 83 | Size = 1597288 bytes | Modified Date = 7/18/2008 | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKEY_LOCAL_MACHINE] -> [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/14/2008 5:42:40 AM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ]
Control_RunDLL "sysdm.cpl" -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> -> File not found
cryptnet -> -> File not found
cscdll -> -> File not found
ScCertProp -> -> File not found
Schedule -> -> File not found
sclgntfy -> -> File not found
SensLogn -> -> File not found
termsrv -> -> File not found
WBSrv -> -> File not found
WgaLogon -> -> File not found
wlballoon -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> system32\DRIVERS\cdrom.sys ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-H652L_______________0803____\5&3b3c1941&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_TO3241S&Prod_POH990T&Rev_1.0\5&2c4f72d4&0&000 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 100 bytes | Modified Date = 10/6/2006 4:20:30 PM | Attr = ]
autoexec.bat [REM Dummy file for NTVDM | ] -> D:\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 2:43:36 PM | Attr = ]
AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 8:07:38 AM | Attr = HS]
autorun [] -> F:\autorun.exe [ UDF ] -> [Ver = 1, 0, 0, 1 | Size = 4386816 bytes | Modified Date = 9/25/2006 9:01:39 AM | Attr = R ]
Autorun.exe [MZ | ] -> F:\Autorun.exe [ UDF ] -> [Ver = 1, 0, 0, 1 | Size = 4386816 bytes | Modified Date = 9/25/2006 9:01:39 AM | Attr = R ]
Autorun.inf [[autorun] | icon=bf2142.ico | open=Autorun.exe | ] -> F:\Autorun.inf [ UDF ] -> [Ver = | Size = 46 bytes | Modified Date = 9/25/2006 9:01:39 AM | Attr = R ]
< HOSTS File > (186781 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3618 domain(s) found. ->
30 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3617 domain(s) found. ->
29 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{94F3B0A3-6D1F-4885-9646-06338A01A56C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{97ebdf3e-1c3e-4aaf-9cc1-2300c855b1e6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rubwtm.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 115712 bytes | Modified Date = 8/19/2008 3:27:41 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
&Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3577BB0A-25A0-43B8-9940-64FF1ECCCC5F} -> (1394 Net Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{9CA9167E-A38F-4A9C-B01A-8525D65A9534} -> (NVIDIA nForce Networking Controller) ->
{A9C2E3A9-F70D-4F4B-BFC9-14DF71CBCBC7} -> () ->
{B54AF089-0DAE-4564-8647-EDC640897349} -> (Linksys Wireless-G PCI Adapter with SpeedBooster) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found
application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found
application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab[Windows Live Safety Center Base Module] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> ->



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 8/16/2008 2:16:46 PM | Attr = RH ]
1 C:\*.tmp files -> C:\*.tmp ->
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Created Date = 8/19/2008 12:59:29 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 8/17/2008 8:25:44 PM | Attr = ]
cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Created Date = 8/20/2008 1:15:22 AM | Attr = ]
cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Created Date = 8/20/2008 1:15:22 AM | Attr = ]
inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Created Date = 8/20/2008 1:15:23 AM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/19/2008 1:44:09 AM | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/19/2008 1:44:08 AM | Attr = ]
bmjxohpq.dll -> %SystemRoot%\System32\bmjxohpq.dll -> [Ver = | Size = 131840 bytes | Created Date = 8/17/2008 3:17:32 AM | Attr = ]
dpavutcx.ini -> %SystemRoot%\System32\dpavutcx.ini -> [Ver = | Size = 1510912 bytes | Created Date = 8/19/2008 3:24:41 AM | Attr = HS]
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 143104 bytes | Created Date = 8/20/2008 1:15:23 AM | Attr = ]
iuoytwsh.dll -> %SystemRoot%\System32\iuoytwsh.dll -> [Ver = | Size = 100096 bytes | Created Date = 8/17/2008 3:16:08 AM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/22/2008 10:53:08 PM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/22/2008 10:53:08 PM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/22/2008 10:53:08 PM | Attr = ]
jepnuydj.ini -> %SystemRoot%\System32\jepnuydj.ini -> [Ver = | Size = 2778377 bytes | Created Date = 8/16/2008 1:11:38 AM | Attr = HS]
mprryd.dll -> %SystemRoot%\System32\mprryd.dll -> [Ver = | Size = 131840 bytes | Created Date = 8/16/2008 1:14:39 AM | Attr = ]
ndpdroac.dll -> %SystemRoot%\System32\ndpdroac.dll -> [Ver = | Size = 131840 bytes | Created Date = 8/16/2008 1:14:36 AM | Attr = ]
ngzwdp.dll -> %SystemRoot%\System32\ngzwdp.dll -> [Ver = | Size = 131840 bytes | Created Date = 8/17/2008 3:17:36 AM | Attr = ]
nhqjbovt.dll -> %SystemRoot%\System32\nhqjbovt.dll -> [Ver = | Size = 100096 bytes | Created Date = 8/16/2008 1:08:36 AM | Attr = ]
npjamthw.ini -> %SystemRoot%\System32\npjamthw.ini -> [Ver = | Size = 1540896 bytes | Created Date = 8/15/2008 1:08:38 AM | Attr = HS]
olflwmrk.ini -> %SystemRoot%\System32\olflwmrk.ini -> [Ver = | Size = 2297421 bytes | Created Date = 8/17/2008 3:20:35 AM | Attr = HS]
rubwtm.dll -> %SystemRoot%\System32\rubwtm.dll -> [Ver = | Size = 115712 bytes | Created Date = 8/19/2008 3:27:42 AM | Attr = ]
wdrjndba.dll -> %SystemRoot%\System32\wdrjndba.dll -> [Ver = | Size = 115712 bytes | Created Date = 8/19/2008 3:27:40 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 8/18/2008 11:12:54 PM | Attr = H ]
1 C:\*.tmp files -> C:\*.tmp ->
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 8/16/2008 2:16:46 PM | Attr = RH ]
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Modified Date = 8/19/2008 1:20:21 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/18/2008 11:28:18 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/19/2008 1:07:46 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 8/17/2008 8:25:44 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/20/2008 1:51:52 AM | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 8/19/2008 11:10:24 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 26469824 bytes | Modified Date = 8/19/2008 11:10:23 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 50972 bytes | Modified Date = 8/19/2008 11:10:23 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Modified Date = 8/8/2008 8:22:55 AM | Attr = ]
cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr = ]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 8/2/2008 9:54:18 PM | Attr = ]
bmjxohpq.dll -> %SystemRoot%\System32\bmjxohpq.dll -> [Ver = | Size = 131840 bytes | Modified Date = 8/17/2008 3:17:35 AM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/16/2008 2:06:30 AM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/13/2008 3:10:01 AM | Attr = RHS]
dpavutcx.ini -> %SystemRoot%\System32\dpavutcx.ini -> [Ver = | Size = 1510912 bytes | Modified Date = 8/19/2008 3:25:01 AM | Attr = HS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/20/2008 1:48:04 AM | Attr = ]
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 143104 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 8/20/2008 1:53:08 AM | Attr = ]
iuoytwsh.dll -> %SystemRoot%\System32\iuoytwsh.dll -> [Ver = | Size = 100096 bytes | Modified Date = 8/17/2008 3:16:09 AM | Attr = ]
jepnuydj.ini -> %SystemRoot%\System32\jepnuydj.ini -> [Ver = | Size = 2778377 bytes | Modified Date = 8/17/2008 3:16:12 AM | Attr = HS]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 76936 bytes | Modified Date = 8/18/2008 10:59:54 PM | Attr = H ]
mprryd.dll -> %SystemRoot%\System32\mprryd.dll -> [Ver = | Size = 131840 bytes | Modified Date = 8/16/2008 1:14:38 AM | Attr = ]
ndpdroac.dll -> %SystemRoot%\System32\ndpdroac.dll -> [Ver = | Size = 131840 bytes | Modified Date = 8/16/2008 1:14:38 AM | Attr = ]
ngzwdp.dll -> %SystemRoot%\System32\ngzwdp.dll -> [Ver = | Size = 131840 bytes | Modified Date = 8/17/2008 3:17:35 AM | Attr = ]
nhqjbovt.dll -> %SystemRoot%\System32\nhqjbovt.dll -> [Ver = | Size = 100096 bytes | Modified Date = 8/16/2008 1:08:37 AM | Attr = ]
npjamthw.ini -> %SystemRoot%\System32\npjamthw.ini -> [Ver = | Size = 1540896 bytes | Modified Date = 8/16/2008 1:09:50 AM | Attr = HS]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 43531 bytes | Modified Date = 8/20/2008 1:48:42 AM | Attr = ]
olflwmrk.ini -> %SystemRoot%\System32\olflwmrk.ini -> [Ver = | Size = 2297421 bytes | Modified Date = 8/17/2008 3:21:33 AM | Attr = HS]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 81280 bytes | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 479204 bytes | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 571226 bytes | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 8/2/2008 9:53:22 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/19/2008 1:07:46 AM | Attr = ]
rubwtm.dll -> %SystemRoot%\System32\rubwtm.dll -> [Ver = | Size = 115712 bytes | Modified Date = 8/19/2008 3:27:41 AM | Attr = ]
ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Modified Date = 8/1/2008 2:29:41 AM | Attr = ]
wdrjndba.dll -> %SystemRoot%\System32\wdrjndba.dll -> [Ver = | Size = 115712 bytes | Modified Date = 8/19/2008 3:27:41 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/17/2008 8:43:38 PM | Attr = ]
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [Ver = | Size = 246 bytes | Modified Date = 8/20/2008 1:49:51 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/13/2008 3:09:53 AM | Attr = H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
(null)toolkit.ini -> %SystemRoot%\(null)toolkit.ini -> [Ver = | Size = 99 bytes | Modified Date = 8/18/2008 10:33:44 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/20/2008 1:48:33 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/17/2008 8:21:51 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/16/2008 2:06:45 AM | Attr = S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/13/2008 3:05:57 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/16/2008 2:12:15 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/18/2008 11:30:18 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/17/2008 8:21:51 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/20/2008 2:00:29 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/19/2008 9:50:28 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/20/2008 1:51:09 AM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/20/2008 2:03:14 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 760 bytes | Modified Date = 8/13/2008 3:03:48 AM | Attr = ]
HoTTProxy.job -> %SystemRoot%\tasks\HoTTProxy.job -> [Ver = | Size = 468 bytes | Modified Date = 8/20/2008 1:48:38 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/20/2008 1:48:38 AM | Attr = H ]

Speeddemon
2008-08-20, 12:10
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 10/6/2006 4:14:03 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4646 bytes | Modified Date = 8/12/2008 8:00:23 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/12/2008 8:00:24 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/11/2007 11:32:45 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/11/2007 11:32:45 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 5/6/2008 3:13:02 PM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/30/2008 10:10:34 PM | Attr = ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 4/30/2008 10:11:02 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 2:00:13 AM | Attr = ]
XPSP3_RC2.cmd -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\XPSP3_RC2.cmd -> [Ver = | Size = 359 bytes | Modified Date = 10/18/2007 4:37:14 PM | Attr = ]
395 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 2:00:13 AM | Attr = ]
Avisynth_256.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Avisynth_256.exe -> [Ver = | Size = 3158471 bytes | Modified Date = 11/7/2005 10:48:58 AM | Attr = ]
Avisynth_257.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Avisynth_257.exe -> [Ver = | Size = 2820758 bytes | Modified Date = 5/4/2007 12:15:42 AM | Attr = ]
CmdLineExtInstallerExe.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CmdLineExtInstallerExe.exe -> [Ver = | Size = 375992 bytes | Modified Date = 6/19/2008 1:12:59 PM | Attr = ]
devcon.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\devcon.exe -> Microsoft Corporation [Ver = 6.0.5744.16384 (vista_rtm_edw.061003-1945) | Size = 77312 bytes | Modified Date = 11/1/2006 4:44:30 PM | Attr = ]
EAD2F6.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\EAD2F6.exe -> Electronic Arts [Ver = 4.0.0.395 | Size = 15471872 bytes | Modified Date = 6/19/2008 1:13:34 PM | Attr = ]
EADF45.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\EADF45.exe -> Electronic Arts [Ver = 4.0.0.91 | Size = 22009600 bytes | Modified Date = 10/30/2007 8:51:25 PM | Attr = ]
gtk-runtime.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\gtk-runtime.exe -> [Ver = | Size = 5594317 bytes | Modified Date = 5/3/2007 5:15:06 PM | Attr = ]
instmsia.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\instmsia.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1708856 bytes | Modified Date = 5/23/2005 3:27:00 PM | Attr = ]
instmsiw.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\instmsiw.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1822520 bytes | Modified Date = 5/23/2005 3:27:00 PM | Attr = ]
jre-6u3-windows-i586-p-iftw_2cd32978.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 382352 bytes | Modified Date = 9/25/2007 3:42:01 PM | Attr = ]
jre-6u5-windows-i586-p-iftw_1b121abb.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 382352 bytes | Modified Date = 2/22/2008 11:17:56 AM | Attr = ]
jre-6u7-windows-i586-p-iftw_bdb28397.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Modified Date = 6/10/2008 5:53:46 AM | Attr = ]
SPTDinst.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPTDinst.exe -> Duplex Secure Ltd. [Ver = 1.47.0.0 | Size = 817400 bytes | Modified Date = 6/3/2007 7:16:57 PM | Attr = ]
TFR122.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TFR122.exe -> Microsoft Corp. [Ver = 9.50.0428.0 | Size = 157696 bytes | Modified Date = 4/6/2006 11:07:56 AM | Attr = ]
_Riva FLV Encoder.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_Riva FLV Encoder.exe -> Rothenberger & Partner [Ver = 02.00.0004 | Size = 828148 bytes | Modified Date = 2/20/2008 8:34:52 PM | Attr = ]
_Riva FLV Player.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_Riva FLV Player.exe -> Rothenberger & Partner [Ver = 01.00.0001 | Size = 725761 bytes | Modified Date = 2/21/2008 11:22:52 PM | Attr = ]
395 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD} -> [Folder | Modified Date = 6/19/2007 10:14:37 PM | Attr = ]
nvuninst-amd64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvuninst-amd64.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 222720 bytes | Modified Date = 4/19/2007 1:30:40 PM | Attr = ]
nvuninst-ia64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvuninst-ia64.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 25 | Size = 242688 bytes | Modified Date = 4/19/2007 1:30:40 PM | Attr = ]
NVUninst.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\NVUninst.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Modified Date = 4/19/2007 2:14:14 PM | Attr = ]
nvupnp-amd64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvupnp-amd64.exe -> [Ver = | Size = 28160 bytes | Modified Date = 4/19/2007 1:30:42 PM | Attr = ]
nvupnp-ia64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvupnp-ia64.exe -> [Ver = | Size = 56832 bytes | Modified Date = 4/19/2007 1:30:42 PM | Attr = ]
nvupnpbr.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvupnpbr.exe -> [Ver = | Size = 32768 bytes | Modified Date = 4/19/2007 1:30:42 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC} -> [Folder | Modified Date = 6/27/2007 12:08:49 PM | Attr = ]
dxsetup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484560 bytes | Modified Date = 5/25/2006 3:53:28 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684} -> [Folder | Modified Date = 5/31/2008 11:33:18 PM | Attr = ]
GoogleToolbarInstaller_EN.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\GoogleToolbarInstaller_EN.exe -> Google [Ver = 4, 0, 1020, 6156 | Size = 844328 bytes | Modified Date = 12/3/2007 2:05:28 AM | Attr = ]
sgs.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\sgs.exe -> [Ver = | Size = 376248 bytes | Modified Date = 12/3/2007 2:05:28 AM | Attr = ]
SketchUpInstaller.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\SketchUpInstaller.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 31828642 bytes | Modified Date = 12/3/2007 2:20:08 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8 -> [Folder | Modified Date = 6/9/2007 8:49:40 PM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.1 | Size = 304784 bytes | Modified Date = 5/11/2007 1:50:42 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_ -> [Folder | Modified Date = 6/9/2007 8:56:20 PM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.1 | Size = 304784 bytes | Modified Date = 5/11/2007 1:50:42 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__ -> [Folder | Modified Date = 7/22/2007 12:24:55 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.1 | Size = 304784 bytes | Modified Date = 5/11/2007 1:50:42 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye1C6.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye1C6.tmp\Disk1 -> [Folder | Modified Date = 5/31/2008 11:30:47 PM | Attr = ]
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye1C6.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 121064 bytes | Modified Date = 5/31/2008 11:30:47 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye333.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye333.tmp\Disk1 -> [Folder | Modified Date = 6/19/2008 2:25:02 PM | Attr = ]
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye333.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 118736 bytes | Modified Date = 6/19/2008 2:25:01 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3C0.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3C0.tmp\Disk1 -> [Folder | Modified Date = 6/10/2007 10:31:27 AM | Attr = ]
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3C0.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 118736 bytes | Modified Date = 6/10/2007 10:31:21 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3CC.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3CC.tmp\Disk1 -> [Folder | Modified Date = 6/10/2007 10:32:29 AM | Attr = ]
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3CC.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 118736 bytes | Modified Date = 6/10/2007 10:32:29 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\drivers\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\drivers -> [Folder | Modified Date = 8/20/2008 1:15:23 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\drivers\Setup.exe -> Moore Computer Consultants, Inc. [Ver = 1.26 | Size = 65536 bytes | Modified Date = 5/23/2005 3:27:00 PM | Attr = ]
SSCDUninstall.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\drivers\SSCDUninstall.exe -> Moore Computer Consultants, Inc. [Ver = 1.26 | Size = 65536 bytes | Modified Date = 5/23/2005 3:27:00 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fox6B5.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fox6B5.tmp\ -> [Folder | Modified Date = 8/28/2007 1:05:51 AM | Attr = ]
Foxit Reader Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fox6B5.tmp\Foxit Reader Setup.exe -> [Ver = 1, 0, 0, 1 | Size = 380160 bytes | Modified Date = 8/28/2007 1:05:51 AM | Attr = ]
Foxit Reader.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fox6B5.tmp\Foxit Reader.exe -> [Ver = 2, 1, 2007, 2023 | Size = 5528832 bytes | Modified Date = 8/28/2007 1:05:51 AM | Attr = ]
Uninstall.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fox6B5.tmp\Uninstall.exe -> Foxit Software [Ver = 1, 0, 0, 1 | Size = 85248 bytes | Modified Date = 8/28/2007 1:05:51 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\HPSU89GO.48G\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\HPSU89GO.48G\ -> [Folder | Modified Date = 6/10/2007 11:08:26 PM | Attr = ]
HPUSelfUpdate.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\HPSU89GO.48G\HPUSelfUpdate.exe -> Hewlett-Packard [Ver = 4.0.5.7 | Size = 2697160 bytes | Modified Date = 6/10/2007 11:08:26 PM | Attr = ]
UpdateDatFix.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\HPSU89GO.48G\UpdateDatFix.exe -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 249856 bytes | Modified Date = 6/10/2007 11:08:11 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer -> [Folder | Modified Date = 4/7/2008 4:26:47 PM | Attr = ]
setup2.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer\setup2.exe -> Knife Edge Software [Ver = 1.00.155 | Size = 712704 bytes | Modified Date = 5/17/2006 6:00:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\ -> [Folder | Modified Date = 6/20/2007 1:10:19 AM | Attr = ]
setup_blazemp.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\setup_blazemp.exe -> Mystik Media [Ver = 6.0 | Size = 2452022 bytes | Modified Date = 2/14/2007 8:07:09 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMXDBRNGKIMSCSXEISDIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMXDBRNGKIMSCSXEISDIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NMSAccess.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMXDBRNGKIMSCSXEISDIFFFF0\NMSAccess.exe -> [Ver = | Size = 65536 bytes | Modified Date = 1/25/2007 1:52:36 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDOSSSTM3OGENEXFWNSSDRFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDOSSSTM3OGENEXFWNSSDRFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
OggEnc.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDOSSSTM3OGENEXFWNSSDRFFFFFF0\OggEnc.exe -> [Ver = | Size = 157696 bytes | Modified Date = 7/19/2002 9:48:22 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFWIDOSSSTM3LAEEEFINYSIRFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFWIDOSSSTM3LAEEEFINYSIRFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
Lame.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFWIDOSSSTM3LAEEEFINYSIRFFFFFF0\Lame.exe -> [Ver = | Size = 145408 bytes | Modified Date = 11/5/2005 4:34:50 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPRBMEXFTRGTDRFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPRBMEXFTRGTDRFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
BMP.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPRBMEXFTRGTDRFFFFFF0\BMP.exe -> Mystik Media [Ver = 7.01 | Size = 2633728 bytes | Modified Date = 2/14/2007 8:06:14 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LOGI_MWX.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 6, 31, 100, 1190 | Size = 56320 bytes | Modified Date = 9/5/2001 3:23:24 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LOGI_MWX.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win98\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win98 -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LOGI_MWX.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win98\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinME\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinME -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LOGI_MWX.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinME\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinNT\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinNT -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LOGI_MWX.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinNT\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1 -> [Folder | Modified Date = 7/17/2007 10:16:30 PM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Setup.exe -> InstallShield Software Corporation [Ver = 6, 31, 100, 1190 | Size = 56320 bytes | Modified Date = 9/5/2001 3:23:24 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist -> [Folder | Modified Date = 7/17/2007 10:16:30 PM | Attr = ]
LCamera.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\LCamera.exe -> Logitech Inc. [Ver = 8.0.0.1000 | Size = 20992 bytes | Modified Date = 12/23/2003 3:55:20 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK -> [Folder | Modified Date = 7/17/2007 10:16:30 PM | Attr = ]
setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\setup.exe -> [Ver = | Size = 49152 bytes | Modified Date = 5/15/2002 4:16:10 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp -> [Folder | Modified Date = 6/9/2007 11:54:57 PM | Attr = ]
ACTIVESH.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ACTIVESH.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 8/31/1999 10:48:52 PM | Attr = ]
DEVLOAD.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\DEVLOAD.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 2/8/1997 5:11:20 PM | Attr = ]
ONSICON.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ONSICON.EXE -> [Ver = | Size = 43444 bytes | Modified Date = 9/30/2000 10:36:40 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 71680 bytes | Modified Date = 10/2/1998 7:04:32 PM | Attr = ]
swisNife.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\swisNife.exe -> CompuApps, Inc. [Ver = V3.22 | Size = 1077248 bytes | Modified Date = 12/1/2005 3:59:12 PM | Attr = ]
VERSION.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\VERSION.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 5/17/1999 10:49:54 AM | Attr = ]
_ISDel.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 1:06:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp -> [Folder | Modified Date = 6/9/2007 11:56:32 PM | Attr = ]
ACTIVESH.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ACTIVESH.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 8/31/1999 10:48:52 PM | Attr = ]
DEVLOAD.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\DEVLOAD.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 2/8/1997 5:11:20 PM | Attr = ]
ONSICON.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ONSICON.EXE -> [Ver = | Size = 43444 bytes | Modified Date = 9/30/2000 10:36:40 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 71680 bytes | Modified Date = 10/2/1998 7:04:32 PM | Attr = ]
swisNife.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\swisNife.exe -> CompuApps, Inc. [Ver = V3.22 | Size = 1077248 bytes | Modified Date = 12/1/2005 3:59:12 PM | Attr = ]
VERSION.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\VERSION.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 5/17/1999 10:49:54 AM | Attr = ]
_ISDel.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 1:06:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp -> [Folder | Modified Date = 6/9/2007 11:58:56 PM | Attr = ]
ACTIVESH.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ACTIVESH.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 8/31/1999 10:48:52 PM | Attr = ]
DEVLOAD.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\DEVLOAD.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 2/8/1997 5:11:20 PM | Attr = ]
ONSICON.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ONSICON.EXE -> [Ver = | Size = 43444 bytes | Modified Date = 9/30/2000 10:36:40 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 71680 bytes | Modified Date = 10/2/1998 7:04:32 PM | Attr = ]
swisNife.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\swisNife.exe -> CompuApps, Inc. [Ver = V3.22 | Size = 1077248 bytes | Modified Date = 12/1/2005 3:59:12 PM | Attr = ]
VERSION.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\VERSION.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 5/17/1999 10:49:54 AM | Attr = ]
_ISDel.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 1:06:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp -> [Folder | Modified Date = 6/10/2007 12:00:30 AM | Attr = ]
ACTIVESH.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ACTIVESH.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 8/31/1999 10:48:52 PM | Attr = ]
DEVLOAD.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\DEVLOAD.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 2/8/1997 5:11:20 PM | Attr = ]
ONSICON.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ONSICON.EXE -> [Ver = | Size = 43444 bytes | Modified Date = 9/30/2000 10:36:40 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 71680 bytes | Modified Date = 10/2/1998 7:04:32 PM | Attr = ]
swisNife.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\swisNife.exe -> CompuApps, Inc. [Ver = V3.22 | Size = 1077248 bytes | Modified Date = 12/1/2005 3:59:12 PM | Attr = ]
VERSION.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\VERSION.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 5/17/1999 10:49:54 AM | Attr = ]
_ISDel.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 1:06:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp -> [Folder | Modified Date = 6/10/2007 12:00:39 AM | Attr = ]
ACTIVESH.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ACTIVESH.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 8/31/1999 10:48:52 PM | Attr = ]
DEVLOAD.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\DEVLOAD.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 2/8/1997 5:11:20 PM | Attr = ]
ONSICON.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ONSICON.EXE -> [Ver = | Size = 43444 bytes | Modified Date = 9/30/2000 10:36:40 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 71680 bytes | Modified Date = 10/2/1998 7:04:32 PM | Attr = ]
swisNife.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\swisNife.exe -> CompuApps, Inc. [Ver = V3.22 | Size = 1077248 bytes | Modified Date = 12/1/2005 3:59:12 PM | Attr = ]
VERSION.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\VERSION.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 5/17/1999 10:49:54 AM | Attr = ]
_ISDel.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 1:06:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp -> [Folder | Modified Date = 6/10/2007 12:00:58 AM | Attr = ]
ACTIVESH.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ACTIVESH.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 8/31/1999 10:48:52 PM | Attr = ]
DEVLOAD.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\DEVLOAD.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 2/8/1997 5:11:20 PM | Attr = ]
ONSICON.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ONSICON.EXE -> [Ver = | Size = 43444 bytes | Modified Date = 9/30/2000 10:36:40 AM | Attr = ]
Setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 71680 bytes | Modified Date = 10/2/1998 7:04:32 PM | Attr = ]
swisNife.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\swisNife.exe -> CompuApps, Inc. [Ver = V3.22 | Size = 1077248 bytes | Modified Date = 12/1/2005 3:59:12 PM | Attr = ]
VERSION.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\VERSION.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 5/17/1999 10:49:54 AM | Attr = ]
_ISDel.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 1:06:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SceneCaster\vcredist_x86\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SceneCaster\vcredist_x86 -> [Folder | Modified Date = 5/29/2008 10:09:01 PM | Attr = ]
vcredist_x86.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SceneCaster\vcredist_x86\vcredist_x86.exe -> Microsoft Corporation [Ver = 2.0.50727.762 | Size = 2682880 bytes | Modified Date = 12/2/2006 4:31:08 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH -> [Folder | Modified Date = 2/11/2008 11:58:44 PM | Attr = ]
SETUP.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\SETUP.EXE -> InstallShield Software Corporation [Ver = 5.10.146.0 | Size = 60416 bytes | Modified Date = 1/24/1998 9:08:28 AM | Attr = ]
_ISDEL.EXE -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\_ISDEL.EXE -> InstallShield Software Corporation [Ver = 5.10.146.0 | Size = 8704 bytes | Modified Date = 1/29/1998 1:07:44 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Directory 1 for Universal UXTheme Patcher v2.1.zip\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Directory 1 for Universal UXTheme Patcher v2.1.zip\ -> [Folder | Modified Date = 6/10/2007 1:19:34 AM | Attr = H ]
Universal UXTheme Patcher v2.1.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Directory 1 for Universal UXTheme Patcher v2.1.zip\Universal UXTheme Patcher v2.1.exe -> [Ver = | Size = 67139 bytes | Modified Date = 4/16/2007 12:53:16 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE0.TMP\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE0.TMP\ -> [Folder | Modified Date = 8/18/2008 11:25:03 PM | Attr = ]
CFP_Setup_3.0.25.378_XP_Vista_x64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE0.TMP\CFP_Setup_3.0.25.378_XP_Vista_x64.exe -> COMODO [Ver = 1.0.0.1 | Size = 62921984 bytes | Modified Date = 5/30/2008 8:53:44 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE1.TMP\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE1.TMP\ -> [Folder | Modified Date = 8/18/2008 11:25:25 PM | Attr = ]
CFP_Setup_3.0.25.378_XP_Vista_x64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE1.TMP\CFP_Setup_3.0.25.378_XP_Vista_x64.exe -> COMODO [Ver = 1.0.0.1 | Size = 62921984 bytes | Modified Date = 5/30/2008 8:53:44 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE2.TMP\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE2.TMP\ -> [Folder | Modified Date = 8/20/2008 1:12:48 AM | Attr = ]
CFP_Setup_3.0.25.378_XP_Vista_x64.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE2.TMP\CFP_Setup_3.0.25.378_XP_Vista_x64.exe -> COMODO [Ver = 1.0.0.1 | Size = 62921984 bytes | Modified Date = 5/30/2008 8:53:44 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 2:00:13 AM | Attr = ]
eekuamxo.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\eekuamxo.dll -> [Ver = | Size = 89600 bytes | Modified Date = 8/19/2008 3:18:41 AM | Attr = HS]
IadHide5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 116R) | Size = 24613 bytes | Modified Date = 10/6/2006 4:24:39 PM | Attr = ]
lame_enc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lame_enc.dll -> www.mp3dev.org [Ver = 3, 93, 1, 0 | Size = 208896 bytes | Modified Date = 1/8/2004 11:38:26 AM | Attr = ]
MFPL7014.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MFPL7014.DLL -> Macromedia, Inc. [Ver = 7,0,14,0 | Size = 917504 bytes | Modified Date = 6/10/2007 9:37:25 PM | Attr = ]
mPlayer.cu.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mPlayer.cu.dll -> [Ver = | Size = 114688 bytes | Modified Date = 6/10/2007 9:37:25 PM | Attr = ]
uxtheme.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\uxtheme.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 218624 bytes | Modified Date = 4/14/2008 5:42:10 AM | Attr = ]
395 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD} -> [Folder | Modified Date = 6/19/2007 10:14:37 PM | Attr = ]
isrt.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\isrt.dll -> InstallShield Software Corporation [Ver = 9.01.429 | Size = 401408 bytes | Modified Date = 11/28/2006 5:09:30 PM | Attr = ]
NvInstNT.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\NvInstNT.dll -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 163840 bytes | Modified Date = 4/19/2007 2:14:10 PM | Attr = ]
_IsRes.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_IsRes.dll -> InstallShield Software Corporation [Ver = 9.00.333 | Size = 364544 bytes | Modified Date = 11/28/2006 5:09:28 PM | Attr = ]
_isressm.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_isressm.dll -> InstallShield Software Corporation [Ver = 9.00.333 | Size = 299008 bytes | Modified Date = 4/19/2007 1:30:40 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{9F91129B-FE69-41C1-A6CC-7D9EA54D89D5}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{9F91129B-FE69-41C1-A6CC-7D9EA54D89D5} -> [Folder | Modified Date = 7/11/2007 1:22:15 PM | Attr = ]
_isres.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{9F91129B-FE69-41C1-A6CC-7D9EA54D89D5}\_isres.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 123312 bytes | Modified Date = 7/11/2007 1:22:14 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC} -> [Folder | Modified Date = 6/27/2007 12:08:49 PM | Attr = ]
DSETUP.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74448 bytes | Modified Date = 5/25/2006 3:53:26 PM | Attr = ]
dsetup32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{A1E83ED5-8DA3-46BC-B1AE-6B01E7FE932E}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248400 bytes | Modified Date = 5/25/2006 3:53:26 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A} -> [Folder | Modified Date = 9/12/2007 5:54:59 PM | Attr = ]
AdobeUpdater.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\AdobeUpdater.dll -> Adobe Systems Incorporated [Ver = 4, 0, 0, 44 | Size = 425984 bytes | Modified Date = 9/12/2007 5:54:59 PM | Attr = ]
asneu.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\asneu.dll -> Adobe Systems Inc. [Ver = 1, 6, 0, 8 | Size = 126976 bytes | Modified Date = 9/12/2007 5:54:59 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684} -> [Folder | Modified Date = 5/31/2008 11:33:18 PM | Attr = ]
gtapi.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D1845565-8E3C-43D3-B0A7-D439D4A44652}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\gtapi.dll -> [Ver = | Size = 45056 bytes | Modified Date = 12/3/2007 2:05:28 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer -> [Folder | Modified Date = 4/7/2008 4:26:47 PM | Attr = ]
nlvscan2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer\nlvscan2.dll -> [Ver = | Size = 47104 bytes | Modified Date = 9/8/2005 12:50:08 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp1C.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp1C.tmp\ -> [Folder | Modified Date = 6/19/2007 10:14:30 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp1C.tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 9.01.429 | Size = 368640 bytes | Modified Date = 6/19/2007 10:14:30 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp367.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp367.tmp\ -> [Folder | Modified Date = 6/10/2007 10:20:39 AM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp367.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 380928 bytes | Modified Date = 6/10/2007 10:20:39 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp483.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp483.tmp\ -> [Folder | Modified Date = 6/27/2007 12:00:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\isp483.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 380928 bytes | Modified Date = 6/27/2007 12:00:44 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\ -> [Folder | Modified Date = 6/20/2007 1:10:19 AM | Attr = ]
mia.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\mia.dll -> [Ver = | Size = 321108 bytes | Modified Date = 2/14/2007 8:07:09 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCDFTSN3DFIYSRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCDFTSN3DFIYSRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioFormatSettings3.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCDFTSN3DFIYSRFFTF0\NCTAudioFormatSettings3.dll -> Online Media Technologies Ltd. [Ver = 1,1,1,123 | Size = 90112 bytes | Modified Date = 6/15/2005 6:04:46 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCIDCMESLFNSDRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCIDCMESLFNSDRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTVideoCompress.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCIDCMESLFNSDRFFTF0\NCTVideoCompress.dll -> NCT Company Ltd. [Ver = 1,6,2,1384 | Size = 780288 bytes | Modified Date = 4/14/2005 5:07:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCIDTAFODLINSIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCIDTAFODLINSIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTVideoTransform.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCIDTAFODLINSIFFFF0\NCTVideoTransform.dll -> Online Media Technologies Ltd. [Ver = 1,6,2,160 | Size = 636416 bytes | Modified Date = 3/30/2005 2:05:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUDCMESDLINSIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUDCMESDLINSIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
NCTAudioCompress2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUDCMESDLINSIFFFF0\NCTAudioCompress2.dll -> Online Media Technologies Ltd. [Ver = 2,6,4,245 | Size = 778240 bytes | Modified Date = 6/1/2005 10:16:22 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUDCMESDLINSIFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUDCMESDLINSIFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
NCTAudioCompress3.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUDCMESDLINSIFFTF0\NCTAudioCompress3.dll -> Online Media Technologies Ltd. [Ver = 1,1,3,694 | Size = 2846720 bytes | Modified Date = 7/21/2005 11:33:30 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUITMILLFNSDRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUITMILLFNSDRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTQuickTimeFile.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOIETCUITMILLFNSDRFFTF0\NCTQuickTimeFile.dll -> Online Media Technologies Company Ltd. [Ver = 1,6,3,1829 | Size = 249856 bytes | Modified Date = 7/19/2005 3:53:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCIDCRDLWNSDFFFT0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCIDCRDLWNSDFFFT0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTVideoCoreM.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCIDCRDLWNSDFFFT0\NCTVideoCoreM.dll -> NCT Company Ltd. [Ver = 1,6,2,1268 | Size = 495104 bytes | Modified Date = 7/8/2005 4:31:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCIDFLLLISDIFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCIDFLLLISDIFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTVideoFile.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCIDFLLLISDIFFTF0\NCTVideoFile.dll -> NCT Company Ltd. [Ver = 1,6,2,115 | Size = 188416 bytes | Modified Date = 6/29/2005 2:28:40 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCMAFLLLISDIFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCMAFLLLISDIFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTImageFile.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECEOUIEDTCMAFLLLISDIFFTF0\NCTImageFile.dll -> Online Media Technologies Ltd. [Ver = 1,9,3,493 | Size = 626688 bytes | Modified Date = 3/18/2005 1:01:46 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRESNAUOI2DFIYSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRESNAUOI2DFIYSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioFile2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRESNAUOI2DFIYSRFFFF0\NCTAudioFile2.dll -> NCT Company Ltd. [Ver = 2,6,1,648 | Size = 877568 bytes | Modified Date = 6/1/2005 10:11:04 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUOERDLFNSDRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUOERDLFNSDRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioRecord2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUOERDLFNSDRFFTF0\NCTAudioRecord2.dll -> Online Media Technologies Ltd. [Ver = 2,6,2,240 | Size = 467968 bytes | Modified Date = 6/1/2005 10:12:12 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUOLERLFNSDRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUOLERLFNSDRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioPlayer2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUOLERLFNSDRFFTF0\NCTAudioPlayer2.dll -> Online Media Technologies Ltd. [Ver = 2,6,2,281 | Size = 467456 bytes | Modified Date = 6/1/2005 10:11:48 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUORBEDLINSIFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUORBEDLINSIFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioGrabber2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNAUORBEDLINSIFFTF0\NCTAudioGrabber2.dll -> NCT Company Ltd. [Ver = 2,4,1,126 | Size = 327680 bytes | Modified Date = 12/8/2003 9:16:21 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUOALI2DFIYSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUOALI2DFIYSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioVisualization2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUOALI2DFIYSRFFFF0\NCTAudioVisualization2.dll -> Online Media Technologies Ltd. [Ver = 2,6,1,109 | Size = 478208 bytes | Modified Date = 3/28/2005 1:54:44 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUORMINLLISDIFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUORMINLLISDIFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioInformation2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUORMINLLISDIFFTF0\NCTAudioInformation2.dll -> Online Media Technologies Ltd. [Ver = 2,6,1,258 | Size = 966144 bytes | Modified Date = 6/1/2005 10:15:42 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUORSFMDFWSSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUORSFMDFWSSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioTransform2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOIRSNUORSFMDFWSSRFFFF0\NCTAudioTransform2.dll -> Online Media Technologies Ltd. [Ver = 2,6,2,206 | Size = 522752 bytes | Modified Date = 5/31/2005 2:02:34 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOORSNAUODORLFNSDRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOORSNAUODORLFNSDRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAudioEditor2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOORSNAUODORLFNSDRFFTF0\NCTAudioEditor2.dll -> Online Media Technologies Ltd. [Ver = 2,6,1,393 | Size = 634880 bytes | Modified Date = 6/1/2005 9:54:02 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOORSNUODABRDFWSSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOORSNUODABRDFWSSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
NCTAudioCDGrabber2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOORSNUODABRDFWSSRFFFF0\NCTAudioCDGrabber2.dll -> NCT [Ver = 2,6,2,92 | Size = 479744 bytes | Modified Date = 11/4/2004 11:31:24 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOUIRESNWMIELLISDIFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOUIRESNWMIELLISDIFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTWMAFile2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECIOUIRESNWMIELLISDIFFTF0\NCTWMAFile2.dll -> Online Media Technologies Ltd. [Ver = 2,6,2,157 | Size = 403968 bytes | Modified Date = 5/26/2005 10:00:34 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECSOERDRDTAMSGDFIYSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECSOERDRDTAMSGDFIYSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
AdjMmsEng.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECSOERDRDTAMSGDFIYSRFFFF0\AdjMmsEng.dll -> MultiMedia Soft [Ver = 5, 7, 0, 8 | Size = 668672 bytes | Modified Date = 2/8/2007 8:49:44 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECVEOUIEDTCMVLDFWSSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECVEOUIEDTCMVLDFWSSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTWMVFile.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECVEOUIEDTCMVLDFWSSRFFFF0\NCTWMVFile.dll -> NCT Company Ltd. [Ver = 1,4,1,140 | Size = 215552 bytes | Modified Date = 7/1/2005 4:09:00 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECVEOUIEDTCVILDFWSSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECVEOUIEDTCVILDFWSSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NCTAVIFile.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCECVEOUIEDTCVILDFWSSRFFFF0\NCTAVIFile.dll -> NCT Company Ltd. [Ver = 1,6,2,441 | Size = 382464 bytes | Modified Date = 6/7/2005 4:11:26 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIDIDTIXORODPSDFIYSRFFFT0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIDIDTIXORODPSDFIYSRFFFT0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
gdiplus.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIDIDTIXORODPSDFIYSRFFFT0\gdiplus.dll -> Microsoft Corporation [Ver = 5.1.3101.0 (xpsp1.020828-1920) | Size = 1703936 bytes | Modified Date = 8/29/2002 6:00:00 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIENDACRTRICAOLLISDIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIENDACRTRICAOLLISDIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
AVICreator.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIENDACRTRICAOLLISDIFFFF0\AVICreator.dll -> Essien Research & Development [Ver = 3, 0, 0, 1 | Size = 151552 bytes | Modified Date = 10/21/2005 6:23:24 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIENDWCRTRVCAOLLISDIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIENDWCRTRVCAOLLISDIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
WMVCreator.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEIENDWCRTRVCAOLLISDIFFFF0\WMVCreator.dll -> Essien Research & Development [Ver = 4.0.0.0 | Size = 200704 bytes | Modified Date = 10/30/2005 8:02:18 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMDXDBRNGKIMSDDFWSSRFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMDXDBRNGKIMSDDFWSSRFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NMSDVDX.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMDXDBRNGKIMSDDFWSSRFFTF0\NMSDVDX.dll -> NuMedia Soft, Inc. [Ver = 1, 0, 0, 4 | Size = 1077248 bytes | Modified Date = 1/25/2007 6:46:04 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMRAFAKNEINBE4LLISDIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMRAFAKNEINBE4LLISDIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
SkinBoxer43.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMRAFAKNEINBE4LLISDIFFFF0\SkinBoxer43.dll -> SmartBrain Software [Ver = 2, 7, 4, 3 | Size = 253952 bytes | Modified Date = 10/29/2003 7:43:44 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMXDBRNGKIMSDULFNYIRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMXDBRNGKIMSDULFNYIRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
NMSDVDXU.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEMXDBRNGKIMSDULFNYIRFFFF0\NMSDVDXU.dll -> NuMedia Soft, Inc. [Ver = 1, 0, 0, 4 | Size = 1101824 bytes | Modified Date = 1/25/2007 6:45:50 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESCNELWIYDFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESCNELWIYDFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
DirectEncode.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESCNELWIYDFFFF0\DirectEncode.dll -> Essien Research & Development [Ver = 5.2 | Size = 159744 bytes | Modified Date = 11/30/2006 8:19:38 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESP2DFIYSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESP2DFIYSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
erdmpg-5.2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESP2DFIYSRFFFF0\erdmpg-5.2.dll -> Industrial Streams [Ver = 5, 2, 9, 0 | Size = 237568 bytes | Modified Date = 11/30/2006 8:17:54 AM | Attr = ]

Speeddemon
2008-08-20, 12:11
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPADLINSIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPADLINSIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
erdmpg-parse.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPADLINSIFFFF0\erdmpg-parse.dll -> [Ver = | Size = 268242 bytes | Modified Date = 9/24/2006 11:53:54 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPNCLWSYIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPNCLWSYIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
erdmpg-enc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPNCLWSYIFFFF0\erdmpg-enc.dll -> [Ver = | Size = 2518779 bytes | Modified Date = 9/24/2006 11:53:42 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPNTLWSYIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPNTLWSYIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
erdmpg-int.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCETRDEORDRUESPNTLWSYIFFFF0\erdmpg-int.dll -> [Ver = | Size = 30693 bytes | Modified Date = 9/24/2006 11:52:04 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEVAHOCIXCTOSV7DFWSSRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEVAHOCIXCTOSV7DFWSSRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
msvcp71.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEVAHOCIXCTOSV7DFWSSRFFFF0\msvcp71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 8/27/2003 1:43:16 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEVAHOCIXCTOSV7DFWSSRFFFF1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEVAHOCIXCTOSV7DFWSSRFFFF1 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
msvcr71.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEVAHOCIXCTOSV7DFWSSRFFFF1\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 2/21/2003 6:42:20 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEXEDXMSABXCORLLFREIRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEXEDXMSABXCORLLFREIRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
ExControl.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCEXEDXMSABXCORLLFREIRFFFF0\ExControl.dll -> www.ProgresSys.com [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 2/9/2005 9:26:19 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVECAIOUIRESLEEDLINSIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVECAIOUIRESLEEDLINSIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
lame_enc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVECAIOUIRESLEEDLINSIFFFF0\lame_enc.dll -> [Ver = | Size = 237568 bytes | Modified Date = 8/7/2003 1:01:50 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVEUIAGCIXMITSALFNSDRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVEUIAGCIXMITSALFNSDRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
MusicTagsAX.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVEUIAGCIXMITSALFNSDRFFFF0\MusicTagsAX.dll -> [Ver = | Size = 258560 bytes | Modified Date = 11/17/2005 10:57:30 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVEVAHOCIXCTOFCDLINSIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVEVAHOCIXCTOFCDLINSIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
MFC71.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMGCVEVAHOCIXCTOFCDLINSIFFFF0\MFC71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 3/19/2003 11:19:58 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMMGCVERPTEEFECCIRMLTGEIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMMGCVERPTEEFECCIRMLTGEIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
IsDRM.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFGMMGCVERPTEEFECCIRMLTGEIFFFF0\IsDRM.dll -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 2/5/2005 3:18:08 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDOSSSTM3MSINDLFWNSSDRFFFTFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDOSSSTM3MSINDLFWNSSDRFFFTFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
MSBIND.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDOSSSTM3MSINDLFWNSSDRFFFTFF0\MSBIND.DLL -> Microsoft Corporation [Ver = 6.01.9782 | Size = 78848 bytes | Modified Date = 2/22/2004 10:00:00 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDSSSTM3MSCR0DLFINYSIRFFFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDSSSTM3MSCR0DLFINYSIRFFFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
msvcr70.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFIDSSSTM3MSCR0DLFINYSIRFFFFTF0\msvcr70.dll -> Microsoft Corporation [Ver = 7.00.9466.0 | Size = 344064 bytes | Modified Date = 1/5/2002 1:37:26 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFMIOLFIREAITCTAFLBFAOLLGEFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFMIOLFIREAITCTAFLBFAOLLGEFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
AffCreatorDLL.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFMIOLFIREAITCTAFLBFAOLLGEFFFF0\AffCreatorDLL.dll -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 5/13/2003 5:20:36 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEIEDIRAPUTDFWSSRFFTFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEIEDIRAPUTDFWSSRFFTFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
Manipulate.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEIEDIRAPUTDFWSSRFFTFF0\Manipulate.dll -> [Ver = 1, 0, 0, 1 | Size = 262144 bytes | Modified Date = 10/21/2006 10:59:59 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVENOONAOUNMOLLISDIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVENOONAOUNMOLLISDIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
Uncommon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVENOONAOUNMOLLISDIFFFF0\Uncommon.dll -> [Ver = 1, 0, 0, 1 | Size = 97280 bytes | Modified Date = 2/1/2004 12:21:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEOTDXNRVOODLLISDIFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEOTDXNRVOODLLISDIFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
voltoCDX.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEOTDXNRVOODLLISDIFFFF0\voltoCDX.dll -> VOLTO.COM [Ver = 1.00.0024 | Size = 139264 bytes | Modified Date = 6/24/2004 4:48:08 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEPUATEIAPPADLWNSDFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEPUATEIAPPADLWNSDFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
AppUpdate.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEPUATEIAPPADLWNSDFFTF0\AppUpdate.dll -> DTLink Software (http://www.dtlink.com) [Ver = 3, 0, 0, 21 | Size = 643072 bytes | Modified Date = 1/4/2003 3:58:12 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEPUATEIHTERLFNYIRFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEPUATEIHTERLFNYIRFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
httperr.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEPUATEIHTERLFNYIRFFFF0\httperr.dll -> DTLink Software [Ver = 1, 0, 0, 1 | Size = 12288 bytes | Modified Date = 1/5/2001 10:38:10 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KLENLLTAGEDIFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KLENLLTAGEDIFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
lame_enc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KLENLLTAGEDIFFFFFF0\lame_enc.dll -> [Ver = | Size = 175104 bytes | Modified Date = 7/29/2004 12:19:46 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KT2OLLTAGEDIFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KT2OLLTAGEDIFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
TVE2COM.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KT2OLLTAGEDIFFFFFF0\TVE2COM.dll -> Blue Pacific Software [Ver = 2.1.409.2 | Size = 921600 bytes | Modified Date = 5/16/2006 2:17:16 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KTE2LLTAGEDIFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KTE2LLTAGEDIFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
TVE2.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEV2KTE2LLTAGEDIFFFFFF0\TVE2.dll -> Blue Pacific Software [Ver = 2.1.409.2 | Size = 901120 bytes | Modified Date = 5/16/2006 2:17:34 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEYICOYIETRLWIYDFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEYICOYIETRLWIYDFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
comLyricGetter.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFRGMMGCVEYICOYIETRLWIYDFFFFFF0\comLyricGetter.dll -> [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Modified Date = 10/14/2005 8:10:24 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBDBDLINSIFFFTFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBDBDLINSIFFFTFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
CDDBUI.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBDBDLINSIFFFTFF0\CDDBUI.dll -> Gracenote [Ver = 2, 1, 0, 10 | Size = 765952 bytes | Modified Date = 2/22/2005 8:36:50 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBDBNRDLWNSDFFTF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBDBNRDLWNSDFFTF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
CDDBControl.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBDBNRDLWNSDFFTF0\CDDBControl.dll -> Gracenote, Inc. [Ver = 2, 1, 0, 10 | Size = 589824 bytes | Modified Date = 2/22/2005 8:37:48 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBZI2LTAEDFFFFFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBZI2LTAEDFFFFFF0 -> [Folder | Modified Date = 6/20/2007 1:10:18 AM | Attr = ]
Unzip32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEALEMIPDIRBZI2LTAEDFFFFFF0\Unzip32.dll -> Info-ZIP [Ver = 5.4 | Size = 143360 bytes | Modified Date = 12/2/1998 7:11:02 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEIAYSIKEDADLFARETIRFFFTFF0\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEIAYSIKEDADLFARETIRFFFTFF0 -> [Folder | Modified Date = 6/20/2007 1:10:17 AM | Attr = ]
MystikMedia.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\mia34.tmp\OFFLINE\IFYTMEIAYSIKEDADLFARETIRFFFTFF0\MystikMedia.dll -> Mystik Media [Ver = 1.00.0042 | Size = 204800 bytes | Modified Date = 12/1/2004 2:04:59 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nsrF4D.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nsrF4D.tmp\ -> [Folder | Modified Date = 8/24/2007 1:08:34 AM | Attr = ]
WT_Plugin.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nsrF4D.tmp\WT_Plugin.dll -> [Ver = 1.0.0.49 | Size = 167936 bytes | Modified Date = 8/24/2007 1:08:33 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator -> [Folder | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
056721307e354d83addd03bdfc5c4d54.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\056721307e354d83addd03bdfc5c4d54.dll -> [Ver = | Size = 28745 bytes | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
8559f0a5de4aeae630ab829edac0de98.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\8559f0a5de4aeae630ab829edac0de98.dll -> [Ver = | Size = 82032 bytes | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
8b285eff21bc702f99df7d987f097691.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\8b285eff21bc702f99df7d987f097691.dll -> [Ver = | Size = 77895 bytes | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
c815b5b8d7c4f31dc220574352ea1959.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\c815b5b8d7c4f31dc220574352ea1959.dll -> [Ver = | Size = 24650 bytes | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
d6238b26db974c1e3bd964fb70243060.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\d6238b26db974c1e3bd964fb70243060.dll -> [Ver = | Size = 24650 bytes | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\19e26c9d407d5d2e695877d40b8ba245\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\19e26c9d407d5d2e695877d40b8ba245 -> [Folder | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
perl58.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pdk-HP_Administrator\19e26c9d407d5d2e695877d40b8ba245\perl58.dll -> ActiveState, a division of Sophos [Ver = 5,8,3,809 | Size = 798777 bytes | Modified Date = 2/3/2008 1:49:37 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LMouFrc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\LMouFrc.dll -> Logitech Inc. [Ver = 9.41.0 | Size = 152064 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Redist\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Redist -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
PSAPI.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Redist\PSAPI.DLL -> Microsoft Corporation [Ver = 5.00.1641.1 | Size = 17680 bytes | Modified Date = 1/8/2004 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LCOINST.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP\LCOINST.DLL -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 23375 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
LMouFrc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win2K_XP\LMouFrc.dll -> Logitech Inc. [Ver = 9.41.0 | Size = 152064 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win98\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win98 -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LMouFrc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Win98\LMouFrc.dll -> Logitech Inc. [Ver = 9.41.0 | Size = 152064 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinME\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinME -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
LMouFrc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\WinME\LMouFrc.dll -> Logitech Inc. [Ver = 9.41.0 | Size = 152064 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1 -> [Folder | Modified Date = 7/17/2007 10:16:30 PM | Attr = ]
iTutlt.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\iTutlt.dll -> [Ver = | Size = 102400 bytes | Modified Date = 8/8/2002 3:15:50 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK -> [Folder | Modified Date = 7/17/2007 10:16:30 PM | Attr = ]
aamig.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\aamig.dll -> [Ver = | Size = 1502 bytes | Modified Date = 5/15/2002 4:16:08 PM | Attr = ]
msaa2rdk.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\msaa2rdk.dll -> Microsoft Corporation [Ver = 4, 2, 5406, 0 | Size = 40960 bytes | Modified Date = 5/15/2002 4:16:08 PM | Attr = ]
MSAATextA.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\MSAATextA.dll -> Microsoft Corporation [Ver = 2.0.010413.0 | Size = 450560 bytes | Modified Date = 5/15/2002 4:16:08 PM | Attr = ]
MSAATextW.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\MSAATextW.dll -> Microsoft Corporation [Ver = 2.0.010413.0 | Size = 462848 bytes | Modified Date = 5/15/2002 4:16:08 PM | Attr = ]
msoobci.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\msoobci.dll -> Microsoft Corporation [Ver = 5.1.2600.27 (xpclnt_qfe.010827-1803) | Size = 28160 bytes | Modified Date = 5/15/2002 4:16:08 PM | Attr = ]
oleaccA.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\oleaccA.dll -> Microsoft Corporation [Ver = 4.2.5406.0 | Size = 356352 bytes | Modified Date = 5/15/2002 4:16:10 PM | Attr = ]
oleaccrc.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\oleaccrc.dll -> Microsoft Corporation [Ver = 4.2.5406.0 | Size = 356352 bytes | Modified Date = 5/15/2002 4:16:10 PM | Attr = ]
oleaccW.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Redist\MSAA20_RDK\oleaccW.dll -> Microsoft Corporation [Ver = 4.2.5406.0 | Size = 360448 bytes | Modified Date = 5/15/2002 4:16:10 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp -> [Folder | Modified Date = 6/9/2007 11:54:57 PM | Attr = ]
chgicon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\chgicon.dll -> [Ver = | Size = 63916 bytes | Modified Date = 6/30/2000 2:36:04 PM | Attr = ]
ONSCOOLR.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ONSCOOLR.DLL -> Code Jockey - Dedicated to MFC Professionals [Ver = 1, 3, 0, 0 | Size = 82432 bytes | Modified Date = 4/8/1998 12:12:52 PM | Attr = ]
PartUtil.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\PartUtil.dll -> CompuApps Inc., [Ver = V3.14 | Size = 282624 bytes | Modified Date = 12/1/2005 3:45:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 5:34:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp -> [Folder | Modified Date = 6/9/2007 11:56:32 PM | Attr = ]
chgicon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\chgicon.dll -> [Ver = | Size = 63916 bytes | Modified Date = 6/30/2000 2:36:04 PM | Attr = ]
ONSCOOLR.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ONSCOOLR.DLL -> Code Jockey - Dedicated to MFC Professionals [Ver = 1, 3, 0, 0 | Size = 82432 bytes | Modified Date = 4/8/1998 12:12:52 PM | Attr = ]
PartUtil.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\PartUtil.dll -> CompuApps Inc., [Ver = V3.14 | Size = 282624 bytes | Modified Date = 12/1/2005 3:45:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 5:34:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp -> [Folder | Modified Date = 6/9/2007 11:58:56 PM | Attr = ]
chgicon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\chgicon.dll -> [Ver = | Size = 63916 bytes | Modified Date = 6/30/2000 2:36:04 PM | Attr = ]
ONSCOOLR.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ONSCOOLR.DLL -> Code Jockey - Dedicated to MFC Professionals [Ver = 1, 3, 0, 0 | Size = 82432 bytes | Modified Date = 4/8/1998 12:12:52 PM | Attr = ]
PartUtil.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\PartUtil.dll -> CompuApps Inc., [Ver = V3.14 | Size = 282624 bytes | Modified Date = 12/1/2005 3:45:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 5:34:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp -> [Folder | Modified Date = 6/10/2007 12:00:30 AM | Attr = ]
chgicon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\chgicon.dll -> [Ver = | Size = 63916 bytes | Modified Date = 6/30/2000 2:36:04 PM | Attr = ]
ONSCOOLR.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ONSCOOLR.DLL -> Code Jockey - Dedicated to MFC Professionals [Ver = 1, 3, 0, 0 | Size = 82432 bytes | Modified Date = 4/8/1998 12:12:52 PM | Attr = ]
PartUtil.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\PartUtil.dll -> CompuApps Inc., [Ver = V3.14 | Size = 282624 bytes | Modified Date = 12/1/2005 3:45:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 5:34:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp -> [Folder | Modified Date = 6/10/2007 12:00:39 AM | Attr = ]
chgicon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\chgicon.dll -> [Ver = | Size = 63916 bytes | Modified Date = 6/30/2000 2:36:04 PM | Attr = ]
ONSCOOLR.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ONSCOOLR.DLL -> Code Jockey - Dedicated to MFC Professionals [Ver = 1, 3, 0, 0 | Size = 82432 bytes | Modified Date = 4/8/1998 12:12:52 PM | Attr = ]
PartUtil.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\PartUtil.dll -> CompuApps Inc., [Ver = V3.14 | Size = 282624 bytes | Modified Date = 12/1/2005 3:45:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 5:34:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp -> [Folder | Modified Date = 6/10/2007 12:00:58 AM | Attr = ]
chgicon.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\chgicon.dll -> [Ver = | Size = 63916 bytes | Modified Date = 6/30/2000 2:36:04 PM | Attr = ]
ONSCOOLR.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ONSCOOLR.DLL -> Code Jockey - Dedicated to MFC Professionals [Ver = 1, 3, 0, 0 | Size = 82432 bytes | Modified Date = 4/8/1998 12:12:52 PM | Attr = ]
PartUtil.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\PartUtil.dll -> CompuApps Inc., [Ver = V3.14 | Size = 282624 bytes | Modified Date = 12/1/2005 3:45:44 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 5:34:56 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH -> [Folder | Modified Date = 2/11/2008 11:58:44 PM | Attr = ]
_SETUP.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\_SETUP.DLL -> InstallShield Software Corporation, Inc. [Ver = 5.10.146.0 | Size = 11776 bytes | Modified Date = 1/24/1998 6:08:14 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 2:03:58 AM | Attr = ]
AVRES_OPTRF_LiveUpdate.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AVRES_OPTRF_LiveUpdate.dat -> [Ver = | Size = 124 bytes | Modified Date = 6/9/2007 8:42:37 PM | Attr = ]
Perflib_Perfdata_1dc.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_1dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/19/2007 10:13:07 PM | Attr = ]
Perflib_Perfdata_750.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_750.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/25/2008 1:34:45 AM | Attr = ]
Perflib_Perfdata_758.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_758.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/11/2007 11:06:25 PM | Attr = ]
Perflib_Perfdata_780.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_780.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/14/2008 4:43:20 PM | Attr = ]
Perflib_Perfdata_784.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_784.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/25/2008 11:16:56 PM | Attr = ]
Perflib_Perfdata_7bc.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_7bc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/25/2007 11:52:06 PM | Attr = ]
Perflib_Perfdata_948.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_948.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/25/2007 11:51:55 PM | Attr = ]
Perflib_Perfdata_c94.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_c94.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/19/2007 3:30:28 PM | Attr = ]
395 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp -> [Folder | Modified Date = 6/9/2007 11:54:57 PM | Attr = ]
lang.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\lang.dat -> [Ver = | Size = 4679 bytes | Modified Date = 9/18/1998 3:12:08 PM | Attr = ]
ONSICON.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ONSICON.DAT -> [Ver = | Size = 159 bytes | Modified Date = 4/20/1999 2:20:08 PM | Attr = ]
os.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 6:41:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp -> [Folder | Modified Date = 6/9/2007 11:56:32 PM | Attr = ]
lang.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\lang.dat -> [Ver = | Size = 4679 bytes | Modified Date = 9/18/1998 3:12:08 PM | Attr = ]
ONSICON.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ONSICON.DAT -> [Ver = | Size = 159 bytes | Modified Date = 4/20/1999 2:20:08 PM | Attr = ]
os.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 6:41:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp -> [Folder | Modified Date = 6/9/2007 11:58:56 PM | Attr = ]
lang.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\lang.dat -> [Ver = | Size = 4679 bytes | Modified Date = 9/18/1998 3:12:08 PM | Attr = ]
ONSICON.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ONSICON.DAT -> [Ver = | Size = 159 bytes | Modified Date = 4/20/1999 2:20:08 PM | Attr = ]
os.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 6:41:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp -> [Folder | Modified Date = 6/10/2007 12:00:30 AM | Attr = ]
lang.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\lang.dat -> [Ver = | Size = 4679 bytes | Modified Date = 9/18/1998 3:12:08 PM | Attr = ]
ONSICON.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ONSICON.DAT -> [Ver = | Size = 159 bytes | Modified Date = 4/20/1999 2:20:08 PM | Attr = ]
os.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 6:41:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp -> [Folder | Modified Date = 6/10/2007 12:00:39 AM | Attr = ]
lang.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\lang.dat -> [Ver = | Size = 4679 bytes | Modified Date = 9/18/1998 3:12:08 PM | Attr = ]
ONSICON.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ONSICON.DAT -> [Ver = | Size = 159 bytes | Modified Date = 4/20/1999 2:20:08 PM | Attr = ]
os.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 6:41:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp -> [Folder | Modified Date = 6/10/2007 12:00:58 AM | Attr = ]
lang.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\lang.dat -> [Ver = | Size = 4679 bytes | Modified Date = 9/18/1998 3:12:08 PM | Attr = ]
ONSICON.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ONSICON.DAT -> [Ver = | Size = 159 bytes | Modified Date = 4/20/1999 2:20:08 PM | Attr = ]
os.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 6:41:06 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH -> [Folder | Modified Date = 2/11/2008 11:58:44 PM | Attr = ]
LANG.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\LANG.DAT -> [Ver = | Size = 4525 bytes | Modified Date = 10/21/1997 9:20:28 PM | Attr = ]
OS.DAT -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\OS.DAT -> [Ver = | Size = 417 bytes | Modified Date = 5/8/1997 1:15:20 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 2:03:58 AM | Attr = ]
0x0409.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 5/23/2005 3:27:00 PM | Attr = ]
Setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Setup.ini -> [Ver = | Size = 1333 bytes | Modified Date = 5/23/2005 3:27:00 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> [Ver = | Size = 810 bytes | Modified Date = 2/9/2008 11:56:04 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 578 bytes | Modified Date = 2/9/2008 11:56:19 PM | Attr = ]
395 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is16\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is16 -> [Folder | Modified Date = 6/19/2007 2:56:19 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is16\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 6/19/2007 2:56:16 PM | Attr = ]
Setup.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is16\Setup.INI -> [Ver = | Size = 1299 bytes | Modified Date = 6/19/2007 2:56:16 PM | Attr = ]
_ISMSIDEL.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_is16\_ISMSIDEL.INI -> [Ver = | Size = 225 bytes | Modified Date = 6/19/2007 2:56:20 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A} -> [Folder | Modified Date = 6/19/2007 10:14:36 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{5763940F-3D40-4D05-B8CF-106E8C49003A}\corecomp.ini -> [Ver = | Size = 65503 bytes | Modified Date = 11/28/2006 5:09:30 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8 -> [Folder | Modified Date = 6/9/2007 8:49:40 PM | Attr = ]
abcpy.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 11/15/2006 8:38:14 AM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 8/25/2006 10:00:33 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_ -> [Folder | Modified Date = 6/9/2007 8:56:20 PM | Attr = ]
abcpy.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 11/15/2006 8:38:14 AM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8_\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 8/25/2006 10:00:33 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__ -> [Folder | Modified Date = 7/22/2007 12:24:55 AM | Attr = ]
abcpy.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 11/15/2006 8:38:14 AM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Adobe Reader 8__\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 8/25/2006 10:00:33 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye1C6.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye1C6.tmp\Disk1 -> [Folder | Modified Date = 5/31/2008 11:30:47 PM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye1C6.tmp\Disk1\setup.ini -> [Ver = | Size = 466 bytes | Modified Date = 5/31/2008 11:30:47 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye333.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye333.tmp\Disk1 -> [Folder | Modified Date = 6/19/2008 2:25:02 PM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye333.tmp\Disk1\setup.ini -> [Ver = | Size = 714 bytes | Modified Date = 6/19/2008 2:25:02 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3C1.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3C1.tmp\Disk1 -> [Folder | Modified Date = 6/10/2007 10:31:27 AM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3C1.tmp\Disk1\setup.ini -> [Ver = | Size = 715 bytes | Modified Date = 6/10/2007 10:31:21 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3CC.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3CC.tmp\Disk1 -> [Folder | Modified Date = 6/10/2007 10:32:29 AM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\bye3CC.tmp\Disk1\setup.ini -> [Ver = | Size = 715 bytes | Modified Date = 6/10/2007 10:32:29 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer -> [Folder | Modified Date = 4/7/2008 4:26:47 PM | Attr = ]
setup2.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Installer\setup2.ini -> [Ver = | Size = 7615 bytes | Modified Date = 6/30/2006 9:24:27 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iss1B.tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iss1B.tmp\ -> [Folder | Modified Date = 6/19/2007 10:14:30 PM | Attr = ]
setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iss1B.tmp\setup.ini -> [Ver = | Size = 862 bytes | Modified Date = 6/19/2007 10:14:30 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OLSUpdate\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OLSUpdate -> [Folder | Modified Date = 6/10/2007 1:58:27 PM | Attr = ]
CRMessages.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OLSUpdate\CRMessages.ini -> [Ver = | Size = 10034 bytes | Modified Date = 6/10/2007 1:57:16 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
Setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Setup.ini -> [Ver = | Size = 131 bytes | Modified Date = 1/8/2004 11:22:50 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Others\eBay\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Others\eBay -> [Folder | Modified Date = 7/17/2007 4:30:44 PM | Attr = ]
ebay.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pft1116~tmp\Others\eBay\ebay.ini -> [Ver = | Size = 875 bytes | Modified Date = 1/8/2004 11:20:58 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1 -> [Folder | Modified Date = 7/17/2007 10:16:30 PM | Attr = ]
Setup.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAD.tmp\Disk1\Setup.ini -> [Ver = | Size = 128 bytes | Modified Date = 3/18/2004 9:42:40 AM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp -> [Folder | Modified Date = 6/9/2007 11:54:57 PM | Attr = ]
ONSICON.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\ONSICON.INI -> [Ver = | Size = 598 bytes | Modified Date = 4/20/1999 12:53:16 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\SETUP.INI -> [Ver = | Size = 111 bytes | Modified Date = 11/26/2005 7:42:04 PM | Attr = ]
SKLANG.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\SKLANG.INI -> [Ver = | Size = 2799 bytes | Modified Date = 11/26/2005 7:45:14 PM | Attr = ]
SWISV3.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\SWISV3.INI -> [Ver = | Size = 543 bytes | Modified Date = 4/7/2005 11:59:06 AM | Attr = ]
VERSION.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftAF~tmp\VERSION.INI -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2005 4:04:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp -> [Folder | Modified Date = 6/9/2007 11:56:32 PM | Attr = ]
ONSICON.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\ONSICON.INI -> [Ver = | Size = 598 bytes | Modified Date = 4/20/1999 12:53:16 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\SETUP.INI -> [Ver = | Size = 111 bytes | Modified Date = 11/26/2005 7:42:04 PM | Attr = ]
SKLANG.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\SKLANG.INI -> [Ver = | Size = 2799 bytes | Modified Date = 11/26/2005 7:45:14 PM | Attr = ]
SWISV3.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\SWISV3.INI -> [Ver = | Size = 543 bytes | Modified Date = 4/7/2005 11:59:06 AM | Attr = ]
VERSION.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB1~tmp\VERSION.INI -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2005 4:04:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp -> [Folder | Modified Date = 6/9/2007 11:58:56 PM | Attr = ]
ONSICON.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\ONSICON.INI -> [Ver = | Size = 598 bytes | Modified Date = 4/20/1999 12:53:16 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\SETUP.INI -> [Ver = | Size = 111 bytes | Modified Date = 11/26/2005 7:42:04 PM | Attr = ]
SKLANG.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\SKLANG.INI -> [Ver = | Size = 2799 bytes | Modified Date = 11/26/2005 7:45:14 PM | Attr = ]
SWISV3.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\SWISV3.INI -> [Ver = | Size = 543 bytes | Modified Date = 4/7/2005 11:59:06 AM | Attr = ]
VERSION.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB5~tmp\VERSION.INI -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2005 4:04:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp -> [Folder | Modified Date = 6/10/2007 12:00:30 AM | Attr = ]
ONSICON.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\ONSICON.INI -> [Ver = | Size = 598 bytes | Modified Date = 4/20/1999 12:53:16 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\SETUP.INI -> [Ver = | Size = 111 bytes | Modified Date = 11/26/2005 7:42:04 PM | Attr = ]
SKLANG.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\SKLANG.INI -> [Ver = | Size = 2799 bytes | Modified Date = 11/26/2005 7:45:14 PM | Attr = ]
SWISV3.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\SWISV3.INI -> [Ver = | Size = 543 bytes | Modified Date = 4/7/2005 11:59:06 AM | Attr = ]
VERSION.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB7~tmp\VERSION.INI -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2005 4:04:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp -> [Folder | Modified Date = 6/10/2007 12:00:39 AM | Attr = ]
ONSICON.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\ONSICON.INI -> [Ver = | Size = 598 bytes | Modified Date = 4/20/1999 12:53:16 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\SETUP.INI -> [Ver = | Size = 111 bytes | Modified Date = 11/26/2005 7:42:04 PM | Attr = ]
SKLANG.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\SKLANG.INI -> [Ver = | Size = 2799 bytes | Modified Date = 11/26/2005 7:45:14 PM | Attr = ]
SWISV3.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\SWISV3.INI -> [Ver = | Size = 543 bytes | Modified Date = 4/7/2005 11:59:06 AM | Attr = ]
VERSION.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftB8~tmp\VERSION.INI -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2005 4:04:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp -> [Folder | Modified Date = 6/10/2007 12:00:58 AM | Attr = ]
ONSICON.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\ONSICON.INI -> [Ver = | Size = 598 bytes | Modified Date = 4/20/1999 12:53:16 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\SETUP.INI -> [Ver = | Size = 111 bytes | Modified Date = 11/26/2005 7:42:04 PM | Attr = ]
SKLANG.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\SKLANG.INI -> [Ver = | Size = 2799 bytes | Modified Date = 11/26/2005 7:45:14 PM | Attr = ]
SWISV3.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\SWISV3.INI -> [Ver = | Size = 543 bytes | Modified Date = 4/7/2005 11:59:06 AM | Attr = ]
VERSION.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pftBA~tmp\VERSION.INI -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2005 4:04:48 PM | Attr = ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH -> [Folder | Modified Date = 2/11/2008 11:58:44 PM | Attr = ]
SETUP.INI -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPANISH\SETUP.INI -> [Ver = | Size = 76 bytes | Modified Date = 1/18/2002 8:45:46 AM | Attr = ]
C:\WINDOWS\Temp\pdk-SYSTEM\ -> C:\WINDOWS\Temp\pdk-SYSTEM -> [Folder | Modified Date = 6/10/2007 1:32:45 PM | Attr = ]
056721307e354d83addd03bdfc5c4d54.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\056721307e354d83addd03bdfc5c4d54.dll -> [Ver = | Size = 28745 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = ]
1a657931d78ddcfa584e65d2115500be.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\1a657931d78ddcfa584e65d2115500be.dll -> [Ver = | Size = 24641 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
2d6f1145555608861b5ad67752346ccf.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\2d6f1145555608861b5ad67752346ccf.dll -> [Ver = | Size = 32867 bytes | Modified Date = 6/10/2007 1:32:45 PM | Attr = R ]
490337bdcf639439f186e2fd528fb0b3.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\490337bdcf639439f186e2fd528fb0b3.dll -> [Ver = | Size = 77925 bytes | Modified Date = 6/10/2007 1:32:45 PM | Attr = R ]
8559f0a5de4aeae630ab829edac0de98.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\8559f0a5de4aeae630ab829edac0de98.dll -> [Ver = | Size = 82032 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
b40afc4ad6d3dc7069afe736e6017337.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\b40afc4ad6d3dc7069afe736e6017337.dll -> [Ver = | Size = 20561 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
b886f5e90b51cd2f24df88d6ae161c21.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\b886f5e90b51cd2f24df88d6ae161c21.dll -> [Ver = | Size = 24654 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
c815b5b8d7c4f31dc220574352ea1959.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\c815b5b8d7c4f31dc220574352ea1959.dll -> [Ver = | Size = 24650 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
d07294610b5173a78e2c7609b703eadc.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d07294610b5173a78e2c7609b703eadc.dll -> [Ver = | Size = 24647 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
d6238b26db974c1e3bd964fb70243060.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d6238b26db974c1e3bd964fb70243060.dll -> [Ver = | Size = 24650 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
C:\WINDOWS\Temp\pdk-SYSTEM\19e26c9d407d5d2e695877d40b8ba245\ -> C:\WINDOWS\Temp\pdk-SYSTEM\19e26c9d407d5d2e695877d40b8ba245 -> [Folder | Modified Date = 6/10/2007 1:32:44 PM | Attr = ]
perl58.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\19e26c9d407d5d2e695877d40b8ba245\perl58.dll -> ActiveState, a division of Sophos [Ver = 5,8,3,809 | Size = 798777 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/20/2008 2:04:23 AM | Attr = ]
Perflib_Perfdata_12e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_12e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/16/2008 2:29:25 AM | Attr = ]
Perflib_Perfdata_cf4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cf4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/19/2008 2:28:51 PM | Attr = ]

< End of report >
[/code]

Shaba
2008-08-20, 12:16
You have a lot of temp files.

Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

After that:

Open OTScanIt.

Paste text below to Paste Fix here (upper right corner)


[Files/Folders - Created Within 30 days]
NY -> bmjxohpq.dll -> %SystemRoot%\System32\bmjxohpq.dll
NY -> dpavutcx.ini -> %SystemRoot%\System32\dpavutcx.ini
NY -> iuoytwsh.dll -> %SystemRoot%\System32\iuoytwsh.dll
NY -> jepnuydj.ini -> %SystemRoot%\System32\jepnuydj.ini
NY -> mprryd.dll -> %SystemRoot%\System32\mprryd.dll
NY -> ndpdroac.dll -> %SystemRoot%\System32\ndpdroac.dll
NY -> ngzwdp.dll -> %SystemRoot%\System32\ngzwdp.dll
NY -> nhqjbovt.dll -> %SystemRoot%\System32\nhqjbovt.dll
NY -> npjamthw.ini -> %SystemRoot%\System32\npjamthw.ini
NY -> olflwmrk.ini -> %SystemRoot%\System32\olflwmrk.ini
NY -> rubwtm.dll -> %SystemRoot%\System32\rubwtm.dll
NY -> wdrjndba.dll -> %SystemRoot%\System32\wdrjndba.dll

Click Run Fix

If it doesn't run scan automatically, click Run Scan

Post back a fresh OTScanIt log, please.

Speeddemon
2008-08-20, 12:20
OTScanIt logfile created on: 8/20/2008 2:20:06 AM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 56.93% Memory free
2.70 Gb Paging File | 2.20 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.31 Gb Total Space | 48.55 Gb Free Space | 35.88% Space Free | Partition Type: NTFS
Drive D: | 135.31 Gb Total Space | 100.91 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
Drive E: | 8.82 Gb Total Space | 0.58 Gb Free Space | 6.61% Space Free | Partition Type: FAT32
Drive F: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPEED
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
hottproxy.exe -> %UserProfile%\My Documents\hottproxy\HoTTProxy.exe -> AWE Technology, Inc. [Ver = 0.24.0.0 | Size = 1237054 bytes | Modified Date = 10/9/2005 10:15:44 PM | Attr = ]
taskswitch.exe -> %SystemRoot%\system32\TaskSwitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 5:30:00 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr = ]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/6/2006 4:07:31 PM | Attr = ]
xmousebuttoncontrol.exe -> %ProgramFiles%\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe -> Highresolution Enterprises [Ver = 1.34.0.0 | Size = 356352 bytes | Modified Date = 7/18/2007 9:13:56 PM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.1.7.0 | Size = 16855552 bytes | Modified Date = 10/25/2007 4:57:56 AM | Attr = ]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/4/2008 1:13:59 AM | Attr = ]
cfp.exe -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> [Ver = | Size = 1655552 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:50:00 AM | Attr = ]
iam.exe -> %ProgramFiles%\CallWave\IAM.exe -> CallWave, Inc. [Ver = 4.0.11 (20-Feb-2008) | Size = 1940280 bytes | Modified Date = 3/14/2008 9:19:41 PM | Attr = ]
trillian.exe -> %ProgramFiles%\Trillian4\trillian.exe -> Cerulean Studios [Ver = 4, 0, 0, 83 | Size = 1597288 bytes | Modified Date = 7/18/2008 | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 11:19:16 PM | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/4/2008 1:13:55 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 4:08:48 AM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/15/2007 10:29:14 AM | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 7/4/2008 1:13:53 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 9:04:38 AM | Attr = ]
safari.exe -> %ProgramFiles%\Safari\Safari.exe -> Apple Inc. [Ver = 3.1.2 (525.21) | Size = 3463976 bytes | Modified Date = 6/17/2008 4:16:12 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/16/2008 2:25:04 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/16/2008 2:25:04 AM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 6/10/2007 10:09:20 AM | Attr = ]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 11:19:16 PM | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 7/4/2008 1:13:55 AM | Attr = ]
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 4:08:48 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/15/2007 10:29:14 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ]
Alcmtr -> [ALCMTR.EXE] -> File not found
AlwaysReady Power Message APP -> [ARPWRMSG.EXE] -> File not found
amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe [C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe] -> AMD [Ver = 1, 1, 1, 0 | Size = 77824 bytes | Modified Date = 11/17/2006 4:49:48 PM | Attr = ]
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/4/2008 1:13:59 AM | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe ["C:\Program Files\COMODO\Firewall\cfp.exe" -h] -> [Ver = | Size = 1655552 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
CoolSwitch -> %SystemRoot%\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 5:30:00 PM | Attr = ]
ftutil2 -> [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> File not found
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/15/2006 10:34:58 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr = ]
KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found
Logitech Utility -> [Logi_MwX.Exe] -> File not found
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 86016 bytes | Modified Date = 5/9/2006 3:50:00 PM | Attr = ]
nwiz -> [nwiz.exe /install] -> File not found
PCDrProfiler -> [] -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/22/2005 10:14:00 PM | Attr = ]
RTHDCPL -> [RTHDCPL.EXE] -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/6/2006 4:07:31 PM | Attr = ]
XMouseButton -> %ProgramFiles%\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe [C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe] -> Highresolution Enterprises [Ver = 1.34.0.0 | Size = 356352 bytes | Modified Date = 7/18/2007 9:13:56 PM | Attr = ]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe [C:\Program Files\Logitech\iTouch\iTouch.exe] -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\CallWave.lnk -> %ProgramFiles%\CallWave\IAM.exe -> CallWave, Inc. [Ver = 4.0.11 (20-Feb-2008) | Size = 1940280 bytes | Modified Date = 3/14/2008 9:19:41 PM | Attr = ]
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 8:16:50 PM | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\Trillian.lnk -> %ProgramFiles%\Trillian4\trillian.exe -> Cerulean Studios [Ver = 4, 0, 0, 83 | Size = 1597288 bytes | Modified Date = 7/18/2008 | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKEY_LOCAL_MACHINE] -> [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/14/2008 5:42:40 AM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ]
Control_RunDLL "sysdm.cpl" -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> -> File not found
cryptnet -> -> File not found
cscdll -> -> File not found
ScCertProp -> -> File not found
Schedule -> -> File not found
sclgntfy -> -> File not found
SensLogn -> -> File not found
termsrv -> -> File not found
WBSrv -> -> File not found
WgaLogon -> -> File not found
wlballoon -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> system32\DRIVERS\cdrom.sys ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-H652L_______________0803____\5&3b3c1941&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_TO3241S&Prod_POH990T&Rev_1.0\5&2c4f72d4&0&000 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 100 bytes | Modified Date = 10/6/2006 4:20:30 PM | Attr = ]
autoexec.bat [REM Dummy file for NTVDM | ] -> D:\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 2:43:36 PM | Attr = ]
AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 8:07:38 AM | Attr = HS]
autorun [] -> F:\autorun.exe [ UDF ] -> [Ver = 1, 0, 0, 1 | Size = 4386816 bytes | Modified Date = 9/25/2006 9:01:39 AM | Attr = R ]
Autorun.exe [MZ | ] -> F:\Autorun.exe [ UDF ] -> [Ver = 1, 0, 0, 1 | Size = 4386816 bytes | Modified Date = 9/25/2006 9:01:39 AM | Attr = R ]
Autorun.inf [[autorun] | icon=bf2142.ico | open=Autorun.exe | ] -> F:\Autorun.inf [ UDF ] -> [Ver = | Size = 46 bytes | Modified Date = 9/25/2006 9:01:39 AM | Attr = R ]
< HOSTS File > (186781 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3618 domain(s) found. ->
30 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3617 domain(s) found. ->
29 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{94F3B0A3-6D1F-4885-9646-06338A01A56C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{97ebdf3e-1c3e-4aaf-9cc1-2300c855b1e6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rubwtm.dll [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
&Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3577BB0A-25A0-43B8-9940-64FF1ECCCC5F} -> (1394 Net Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{9CA9167E-A38F-4A9C-B01A-8525D65A9534} -> (NVIDIA nForce Networking Controller) ->
{A9C2E3A9-F70D-4F4B-BFC9-14DF71CBCBC7} -> () ->
{B54AF089-0DAE-4564-8647-EDC640897349} -> (Linksys Wireless-G PCI Adapter with SpeedBooster) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found
application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found
application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> [Cor MIME Filter, CorFltr, CorFltr 1] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab[Windows Live Safety Center Base Module] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> ->



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 8/16/2008 2:16:46 PM | Attr = RH ]
1 C:\*.tmp files -> C:\*.tmp ->
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Created Date = 8/19/2008 12:59:29 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 8/17/2008 8:25:44 PM | Attr = ]
cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Created Date = 8/20/2008 1:15:22 AM | Attr = ]
cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Created Date = 8/20/2008 1:15:22 AM | Attr = ]
inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Created Date = 8/20/2008 1:15:23 AM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/19/2008 1:44:09 AM | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/19/2008 1:44:08 AM | Attr = ]
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 143104 bytes | Created Date = 8/20/2008 1:15:23 AM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/22/2008 10:53:08 PM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/22/2008 10:53:08 PM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/22/2008 10:53:08 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 8/20/2008 2:03:58 AM | Attr = H ]
1 C:\*.tmp files -> C:\*.tmp ->
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 8/16/2008 2:16:46 PM | Attr = RH ]
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Modified Date = 8/19/2008 1:20:21 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/18/2008 11:28:18 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/19/2008 1:07:46 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 8/17/2008 8:25:44 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/20/2008 1:51:52 AM | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 8/19/2008 11:10:24 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 26469824 bytes | Modified Date = 8/19/2008 11:10:23 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 50972 bytes | Modified Date = 8/19/2008 11:10:23 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Modified Date = 8/8/2008 8:22:55 AM | Attr = ]
cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr = ]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 8/2/2008 9:54:18 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/16/2008 2:06:30 AM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/13/2008 3:10:01 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/20/2008 1:48:04 AM | Attr = ]
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 143104 bytes | Modified Date = 8/20/2008 1:15:19 AM | Attr = ]
inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 8/20/2008 1:53:08 AM | Attr = ]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 76936 bytes | Modified Date = 8/18/2008 10:59:54 PM | Attr = H ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 81280 bytes | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 479204 bytes | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 571226 bytes | Modified Date = 8/20/2008 1:53:22 AM | Attr = ]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 8/2/2008 9:53:22 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/19/2008 1:07:46 AM | Attr = ]
ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Modified Date = 8/1/2008 2:29:41 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/17/2008 8:43:38 PM | Attr = ]
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [Ver = | Size = 246 bytes | Modified Date = 8/20/2008 1:49:51 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/13/2008 3:09:53 AM | Attr = H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
(null)toolkit.ini -> %SystemRoot%\(null)toolkit.ini -> [Ver = | Size = 99 bytes | Modified Date = 8/18/2008 10:33:44 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/20/2008 1:48:33 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/17/2008 8:21:51 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/16/2008 2:06:45 AM | Attr = S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/13/2008 3:05:57 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/16/2008 2:12:15 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/18/2008 11:30:18 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/17/2008 8:21:51 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/20/2008 2:18:45 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/19/2008 9:50:28 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/20/2008 1:51:09 AM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/20/2008 2:19:29 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/20/2008 2:19:29 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 760 bytes | Modified Date = 8/13/2008 3:03:48 AM | Attr = ]
HoTTProxy.job -> %SystemRoot%\tasks\HoTTProxy.job -> [Ver = | Size = 468 bytes | Modified Date = 8/20/2008 1:48:38 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/20/2008 1:48:38 AM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 10/6/2006 4:14:03 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4646 bytes | Modified Date = 8/12/2008 8:00:23 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/12/2008 8:00:24 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/11/2007 11:32:45 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/11/2007 11:32:45 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 5/6/2008 3:13:02 PM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/30/2008 10:10:34 PM | Attr = ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 4/30/2008 10:11:02 PM | Attr = ]
C:\WINDOWS\Temp\pdk-SYSTEM\ -> C:\WINDOWS\Temp\pdk-SYSTEM -> [Folder | Modified Date = 6/10/2007 1:32:45 PM | Attr = ]
056721307e354d83addd03bdfc5c4d54.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\056721307e354d83addd03bdfc5c4d54.dll -> [Ver = | Size = 28745 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = ]
1a657931d78ddcfa584e65d2115500be.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\1a657931d78ddcfa584e65d2115500be.dll -> [Ver = | Size = 24641 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
2d6f1145555608861b5ad67752346ccf.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\2d6f1145555608861b5ad67752346ccf.dll -> [Ver = | Size = 32867 bytes | Modified Date = 6/10/2007 1:32:45 PM | Attr = R ]
490337bdcf639439f186e2fd528fb0b3.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\490337bdcf639439f186e2fd528fb0b3.dll -> [Ver = | Size = 77925 bytes | Modified Date = 6/10/2007 1:32:45 PM | Attr = R ]
8559f0a5de4aeae630ab829edac0de98.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\8559f0a5de4aeae630ab829edac0de98.dll -> [Ver = | Size = 82032 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
b40afc4ad6d3dc7069afe736e6017337.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\b40afc4ad6d3dc7069afe736e6017337.dll -> [Ver = | Size = 20561 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
b886f5e90b51cd2f24df88d6ae161c21.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\b886f5e90b51cd2f24df88d6ae161c21.dll -> [Ver = | Size = 24654 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
c815b5b8d7c4f31dc220574352ea1959.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\c815b5b8d7c4f31dc220574352ea1959.dll -> [Ver = | Size = 24650 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
d07294610b5173a78e2c7609b703eadc.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d07294610b5173a78e2c7609b703eadc.dll -> [Ver = | Size = 24647 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
d6238b26db974c1e3bd964fb70243060.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d6238b26db974c1e3bd964fb70243060.dll -> [Ver = | Size = 24650 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = R ]
C:\WINDOWS\Temp\pdk-SYSTEM\19e26c9d407d5d2e695877d40b8ba245\ -> C:\WINDOWS\Temp\pdk-SYSTEM\19e26c9d407d5d2e695877d40b8ba245 -> [Folder | Modified Date = 6/10/2007 1:32:44 PM | Attr = ]
perl58.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\19e26c9d407d5d2e695877d40b8ba245\perl58.dll -> ActiveState, a division of Sophos [Ver = 5,8,3,809 | Size = 798777 bytes | Modified Date = 6/10/2007 1:32:44 PM | Attr = ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/20/2008 2:19:34 AM | Attr = ]
Perflib_Perfdata_12e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_12e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/16/2008 2:29:25 AM | Attr = ]
Perflib_Perfdata_cf4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cf4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/19/2008 2:28:51 PM | Attr = ]

< End of report >

Speeddemon
2008-08-20, 12:21
sorry about the way that one formatted. i have no idea why.

Shaba
2008-08-20, 12:34
No problem :)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94F3B0A3-6D1F-4885-9646-06338A01A56C} - (no file)

Close all windows including browser and press fix checked.

Reboot.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Speeddemon
2008-08-21, 12:22
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 21, 2008 02:51:15
Records in database: 1116274
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 238581
Threat name: 5
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 06:24:16


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt\MovedFiles\08202008_021911\C_WINDOWS\System32\bmjxohpq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cqo 1
C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt\MovedFiles\08202008_021911\C_WINDOWS\System32\mprryd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cpw 1
C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt\MovedFiles\08202008_021911\C_WINDOWS\System32\ndpdroac.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cpw 1
C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt\MovedFiles\08202008_021911\C_WINDOWS\System32\ngzwdp.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cqo 1
D:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
D:\Users\Speeddemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCYYB2RV\asktoolbar[1].exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk 1
E:\I386\APPS\APP11902\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
E:\I386\APPS\APP11902\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.



HJT report:
----------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:11 AM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\HP_Administrator\My Documents\hottproxy\HoTTProxy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Trillian4\trillian.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\eHome\RMSysTry.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Speeddemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {6e1b558c-0032-1cc9-faa4-e3c1e3fdbe79} - {97ebdf3e-1c3e-4aaf-9cc1-2300c855b1e6} - C:\WINDOWS\system32\rubwtm.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian4\trillian.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9674 bytes

Shaba
2008-08-21, 12:32
Open HijackThis, click do a system scan only and checkmark these:


O2 - BHO: {6e1b558c-0032-1cc9-faa4-e3c1e3fdbe79} - {97ebdf3e-1c3e-4aaf-9cc1-2300c855b1e6} - C:\WINDOWS\system32\rubwtm.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Close all windows including browser and press fix checked.

Reboot.

Uninstall via add/remove programs:

AskPBar or similar

Delete this:

D:\Program Files\AskPBar\

Empty this folder:

C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt\MovedFiles\

Empty Recycle Bin.

Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Still problems?

Speeddemon
2008-08-21, 12:58
well it seems to be clean. no pop ups anymore, and it is actually running a tad faster, probably due to the cleaning of the temp files. Thank you so much!

Oh and that AskPBar was on my D drive cuz that was part of Vista. I have a dualboot machine. Tempted to quadboot.

Shaba
2008-08-21, 13:10
You mean that it is originally part of HP software?

Speeddemon
2008-08-21, 13:18
No, that is something that is/was installed in my second operating system. I have both XP and Vista on my machine. It was probably some extra thing installed when I downloaded something in Vista, but oddly it was attached to IE and I dont use IE.

Shaba
2008-08-21, 13:23
OK, then you can uninstall it via that another OS.

Still some issues left?

Speeddemon
2008-08-21, 13:29
Doesnt seem to be any issues :)

Thankyou!

Shaba
2008-08-21, 13:32
Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Shaba
2008-08-23, 12:22
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.