Computer Hope
Software => Computer viruses and spyware => Topic started by: cyborg3 on February 08, 2010, 06:27:30 PM
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/08/2010 at 01:41 PM
Application Version : 4.33.1000
Core Rules Database Version : 4563
Trace Rules Database Version: 2375
Scan type : Complete Scan
Total Scan Time : 03:21:05
Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 8098
Registry threats detected : 0
File items scanned : 225806
File threats detected : 0
Malwarebytes' Anti-Malware 1.44
Database version: 3709
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/8/2010 7:26:44 PM
mbam-log-2010-02-08 (19-26-44).txt
Scan type: Quick Scan
Objects scanned: 142859
Time elapsed: 17 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:35 PM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263850340156
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
--
End of file - 11958 bytes
I am running SP3 and Java 6 update 18. I recently uninstalled Norton 360 which found no problems, and downloaded and install McAfee Security Suite. I found 4 trojan incidents and 2 more risk. All of the were removed.
When I got the Failure to load message I went to task manager, right clicked the failure notice, clicked on go to process. That took me to rundll32.exe. From there I didn't know how to fix it and I read Patio's stuff.
Bye the way Thank you all.
-
Did you install anything new around the time this started happening?
Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
http://www.computerhope.com/forum/index.php/topic,99072.30.html
I should have posted this with the last post.
-
Okay. Let's have a look at the DDS logs.
-
http://www.computerhope.com/forum/index.php/topic,99072.30.html
I should have posted this with the last post.
DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 22:27:23.71 on Mon 02/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.905 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\hp_administrator.your-55e5f9e3d2\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\hp_administrator.your-55e5f9e3d2\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [KBD] c:\hp\kbd\KBD.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263850340156
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-6 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-6 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-2-6 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-2-6 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-6 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-6 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-6 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-6 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
=============== Created Last 30 ================
2010-02-08 19:35:44 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\Malwarebytes
2010-02-08 19:35:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 19:35:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 19:35:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 19:35:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-07 22:46:37 32824 ----a-w- c:\windows\system32\rrMon.sys
2010-02-07 22:46:31 0 d-----w- c:\program files\Registrar Registry Manager
2010-02-07 01:13:29 9353 ----a-w- c:\windows\system32\Config.MPF
2010-02-07 01:10:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-07 01:10:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-07 01:10:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-07 01:10:43 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-02-07 01:10:12 0 d-----w- c:\program files\common files\McAfee
2010-02-07 01:10:11 0 d-----w- c:\program files\McAfee.com
2010-02-07 01:10:02 0 d-----w- c:\program files\McAfee
2010-02-07 01:07:48 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-07 00:40:50 282112 ----a-w- c:\windows\system32\TBD1CC.tmp
2010-02-06 23:59:04 282112 ----a-w- c:\windows\system32\TBD16E.tmp
2010-02-06 23:55:43 282112 ----a-w- c:\windows\system32\TBD117.tmp
2010-02-06 23:47:24 282112 ----a-w- c:\windows\system32\TBDBC.tmp
2010-02-06 23:32:12 282112 ----a-w- c:\windows\system32\TBD64.tmp
2010-02-06 21:46:45 0 d-----w- c:\program files\NortonInstaller
2010-02-01 03:12:10 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2010-02-01 03:12:09 0 d-----w- c:\program files\PC Inspector File Recovery
2010-01-28 21:34:17 0 d-----w- c:\program files\Trend Micro
2010-01-28 18:59:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-28 18:59:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 12:44:47 0 d-----w- c:\program files\Ask.com
2010-01-27 12:44:23 0 d-----w- c:\program files\Glary Utilities
2010-01-25 23:51:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-25 23:51:17 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\SUPERAntiSpyware.com
2010-01-25 22:11:20 0 d-----w- c:\program files\True Sword 5
2010-01-25 00:27:39 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-21 03:59:53 64 ----a-w- c:\documents and settings\hp_administrator.your-55e5f9e3d2\default.pls
2010-01-19 13:36:25 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca990c65af4cc8.mof
2010-01-19 13:04:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-19 13:04:53 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-01-19 00:54:38 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-01-18 20:39:30 0 dc-h--w- c:\windows\ie8
2010-01-18 04:39:15 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-01-17 22:26:39 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\OpenOffice.org
2010-01-17 22:20:18 0 d-----w- c:\program files\Shermans
2010-01-17 22:20:18 0 d-----w- c:\program files\Atrinsic
2010-01-17 20:50:38 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\StarOffice8
2010-01-17 20:34:03 0 d-----w- c:\program files\AVN Products
2010-01-17 20:21:17 0 d-----w- c:\windows\system32\NtmsData
2010-01-17 18:08:49 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\GlarySoft
2010-01-17 17:32:38 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\DriverCure
2010-01-17 17:32:24 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
2010-01-17 17:32:23 0 d-----w- c:\program files\ParetoLogic
2010-01-17 17:11:22 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\HpUpdate
2010-01-17 10:02:18 66496 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-17 05:08:40 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\avidemux
2010-01-16 20:12:58 86016 ----a-w- c:\windows\unvise32qt.exe
2010-01-16 20:12:52 9707 ----a-w- c:\windows\system32\QuickTime.qtp
2010-01-16 17:24:41 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-16 17:24:41 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-16 04:42:57 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2010-01-16 04:42:57 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-01-16 04:42:57 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-01-16 04:42:57 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-01-16 04:42:57 1241088 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui
2010-01-16 04:23:21 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-01-16 04:23:21 24576 ----a-w- c:\windows\system32\dllcache\kbdclass.sys
2010-01-16 04:23:21 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-01-16 04:23:20 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-01-16 04:23:20 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-01-15 19:23:48 17176 ------w- c:\windows\hpomdl04.dat.temp
2010-01-15 19:23:48 104279 ------w- c:\windows\hpoins04.dat.temp
2010-01-15 14:11:04 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\mjusbsp
2010-01-15 13:38:32 0 d-----w- c:\windows\system32\appmgmt
2010-01-15 00:14:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-01-14 23:52:07 0 d-----w- c:\windows\system32\drivers\N360
2010-01-14 20:00:17 0 d-sh--w- c:\documents and settings\hp_administrator.your-55e5f9e3d2\PrivacIE
2010-01-14 20:00:16 0 d-sh--w- c:\documents and settings\hp_administrator.your-55e5f9e3d2\IECompatCache
2010-01-14 19:58:19 23082 ------w- c:\windows\hpqins15.dat.temp
2010-01-14 19:56:48 22725 ----a-w- c:\windows\hpqins15.dat
2010-01-14 19:27:17 0 d-sh--w- c:\documents and settings\hp_administrator.your-55e5f9e3d2\IETldCache
2010-01-14 19:24:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-14 19:24:39 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-14 19:24:39 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-14 19:24:39 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-14 19:24:39 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-14 19:24:39 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-14 19:24:34 0 d-----w- c:\windows\ie8updates
2010-01-14 19:24:32 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 18:44:49 0 d-----w- c:\windows\system32\scripting
2010-01-14 18:44:49 0 d-----w- c:\windows\system32\bits
2010-01-14 18:31:58 974 ------w- c:\windows\system32\pid.inf
2010-01-14 17:30:21 282624 ----a-r- c:\windows\system32\SETCF.tmp
2010-01-14 16:41:13 0 d-----w- c:\program files\ShowMyPCService
2010-01-14 16:17:17 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-14 16:17:17 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-14 16:15:40 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-14 16:15:08 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-14 16:15:00 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-14 16:14:59 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-14 16:13:40 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-14 16:13:37 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-14 16:11:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-14 16:11:29 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-14 16:11:21 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-14 16:10:03 0 d-sh--r- C:\cmdcons
2010-01-14 16:09:40 0 d-----w- c:\windows\setupupd
2010-01-14 06:14:59 0 d-----w- c:\windows\system32\PreInstall
2010-01-14 06:12:15 0 d-sh--w- c:\documents and settings\hp_administrator.your-55e5f9e3d2\UserData
2010-01-14 06:00:27 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2010-01-14 06:00:12 0 d-----w- c:\windows\system32\Lang
2010-01-14 05:59:55 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-01-14 05:59:00 1974 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PX759AA-ABA a1120n_YC_0Pavi_QCNH522_E53NAsyEPC1_47_ IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXP2_L409_M152 8_J200_7Intel_8Pentium 4_93.06_#050718_N10EC8139_Z11C1048C_G80862582.MRK
2010-01-14 05:55:25 0 d-----w- c:\windows\system32\RTCOM
2010-01-14 05:52:35 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-14 03:37:46 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-14 03:37:39 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-14 03:37:36 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-01-14 03:37:27 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-14 03:37:24 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-14 03:37:19 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-14 03:30:56 94208 ----a-w- c:\windows\DUMPa0c4.tmp
2010-01-14 03:30:56 94208 ----a-w- c:\windows\DUMP8339.tmp
2010-01-14 03:00:24 0 d-sh--r- c:\windows\system32\dllcache
2010-01-14 00:30:38 0 d-----w- c:\program files\common files\PC Tools
==================== Find3M ====================
2010-01-14 23:52:33 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-14 23:52:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-14 17:38:55 144001 ----a-w- c:\windows\hpoins16.dat
2010-01-14 06:06:40 69069 ----a-w- c:\windows\hpoins05.dat
2010-01-05 23:04:02 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2005-12-11 18:11:30 251 ----a-w- c:\program files\wt3d.ini
2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-02-14 03:14:58 266843 ----a-w- c:\program files\nistime-32bit.exe
2005-07-21 03:54:32 22 --sha-w- c:\windows\sminst\HPCD.sys
============= FINISH: 22:28:52.92 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2010 12:56:13 AM
System Uptime: 2/8/2010 4:49:02 PM (6 hours ago)
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 178 GiB total, 89.818 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.439 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is CDROM (CDFS)
M: is Removable
N: is Removable
O: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service:
==== System Restore Points ===================
RP1: 1/29/2010 9:34:45 PM - System Checkpoint
RP2: 1/29/2010 11:51:45 PM - Software Distribution Service 3.0
RP3: 1/30/2010 9:30:45 PM - Installed SUPERAntiSpyware Free Edition
RP4: 1/30/2010 11:23:41 PM - Software Distribution Service 3.0
RP5: 1/31/2010 6:13:47 PM - Installed Adobe Reader 9.3.
RP6: 1/31/2010 10:12:09 PM - Installed PC Inspector File Recovery
RP7: 1/31/2010 10:28:16 PM - Software Distribution Service 3.0
RP8: 2/1/2010 10:44:21 PM - System Checkpoint
RP9: 2/1/2010 11:21:29 PM - Software Distribution Service 3.0
RP10: 2/2/2010 10:04:33 AM - Removed HPSSupply
RP11: 2/2/2010 11:27:11 PM - Software Distribution Service 3.0
RP12: 2/3/2010 7:04:47 AM - Software Distribution Service 3.0
RP13: 2/3/2010 10:01:09 AM - Software Distribution Service 3.0
RP14: 2/4/2010 2:24:49 PM - System Checkpoint
RP15: 2/4/2010 2:45:59 PM - Norton 360 Registry Clean
RP16: 2/5/2010 9:06:28 AM - Removed SUPERAntiSpyware Free Edition
RP17: 2/5/2010 11:22:44 PM - Software Distribution Service 3.0
RP18: 2/6/2010 1:00:21 PM - Software Distribution Service 3.0
RP19: 2/6/2010 4:50:32 PM - Software Distribution Service 3.0
RP20: 2/6/2010 6:30:02 PM - Software Distribution Service 3.0
RP21: 2/6/2010 6:45:36 PM - Software Distribution Service 3.0
RP22: 2/6/2010 6:53:50 PM - Software Distribution Service 3.0
RP23: 2/6/2010 6:57:16 PM - Software Distribution Service 3.0
RP24: 2/6/2010 7:34:31 PM - Installed Windows Installer Clean Up
RP25: 2/6/2010 7:36:47 PM - Removed Windows Installer Clean Up
RP26: 2/6/2010 7:38:59 PM - Software Distribution Service 3.0
RP27: 2/7/2010 8:00:26 PM - System Checkpoint
RP28: 2/7/2010 11:37:41 PM - Installed SUPERAntiSpyware Free Edition
RP29: 2/7/2010 11:48:22 PM - Software Distribution Service 3.0
==== Installed Programs ======================
2350
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Bonjour
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
CCleaner
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from HP Media Center (remove only)
CueTour
CustomerResearchQFolder
D7200
D7200_doccd
D7200_Help
Destinations
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocumentViewer
Easy CD & DVD Creator 6
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Final Drive Nitro from HP Media Center (remove only)
GemMaster Mystic
Glary Utilities 2.19.0.800
Google Chrome
Google Toolbar for Internet Explorer
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Customer Participation Program 9.0
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Imaging Device Functions 9.0
HP Photosmart Cameras 4.5
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Printer Software 9.0
HP Product Detection
HP PSC & OfficeJet 4.7
HP Solution Center 9.0
HP Tunes
HP Update
HPIZplus450
HPProductAssistant
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Lexibox Deluxe from HP Media Center (remove only)
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
Nero 7 Ultra Edition
OpenOffice.org 3.1
Otto
Overball from HP Media Center (remove only)
PanoStandAlone
PC-Doctor for Windows
PC Inspector File Recovery
Phoenix Assault from HP Media Center (remove only)
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PrintScreen
ProductContext
PS_SF_02_ProductContext
PS_SF_02_Software
PS_SF_02_Software_min
PSPrinters06
PSSWCORE
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shooting Stars Pool from HP Media Center (remove only)
SkinsHP1
Slyder from HP Media Center (remove only)
SolutionCenter
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Status
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware Free Edition
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
UnloadSupport
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
2/7/2010 5:28:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
2/7/2010 5:27:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/6/2010 3:54:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\kbdclass.sys could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
2/5/2010 9:06:33 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
2/3/2010 10:05:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
2/1/2010 4:31:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2010 4:27:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/1/2010 4:24:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/1/2010 4:24:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SRTSPX SYMTDI Tcpip
2/1/2010 4:24:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 4:24:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 4:24:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 4:24:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 4:24:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 4:24:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 4:23:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
==== End Of File ===========================
-
I'm not sure yet but there are some suspicious things there.
Go to Add or Remove Programs and uninstall:
- Ask Toolbar
----------
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Are we allowed to say s..t. It is cold and a lot of snow here and I am too old to do this late at night.
Any how here is the log from Combo Fix.
ComboFix 10-02-10.01 - HP_Administrator 02/10/2010 14:30:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.976 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\reg bu.reg
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\My Documents\regbackup.reg
c:\documents and settings\HP_Administrator\My Documents\register.reg
c:\documents and settings\HP_Administrator\My Documents\ZbThumbnail.info
c:\recycler\S-1-5-21-1078930042-2835926302-1665815475-1008
c:\recycler\S-1-5-21-268256340-2647404479-463916421-1008
c:\recycler\S-1-5-21-3523022091-113435569-4039268728-1008
c:\recycler\S-1-5-21-57155010-2377739065-1361960022-1008
c:\recycler\S-1-5-21-95389271-2071988878-309454382-1008
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 16:50 . 2010-02-10 16:50 -------- d-----w- c:\windows\LastGood
2010-02-10 16:49 . 2009-12-24 16:58 6515976 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\in00000\setup.exe
2010-02-10 16:49 . 2009-12-24 16:54 730032 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\ar00000\install.exe
2010-02-10 16:49 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-02-08 19:35 . 2010-02-08 19:35 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Malwarebytes
2010-02-08 19:35 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 19:35 . 2010-02-08 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 19:35 . 2010-02-08 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-08 19:35 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 04:38 . 2010-02-08 04:38 52224 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-08 04:38 . 2010-02-08 04:38 117760 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-07 22:46 . 2009-11-13 17:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2010-02-07 22:46 . 2010-02-07 22:54 -------- d-----w- c:\program files\Registrar Registry Manager
2010-02-07 22:27 . 2010-02-07 22:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-07 01:10 . 2009-11-04 21:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-07 01:10 . 2009-11-04 21:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-07 01:10 . 2009-11-04 21:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-07 01:10 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-02-07 01:10 . 2010-02-07 01:10 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-07 01:10 . 2010-02-07 01:10 -------- d-----w- c:\program files\McAfee.com
2010-02-07 01:10 . 2010-02-07 13:13 -------- d-----w- c:\program files\McAfee
2010-02-07 01:07 . 2009-11-04 21:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-07 00:58 . 2010-02-07 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-06 21:46 . 2010-02-06 21:46 -------- d-----w- c:\program files\NortonInstaller
2010-02-01 03:12 . 2010-02-01 03:12 -------- d-----w- c:\program files\PC Inspector File Recovery
2010-01-31 23:12 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-31 23:11 . 2010-01-31 23:11 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-31 23:11 . 2010-02-05 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-28 21:34 . 2010-01-28 21:34 -------- d-----w- c:\program files\Trend Micro
2010-01-28 18:59 . 2010-01-28 18:59 503808 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7ad7b378-n\msvcp71.dll
2010-01-28 18:59 . 2010-01-28 18:59 499712 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7ad7b378-n\jmc.dll
2010-01-28 18:59 . 2010-01-28 18:59 348160 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7ad7b378-n\msvcr71.dll
2010-01-28 18:59 . 2010-01-28 18:59 61440 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6d34699b-n\decora-sse.dll
2010-01-28 18:59 . 2010-01-28 18:59 12800 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6d34699b-n\decora-d3d.dll
2010-01-28 18:59 . 2010-01-28 18:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 01:27 . 2010-01-28 01:27 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\InterVideo
2010-01-27 12:44 . 2010-01-27 12:44 -------- d-----w- c:\program files\Glary Utilities
2010-01-26 20:26 . 2010-01-26 20:26 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Temp
2010-01-26 01:12 . 2010-02-02 15:00 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Thunderbird
2010-01-26 01:12 . 2010-01-26 01:12 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Thunderbird
2010-01-25 23:51 . 2010-02-08 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-25 23:51 . 2010-02-08 04:37 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\SUPERAntiSpyware.com
2010-01-25 22:11 . 2010-01-27 21:18 -------- d-----w- c:\program files\True Sword 5
2010-01-25 00:27 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-24 12:57 . 2010-01-24 12:57 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sonic
2010-01-24 12:57 . 2010-01-24 12:57 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Leadertech
2010-01-24 06:54 . 2010-01-24 06:54 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Ahead
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\AdobeUM
2010-01-20 15:08 . 2010-01-31 23:19 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Adobe
2010-01-19 13:04 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-19 13:00 . 2010-01-19 13:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-19 00:54 . 2010-01-19 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-18 20:39 . 2010-01-18 20:41 -------- dc-h--w- c:\windows\ie8
2010-01-18 05:00 . 2010-01-18 05:00 10134 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-01-17 22:27 . 2010-02-03 04:26 1 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-17 22:26 . 2010-01-17 22:26 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\OpenOffice.org
2010-01-17 22:20 . 2010-01-17 22:20 -------- d-----w- c:\program files\Shermans
2010-01-17 22:20 . 2010-01-17 22:20 -------- d-----w- c:\program files\Atrinsic
2010-01-17 20:50 . 2010-01-17 21:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\StarOffice8
2010-01-17 20:34 . 2010-01-17 20:34 -------- d-----w- c:\program files\AVN Products
2010-01-17 20:21 . 2010-01-17 20:25 -------- d-----w- c:\windows\system32\NtmsData
2010-01-17 18:08 . 2010-01-17 18:08 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\GlarySoft
2010-01-17 17:32 . 2010-01-17 17:33 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\DriverCure
2010-01-17 17:32 . 2010-01-17 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-17 17:32 . 2010-01-17 17:32 -------- d-----w- c:\program files\ParetoLogic
2010-01-17 17:11 . 2010-01-17 17:12 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\HpUpdate
2010-01-17 10:02 . 2010-02-03 12:22 66496 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-17 05:08 . 2010-01-17 05:08 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\avidemux
2010-01-17 05:04 . 2010-01-24 06:54 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Ahead
2010-01-16 20:12 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe
2010-01-16 17:25 . 2010-01-16 17:25 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Apple
2010-01-16 17:24 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-16 17:24 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-16 04:42 . 2009-10-28 14:36 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-01-16 04:42 . 2009-03-08 09:31 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2010-01-16 04:42 . 2009-03-08 09:11 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-01-16 04:42 . 2009-02-07 02:07 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-01-16 04:23 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-01-16 04:23 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\dllcache\kbdclass.sys
2010-01-16 04:23 . 2005-12-12 22:27 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-01-16 04:23 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-01-16 04:23 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-01-15 20:29 . 2010-01-15 20:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\CyberLink
2010-01-15 19:44 . 2010-01-15 19:44 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Roxio
2010-01-15 19:42 . 2010-01-18 14:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Roxio
2010-01-15 19:31 . 2010-01-15 19:31 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\ArcSoft
2010-01-15 19:26 . 2010-01-15 19:26 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\HP
2010-01-15 19:25 . 2010-01-15 19:25 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\HP
2010-01-15 16:58 . 2010-01-15 16:58 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\tjnet
2010-01-15 14:11 . 2009-12-24 16:58 6515976 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\Upgrade\setup1.exe
2010-01-15 14:11 . 2009-12-24 16:54 730032 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\Upgrade\install1.exe
2010-01-15 14:11 . 2010-02-10 16:50 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp
2010-01-15 00:14 . 2009-06-22 06:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-01-14 23:52 . 2010-01-29 00:08 -------- d-----w- c:\windows\system32\drivers\N360
2010-01-14 23:52 . 2010-01-14 23:52 -------- d-----w- c:\program files\Windows Sidebar
2010-01-14 20:00 . 2010-01-14 20:00 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\PrivacIE
2010-01-14 20:00 . 2010-01-14 20:00 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\IECompatCache
2010-01-14 19:56 . 2010-01-14 19:58 22725 ----a-w- c:\windows\hpqins15.dat
2010-01-14 19:34 . 2010-01-14 19:34 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2010-01-14 19:34 . 2010-01-14 19:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-14 19:34 . 2010-01-14 19:34 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-14 19:32 . 2010-01-14 19:32 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-01-14 19:27 . 2010-01-14 19:27 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\IETldCache
2010-01-14 19:24 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-14 19:24 . 2009-12-21 19:14 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-14 19:24 . 2009-12-21 19:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-14 19:24 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-14 19:24 . 2009-12-21 19:14 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-14 19:24 . 2009-12-21 19:14 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-14 19:24 . 2010-01-18 20:43 -------- d-----w- c:\windows\ie8updates
2010-01-14 19:24 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 18:44 . 2010-01-14 18:44 -------- d-----w- c:\windows\system32\scripting
2010-01-14 18:44 . 2010-01-14 18:44 -------- d-----w- c:\windows\system32\bits
2010-01-14 18:31 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2010-01-14 17:29 . 2007-04-04 07:47 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-14 17:29 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-01-14 17:29 . 2007-03-28 19:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-01-14 17:29 . 2007-02-06 22:00 39424 ----a-w- c:\windows\system32\HPBPRO.DLL
2010-01-14 17:29 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBPROPS.DLL
2010-01-14 17:29 . 2007-02-06 22:00 25600 ----a-w- c:\windows\system32\HPBOID.DLL
2010-01-14 17:29 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBOIDPS.DLL
2010-01-14 17:29 . 2007-02-06 22:00 24576 ----a-w- c:\windows\system32\HPBMIAPI.DLL
2010-01-14 17:29 . 2006-10-31 18:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
2010-01-14 17:29 . 2006-10-31 18:49 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL
2010-01-14 17:29 . 2006-10-31 18:48 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 00:43 . 2005-04-28 13:48 -------- d-----w- c:\program files\Java
2010-02-08 04:36 . 2007-05-09 21:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-07 00:36 . 2007-02-25 02:27 -------- d-----w- c:\program files\MSECache
2010-02-06 21:21 . 2005-04-28 14:46 -------- d-----w- c:\program files\Symantec
2010-02-06 21:20 . 2005-04-28 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-02 15:04 . 2005-04-28 14:02 -------- d-----w- c:\program files\HP
2010-02-01 03:12 . 2005-04-28 14:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 18:59 . 2005-04-28 13:48 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 00:06 . 2010-01-14 05:57 87488 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 00:33 . 2009-03-01 03:27 -------- d-----w- c:\program files\Windows Live
2010-01-25 00:32 . 2009-03-01 03:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-19 01:19 . 2008-07-22 21:45 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2010-01-19 01:18 . 2007-10-27 16:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-17 22:23 . 2009-04-10 20:47 -------- d-----w- c:\program files\JRE
2010-01-17 22:22 . 2009-04-10 20:47 -------- d-----w- c:\program files\OpenOffice.org 3
2010-01-17 05:08 . 2009-12-25 21:29 -------- d-----w- c:\program files\Avidemux 2.5
2010-01-17 01:07 . 2010-01-14 05:57 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Apple Computer
2010-01-16 20:59 . 2005-04-28 14:25 -------- d-----w- c:\program files\iTunes
2010-01-16 20:53 . 2005-04-28 14:25 -------- d-----w- c:\program files\QuickTime
2010-01-16 04:28 . 2010-01-14 03:30 94208 ----a-w- c:\windows\DUMP8339.tmp
2010-01-16 04:26 . 2010-01-14 03:30 94208 ----a-w- c:\windows\DUMPa0c4.tmp
2010-01-15 20:19 . 2005-04-28 14:23 -------- d-----w- c:\program files\Common Files\L&H
2010-01-15 20:19 . 2005-04-28 14:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-15 20:19 . 2005-04-28 14:22 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 23:52 . 2004-09-15 04:38 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-14 23:52 . 2004-09-15 04:38 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-14 23:52 . 2009-10-14 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-14 23:51 . 2009-10-14 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-14 18:48 . 2005-01-28 09:40 93511 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-14 18:48 . 2010-01-14 18:48 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-01-14 18:48 . 2010-01-14 18:48 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-01-14 18:01 . 2010-01-14 05:57 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
2010-01-14 17:38 . 2009-01-29 17:24 144001 ----a-w- c:\windows\hpoins16.dat
2010-01-14 17:34 . 2005-04-28 14:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-14 06:06 . 2005-04-28 14:35 -------- d-----w- c:\program files\Easy Internet signup
2010-01-14 06:06 . 2005-04-28 14:06 69069 ----a-w- c:\windows\hpoins05.dat
2010-01-14 05:59 . 2010-01-14 05:59 1974 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PX759AA-ABA a1120n_YC_0Pavi_QCNH522_E53NAsyEPC1_47_ IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXP2_L409_M152 8_J200_7Intel_8Pentium 4_93.06_#050718_N10EC8139_Z11C1048C_G80862582.MRK
2010-01-13 10:36 . 2009-01-26 21:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2010-01-13 10:35 . 2008-10-23 21:11 -------- d-----w- c:\program files\lg_fwupdate
2010-01-05 23:04 . 2010-01-05 23:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-31 16:50 . 2004-08-10 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 04:44 . 2005-12-04 02:46 -------- d-----w- c:\program files\ArcSoft
2009-12-28 04:44 . 2009-12-27 18:11 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-28 04:43 . 2005-12-04 02:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ArcSoft
2009-12-27 18:13 . 2009-12-27 18:13 5299337 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-12-27 18:12 . 2009-12-27 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-12-24 16:59 . 2009-12-24 16:59 93016 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:59 . 2009-12-24 16:59 93016 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:55 . 2009-12-24 16:55 12482904 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:55 . 2009-12-24 16:55 12482904 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:54 . 2010-01-04 14:16 730032 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install1.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 93016 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:53 . 2009-12-24 16:53 93016 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\cdloader2.exe
2009-12-21 19:14 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-10 12:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-10 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-10 18:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 18:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-10 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-10 18:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-10 18:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-10 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-10 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 21:44 . 2009-04-10 20:54 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2005-12-11 18:11 . 2005-12-11 18:11 251 ----a-w- c:\program files\wt3d.ini
2004-10-01 19:00 . 2006-06-19 18:08 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-02-14 03:14 . 2005-08-08 16:43 266843 ----a-w- c:\program files\nistime-32bit.exe
2005-07-21 03:54 . 2005-07-21 00:54 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"Google Update"="c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-26 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-28 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-10-21 14:43 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-04-28 14:13 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\HP_Administrator.YOUR-55E5F9E3D2\\Application Data\\mjusbsp\\magicJack.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/6/2010 8:12 PM 93320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-01-14 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]
2010-02-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-27 04:01]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 20:17]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 20:17]
2010-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393030381-2369599559-1294462393-1008Core.job
- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-26 20:26]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393030381-2369599559-1294462393-1008UA.job
- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-26 20:26]
2010-02-07 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-07 17:22]
2010-02-07 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-07 17:22]
2010-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2010-02-08 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-10-12 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 14:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-10 14:47:09
ComboFix-quarantined-files.txt 2010-02-10 19:47
Pre-Run: 95,695,142,912 bytes free
Post-Run: 102,646,788,096 bytes free
- - End Of File - - 8EE4DBDE48B01B3F757F06832A745AED
-
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
----------
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
C:\Documents and Settings\HP_Administrator\My Documents\Nero repair files\Nero-7.11.6.0_all_update.exe Win32/Toolbar.AskSBar application deleted - quarantined
-
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
* Click Start Now
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page (http://www.microsoft.com/windows/ie/).
----------
I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html).
* Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.