axel.dav

View previous topic View next topic Go down

axel.dav

Post by limbot on Thu 02 Jun 2011, 2:22 am

Problem:
After doing a system recovery I have 14000 of these axel.dav files the last I was able to successufully run a file search.

System:
HP Pavilion a1410n
WinXp Media Center Editon
Version 2002
Service Pack 2

Thanks


limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Thu 02 Jun 2011, 9:28 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

OTL.TXT as requested

Post by limbot on Thu 02 Jun 2011, 11:50 pm

I don't know what happened but I just ran a file search and the search did not find any axel.dav files. I did not search hidden files tho. Here are the logs from the OTL scan. By the way the restore was done on 5/11/2011. Thanks

OTL logfile created on: 6/2/2011 7:34:01 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 506.14 Mb Available Physical Memory | 49.50% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.81 Gb Total Space | 24.24 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive D: | 8.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: KIMMIESDESKTOP | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 07:33:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\OTL.com
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 23:51:54 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/02/10 23:37:09 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/11/11 23:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/11 23:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/11 23:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/11 23:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/01 12:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/10/07 01:25:36 | 000,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/24 10:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/09/19 12:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/17 01:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/17 01:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/17 01:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 01:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2001/08/18 00:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 07:33:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\OTL.com
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/10 23:37:06 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\IadHide5.dll
MOD - [2005/09/23 19:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/09/17 01:33:36 | 000,377,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccL40.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2006/02/10 23:51:54 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/10/22 19:28:54 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/10/13 09:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/10/07 01:25:36 | 000,133,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/09/24 17:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 12:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 01:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 01:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 01:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 17:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 15:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/19 21:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/26 06:40:10 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/02/10 23:51:54 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/23 17:41:52 | 004,145,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 11:00:00 | 000,750,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060104.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/01/04 11:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060104.006\NAVENG.SYS -- (NAVENG)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 18:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/17 01:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 17:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 20:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 15:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 15:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/07/29 18:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 18:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2001/08/17 14:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 14:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 14:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 14:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/05/11 15:53:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/06/02 03:03:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: )
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/10 23:33:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 07:33:22 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\OTL.com
[2011/06/02 03:26:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/01 16:03:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Administrative Tools
[2011/06/01 15:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Mozilla
[2011/06/01 11:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\LOTRO Standard Res Install Files
[2011/06/01 06:15:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/05/11 18:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\SUPERAntiSpyware.com
[2011/05/11 18:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/11 18:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/11 18:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/11 17:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Malwarebytes
[2011/05/11 17:16:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 17:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/11 17:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/11 17:16:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 17:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/11 17:15:44 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/05/11 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Adobe
[2011/05/11 17:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Adobe
[2011/05/11 13:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\LOTRO High Res Install Files
[2011/05/11 13:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\PMB Files
[2011/05/11 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/05/11 13:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\My Documents\The Lord of the Rings Online
[2011/05/11 13:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\The Lord of the Rings Online
[2011/05/11 13:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Macromedia
[2011/05/11 13:02:24 | 017,743,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2011/05/11 13:02:24 | 006,537,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/05/11 13:02:24 | 006,537,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011/05/11 13:02:24 | 005,459,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2011/05/11 13:02:24 | 004,017,408 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011/05/11 13:02:24 | 004,017,408 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/05/11 13:02:24 | 003,265,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011/05/11 13:02:24 | 003,265,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/05/11 13:02:24 | 001,115,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2011/05/11 13:02:24 | 000,851,968 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011/05/11 13:02:24 | 000,851,968 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/05/11 13:02:24 | 000,651,264 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2011/05/11 13:02:24 | 000,503,808 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2011/05/11 13:02:24 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2011/05/11 13:02:24 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2011/05/11 13:02:24 | 000,302,080 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011/05/11 13:02:24 | 000,302,080 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/05/11 13:02:24 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODE.exe
[2011/05/11 13:02:24 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2011/05/11 13:02:24 | 000,200,704 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2011/05/11 13:02:24 | 000,188,416 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2011/05/11 13:02:24 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2011/05/11 13:02:24 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2011/05/11 13:02:24 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2011/05/11 13:02:24 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2011/05/11 13:02:24 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2011/05/11 13:02:24 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2011/05/11 13:02:24 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2011/05/11 13:02:24 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2011/05/11 13:02:24 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2011/05/11 13:02:24 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODCLI.exe
[2011/05/11 13:02:24 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2011/05/11 13:02:24 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2011/05/11 13:02:24 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2011/05/11 13:02:24 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2011/05/11 13:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/11 12:59:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\PrivacIE
[2011/05/11 12:49:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/05/11 12:49:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/05/11 12:49:54 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/05/11 12:49:53 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/05/11 12:49:50 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/05/11 12:49:49 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/05/11 12:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Turbine
[2011/05/11 12:42:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\IETldCache
[2011/05/11 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\ATI
[2011/05/11 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\ATI
[2011/05/11 12:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/11 12:32:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/05/11 12:32:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/05/11 12:32:32 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/05/11 12:32:32 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/05/11 12:32:32 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/05/11 12:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/05/11 12:17:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\UserData
[2011/05/11 12:15:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/11 12:15:09 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/11 12:15:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/11 12:15:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/11 12:15:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/11 12:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Sun
[2011/05/11 12:12:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/05/11 12:12:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/05/11 12:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\IsolatedStorage
[2011/05/11 12:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\HP
[2011/05/11 12:07:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft
[2011/05/11 12:07:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data
[2011/05/11 12:07:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Favorites
[2011/05/11 12:07:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Cookies
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Symantec
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Real
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Intuit
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Identities
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Google
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop
[2011/05/11 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\ApplicationHistory
[2011/05/11 12:07:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\SendTo
[2011/05/11 12:07:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Recent
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Startup
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\My Documents\My Videos
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\My Documents\My Pictures
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\My Documents\My Music
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\My Documents
[2011/05/11 12:07:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Accessories
[2011/05/11 12:07:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Templates
[2011/05/11 12:07:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\PrintHood
[2011/05/11 12:07:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\NetHood
[2011/05/11 12:07:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings
[2011/05/11 12:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\WINDOWS
[2011/05/11 12:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Wildtangent
[2011/05/11 12:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Online Services
[2011/05/11 12:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\Microsoft
[2011/05/11 12:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2011/05/11 12:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/05/11 12:01:35 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctljystk.sys
[2011/05/11 12:01:34 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2011/05/11 12:01:31 | 000,051,200 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\sfman32.dll
[2011/05/11 12:01:31 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys
[2011/05/11 12:01:29 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\sblfx.dll
[2011/05/11 12:01:29 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys
[2011/05/11 12:01:29 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devcon32.dll
[2011/05/11 12:01:29 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe
[2011/05/11 12:01:29 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\ctwdm32.dll
[2011/05/11 12:01:28 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys
[2011/05/11 11:19:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2011/05/11 11:16:34 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/05/11 11:16:33 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/05/11 11:16:33 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/05/11 11:16:32 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/05/11 11:15:33 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/05/11 11:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\HPQ
[2011/05/11 10:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\My Documents\Symantec
[2011/05/11 10:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/05/11 10:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/05/11 10:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2011/05/11 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/05/11 10:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\music_now
[2011/05/11 10:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Standard
[2011/05/11 10:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2006
[2011/05/11 10:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/05/11 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\IntelliMoverDemo
[2011/05/11 10:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP Rhapsody
[2011/05/11 10:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2011/05/11 10:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\DISC
[2011/05/11 10:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Palo Alto Software
[2011/05/11 10:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2011/05/11 10:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2011/05/11 10:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/05/11 10:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2006
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Netscape
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My HP Games
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\muvee Technologies
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2011/05/11 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP Rhapsody
[2011/05/11 10:38:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/05/11 10:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/05/11 10:31:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/05/11 10:31:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/05/11 10:31:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/05/11 10:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/05/11 10:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/05/11 10:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/05/11 10:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pcintro
[2011/05/11 10:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/05/11 10:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/05/11 10:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/05/11 10:30:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/05/11 10:29:41 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/05/11 10:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/05/11 10:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/05/11 10:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/05/11 10:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/05/11 10:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/05/11 10:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/05/11 10:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/05/11 10:29:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/05/11 10:29:34 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/05/11 10:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/05/11 10:29:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/05/11 10:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/05/11 10:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/05/09 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 07:36:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D09DF036-10F8-45D4-B7A8-E6BA73B8C240}.job
[2011/06/02 07:33:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\OTL.com
[2011/06/02 07:30:52 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/02 07:28:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 07:28:13 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-6705849-725214820-36267587-1008.job
[2011/06/02 07:28:13 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/06/02 07:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/02 03:21:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 03:21:40 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/01 15:26:00 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\The Lord of the Rings Online.lnk
[2011/06/01 11:26:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/01 06:06:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 04:00:00 | 000,000,742 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
[2011/05/11 18:55:14 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/11 17:16:52 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 13:24:47 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/11 13:24:47 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/11 13:16:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/11 12:47:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 12:42:45 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 12:14:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/11 12:14:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/11 12:14:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/11 12:14:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/11 12:14:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/11 12:10:22 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\fusioncache.dat
[2011/05/11 12:08:26 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/11 12:07:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/11 12:06:40 | 000,001,197 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/11 12:06:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/11 11:02:40 | 000,000,883 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/05/11 08:19:22 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat.oth
[2011/05/07 15:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\TuneUpMedic_scan_schedule_task_43f92be2-ecf8-4630-b422-ba0bd2baf85f.job
[2011/05/05 21:06:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-6705849-725214820-36267587-1008.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 15:26:00 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop\The Lord of the Rings Online.lnk
[2011/05/11 18:55:14 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/11 17:16:52 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 13:02:24 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/05/11 13:02:24 | 000,737,024 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/05/11 13:02:24 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/05/11 13:02:24 | 000,165,296 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011/05/11 13:02:24 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/05/11 12:15:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 12:08:02 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2011/05/11 12:08:02 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/11 12:08:02 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/05/11 12:08:02 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 12:08:02 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
[2011/05/11 12:08:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/11 12:07:59 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Application Data\fusioncache.dat
[2011/05/11 12:07:56 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Remote Assistance.lnk
[2011/05/11 12:07:56 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Internet Explorer.lnk
[2011/05/11 12:07:56 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Windows Media Player.lnk
[2011/05/11 12:07:56 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Start Menu\Programs\Outlook Express.lnk
[2011/05/11 12:01:28 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2011/05/11 10:27:20 | 000,000,246 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat.oth
[2011/02/02 00:28:30 | 000,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/02 00:21:34 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/12/16 21:15:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/27 21:27:53 | 000,002,072 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2010/01/03 20:03:55 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/03 20:03:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/03 20:03:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/03 20:03:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/03 20:03:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/22 13:15:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/03/13 09:41:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2008/11/22 00:37:02 | 000,002,223 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2007/07/29 16:39:56 | 000,218,784 | ---- | C] () -- C:\WINDOWS\TrueInstall.exe
[2007/06/20 22:47:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/02/27 22:52:54 | 000,001,791 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/11 00:28:21 | 000,117,118 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/02/11 00:28:21 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/06 22:35:29 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/02/06 22:35:17 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/06 22:07:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/27 15:14:38 | 000,001,383 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/26 22:40:22 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/23 22:59:10 | 000,117,092 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/06/26 21:45:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2006/06/26 21:45:30 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/06/26 21:44:44 | 000,003,823 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2006/06/26 21:44:44 | 000,001,253 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2006/04/14 08:51:44 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/04/05 22:04:06 | 000,001,671 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/01 22:59:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/03/30 12:41:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/03/30 12:41:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/11 00:04:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/10 23:41:32 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/02/10 23:37:06 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/02/10 23:36:20 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/02/10 23:36:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/02/10 23:33:55 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/10 23:31:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/10 23:20:33 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/10 23:19:08 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/02/10 23:19:08 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/10 23:13:56 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/02/10 23:13:56 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/02/10 23:13:04 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/02/10 23:13:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/02/10 23:09:21 | 000,087,276 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/02/10 23:07:45 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/02/10 23:07:45 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/02/10 23:04:42 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/02/10 23:04:42 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/02/10 23:03:45 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/10 23:00:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/10 23:00:24 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/10 23:00:24 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/10 23:00:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/10 23:00:24 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/10 23:00:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/10 23:00:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/10 23:00:23 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/10 23:00:23 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/10 23:00:23 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/10 23:00:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/10 22:58:52 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/10 22:40:21 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/02/10 22:40:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/02/10 22:40:02 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/02/10 22:37:04 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AXEL.DAV
[2006/02/10 22:37:04 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\AXEL.DAV
[2006/02/10 22:37:03 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AXEL.DAV
[2006/02/10 22:37:03 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\AXEL.DAV
[2005/12/09 16:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 23:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 23:07:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 23:07:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 23:05:30 | 000,196,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 22:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 23:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/09 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 23:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/09 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 23:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/09 23:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/09 23:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/09 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 09:51:38 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/31 19:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 10:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 10:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2246A6

< End of report >


limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

OTL Extras Log file

Post by limbot on Thu 02 Jun 2011, 11:53 pm

OTL Extras logfile created on: 6/2/2011 7:34:01 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 506.14 Mb Available Physical Memory | 49.50% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.81 Gb Total Space | 24.24 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive D: | 8.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: KIMMIESDESKTOP | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58689:TCP" = 58689:TCP:*:Enabled:Pando Media Booster
"58689:UDP" = 58689:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"58689:TCP" = 58689:TCP:*:Enabled:Pando Media Booster
"58689:UDP" = 58689:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BA3A1639-A2BA-4DEE-C492-1DA0835D5CC1}" = Catalyst Control Center InstallProxy
"{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8048
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DISCover" = DISCover
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2011 1:12:06 PM | Computer Name = KIMMIESDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/11/2011 1:19:19 PM | Computer Name = KIMMIESDESKTOP | Source = ESENT | ID = 486
Description = wuauclt (3548) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00171.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 5/11/2011 1:19:19 PM | Computer Name = KIMMIESDESKTOP | Source = ESENT | ID = 413
Description = wuauclt (3548) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 5/11/2011 1:19:19 PM | Computer Name = KIMMIESDESKTOP | Source = ESENT | ID = 492
Description = wuauclt (3548) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\"
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 5/11/2011 1:19:19 PM | Computer Name = KIMMIESDESKTOP | Source = ESENT | ID = 471
Description = wuauclt (3548) Unable to rollback operation #13560 on database C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb.
Error: -510. All future database updates will be rejected.

Error - 5/11/2011 12:53:17 PM | Computer Name = KIMMIESDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ndp1.1sp1-kb979906-x86.exe, version 1.0.1683.4989,
faulting module ndp1.1sp1-kb979906-x86.exe, version 1.0.1683.4989, fault address
0x00016bed.

Error - 5/11/2011 2:23:00 PM | Computer Name = KIMMIESDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/11/2011 6:15:18 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/11/2011 6:15:18 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/11/2011 6:15:18 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/11/2011 6:15:18 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 5/11/2011 6:16:54 PM | Computer Name = KIMMIESDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/11/2011 7:51:03 PM | Computer Name = KIMMIESDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/11/2011 7:53:36 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor IntelIde ViaIde

Error - 5/11/2011 7:53:48 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 5/11/2011 7:53:48 PM | Computer Name = KIMMIESDESKTOP | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 6/1/2011 10:24:19 AM | Computer Name = KIMMIESDESKTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.


< End of report >

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Mon 06 Jun 2011, 1:00 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Combo-Fix Log

Post by limbot on Tue 07 Jun 2011, 3:31 am

Note: I did upgrade .net Framwork to 3.5 this a.m. and Win Xp to SP3 prior to running Combo Fix
Thankyou.

ComboFix 11-06-06.01 - HP_Administrator 06/06/2011 10:51:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\Setup.ico
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\Internet download 2\dotnetfx.exe
c:\documents and settings\Internet download 2\dotnetfx35setup.exe
c:\documents and settings\Internet download 2\NDP1.1sp1-KB867460-X86.exe
c:\documents and settings\Internet download 2\NetFx20SP2_x86.exe
c:\documents and settings\Internet download 2\WindowsXP-KB936929-SP3-x86-ENU.exe
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\program files\INSTALL.LOG
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 15:42 . 2011-06-06 15:42 -------- d-----w- C:\Combo-Fix
2011-06-06 15:15 . 2011-06-06 15:15 -------- d-----w- c:\windows\LastGood
2011-06-06 14:50 . 2006-12-29 05:31 19569 ----a-w- c:\windows\006586_.tmp
2011-06-06 14:29 . 2011-06-06 14:29 -------- d-----w- C:\d9a9e00988820de0d226
2011-06-06 13:00 . 2011-06-06 13:39 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-06 12:23 . 2011-06-06 16:03 -------- d-----w- c:\documents and settings\Internet download 2
2011-06-01 14:59 . 2011-06-01 14:59 1955704 ----a-w- c:\documents and settings\lotrostandard.exe
2011-06-01 14:25 . 2011-06-01 15:03 1955696 ----a-w- c:\documents and settings\lotrohigh.exe
2011-05-11 23:55 . 2011-05-11 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-11 23:55 . 2011-05-11 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-11 22:16 . 2011-05-11 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-11 22:16 . 2011-05-11 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 22:15 . 2011-05-11 22:15 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-05-11 17:07 . 2011-06-06 16:03 -------- d-----w- c:\documents and settings\HP_Administrator.KIMMIESDESKTOP
2011-05-11 15:47 . 2011-05-11 20:53 -------- d-----w- c:\program files\Quicken
2011-05-11 15:45 . 2011-05-11 20:53 -------- d-----w- c:\program files\Netscape
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\Norton Internet Security
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\music_now
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\MSN Encarta Standard
2011-05-11 15:43 . 2011-05-11 20:53 -------- d-----w- c:\program files\Microsoft Money 2006
2011-05-11 15:43 . 2011-05-11 20:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-11 15:43 . 2011-05-11 20:53 -------- d---a-w- c:\program files\IntelliMoverDemo
2011-05-11 15:42 . 2011-05-11 20:53 -------- d-----w- c:\program files\HP Rhapsody
2011-05-11 15:40 . 2011-05-11 20:53 -------- d-----w- c:\program files\EnglishOtto
2011-05-11 15:40 . 2011-05-11 20:53 -------- d-----w- c:\program files\DISC
2011-05-11 15:39 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2011-05-11 15:39 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\muvee Technologies
2011-05-11 15:38 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\L&H
2011-05-11 15:38 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\Intuit
2011-05-11 15:38 . 2011-05-11 17:07 -------- d-sh--w- c:\documents and settings\All Users\DRM
2011-05-11 15:36 . 2011-05-11 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2011-05-11 15:34 . 2011-06-06 14:55 -------- d-----w- c:\windows\WinSxS
2011-05-11 15:28 . 2011-06-06 15:59 -------- d-----w- c:\windows\system32
2011-05-09 22:24 . 2011-05-09 22:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-09 22:01 . 2011-05-10 02:13 -------- d-----w- c:\program files\PeaZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 14:57 . 2011-06-06 14:57 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-06-06 14:57 . 2011-06-06 14:57 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2011-06-06 14:57 . 2011-06-06 14:57 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-06-06 14:57 . 2011-06-06 14:57 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2011-06-06 14:57 . 2011-06-06 14:57 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2011-06-06 14:57 . 2011-06-06 14:57 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2011-06-06 14:57 . 2011-06-06 14:57 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2011-06-06 14:57 . 2011-06-06 14:57 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2011-06-06 14:57 . 2011-06-06 14:57 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-11-01 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-10 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-10 36903]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58689:TCP"= 58689:TCP:Pando Media Booster
"58689:UDP"= 58689:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\ALSysIO.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:27]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:27]
.
2011-06-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
- c:\program files\Norton Security Suite\Engine\4.3.0.5\navw32.exe [2011-01-02 19:24]
.
2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-6705849-725214820-36267587-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-6705849-725214820-36267587-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2006-02-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-02-11 05:21]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{D09DF036-10F8-45D4-B7A8-E6BA73B8C240}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-06 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\devldr32.exe
c:\windows\ARPWRMSG.EXE
c:\program files\DISC\DiscGui.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2011-06-06 11:23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 16:23
.
Pre-Run: 23,057,649,664 bytes free
Post-Run: 24,151,175,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 59C01E8795B1340CD07433F4968A71F9

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Tue 07 Jun 2011, 7:41 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\006586_.tmp
    c:\documents and settings\lotrostandard.exe
    c:\documents and settings\lotrohigh.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Tue 07 Jun 2011, 9:13 am

ComboFix 11-06-06.02 - HP_Administrator 06/06/2011 16:22:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.569 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Desktop\Combo-Fix.exe
Command switches used :: c:\combo-fix\CFScript.txt..txt
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\documents and settings\lotrohigh.exe"
"c:\documents and settings\lotrostandard.exe"
"c:\windows\006586_.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\lotrohigh.exe
c:\documents and settings\lotrostandard.exe
c:\windows\006586_.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 15:42 . 2011-06-06 21:22 -------- d-----w- C:\Combo-Fix
2011-06-06 14:29 . 2011-06-06 14:29 -------- d-----w- C:\d9a9e00988820de0d226
2011-06-06 13:00 . 2011-06-06 13:39 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-06 12:23 . 2011-06-06 16:03 -------- d-----w- c:\documents and settings\Internet download 2
2011-05-11 23:55 . 2011-05-11 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-11 23:55 . 2011-05-11 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-11 22:16 . 2011-05-11 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-11 22:16 . 2011-05-11 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 22:15 . 2011-05-11 22:15 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-05-11 17:07 . 2011-06-06 16:03 -------- d-----w- c:\documents and settings\HP_Administrator.KIMMIESDESKTOP
2011-05-11 15:47 . 2011-05-11 20:53 -------- d-----w- c:\program files\Quicken
2011-05-11 15:45 . 2011-05-11 20:53 -------- d-----w- c:\program files\Netscape
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\Norton Internet Security
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\music_now
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\MSN Encarta Standard
2011-05-11 15:43 . 2011-05-11 20:53 -------- d-----w- c:\program files\Microsoft Money 2006
2011-05-11 15:43 . 2011-05-11 20:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-11 15:43 . 2011-05-11 20:53 -------- d---a-w- c:\program files\IntelliMoverDemo
2011-05-11 15:42 . 2011-05-11 20:53 -------- d-----w- c:\program files\HP Rhapsody
2011-05-11 15:40 . 2011-05-11 20:53 -------- d-----w- c:\program files\EnglishOtto
2011-05-11 15:40 . 2011-05-11 20:53 -------- d-----w- c:\program files\DISC
2011-05-11 15:39 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2011-05-11 15:39 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\muvee Technologies
2011-05-11 15:38 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\L&H
2011-05-11 15:38 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\Intuit
2011-05-11 15:38 . 2011-05-11 17:07 -------- d-sh--w- c:\documents and settings\All Users\DRM
2011-05-11 15:36 . 2011-05-11 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2011-05-11 15:34 . 2011-06-06 14:55 -------- d-----w- c:\windows\WinSxS
2011-05-11 15:28 . 2011-06-06 21:27 -------- d-----w- c:\windows\system32
2011-05-09 22:24 . 2011-05-09 22:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-09 22:01 . 2011-05-10 02:13 -------- d-----w- c:\program files\PeaZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 14:57 . 2011-06-06 14:57 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-06-06 14:57 . 2011-06-06 14:57 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2011-06-06 14:57 . 2011-06-06 14:57 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-06-06 14:57 . 2011-06-06 14:57 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2011-06-06 14:57 . 2011-06-06 14:57 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2011-06-06 14:57 . 2011-06-06 14:57 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2011-06-06 14:57 . 2011-06-06 14:57 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2011-06-06 14:57 . 2011-06-06 14:57 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2011-06-06 14:57 . 2011-06-06 14:57 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-11-01 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-10 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-10 36903]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58689:TCP"= 58689:TCP:Pando Media Booster
"58689:UDP"= 58689:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\ALSysIO.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:27]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:27]
.
2011-06-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
- c:\program files\Norton Security Suite\Engine\4.3.0.5\navw32.exe [2011-01-02 19:24]
.
2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-6705849-725214820-36267587-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-6705849-725214820-36267587-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2006-02-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-02-11 05:21]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{D09DF036-10F8-45D4-B7A8-E6BA73B8C240}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-06 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\devldr32.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscGui.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-06 16:57:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 21:56
ComboFix2.txt 2011-06-06 16:23
.
Pre-Run: 24,577,785,856 bytes free
Post-Run: 24,571,723,776 bytes free
.
- - End Of File - - 8ED201AF10433627031A29F7ADB8FE8D

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Wed 08 Jun 2011, 5:16 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Thu 09 Jun 2011, 2:44 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=2ffeb5348996704b819cb682e1a958de
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-08 02:59:56
# local_time=2011-06-08 09:59:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 16764905 100 88 0 310756247 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196159
# found=4
# cleaned=4
# scan_time=9077
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38\A0010218.DLL a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Thu 09 Jun 2011, 8:09 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 24

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    C:\Program Files\AskSBar

    :commands
    [emptytemp]
    [clearallrestorepoints]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Fri 10 Jun 2011, 12:25 am

this is awesome thanks so much

All processes killed
========== FILES ==========
C:\Program Files\AskSBar\SrchAstt\1.bin folder moved successfully.
C:\Program Files\AskSBar\SrchAstt folder moved successfully.
C:\Program Files\AskSBar\bar\Settings folder moved successfully.
C:\Program Files\AskSBar\bar\History folder moved successfully.
C:\Program Files\AskSBar\bar\Cache folder moved successfully.
C:\Program Files\AskSBar\bar\1.bin folder moved successfully.
C:\Program Files\AskSBar\bar folder moved successfully.
C:\Program Files\AskSBar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 31285 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1173376 bytes

User: HP_Administrator.KIMMIESDESKTOP
->Temp folder emptied: 195007 bytes
->Temporary Internet Files folder emptied: 65745473 bytes
->Java cache emptied: 28978 bytes
->Flash cache emptied: 3121046 bytes

User: HP_Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 3062824 bytes
->Temporary Internet Files folder emptied: 2736124 bytes

User: Internet download 2

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 262278 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245894 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2925762 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 75097560 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_081435

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\~DF3F5F.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\~DF3F77.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\~DF3FFF.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\~DF4013.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\~DF4076.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\~DF408A.tmp not found!
C:\Documents and Settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temporary Internet Files\Content.IE5\ADE8QS93\t27303-axeldav[1].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_8f4.dat moved successfully.

Registry entries deleted on Reboot...

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Cleaning House

Post by limbot on Fri 10 Jun 2011, 12:44 am

Hi Bel, first of all I am so greatful for this assistance.

when we get done with this axel.dav ... I would like to clean house on startup items, processes, services and programs that are not needed. I am not familier with many of the names when I look in running processes. What I do know: For example the restore put a bunch of HP games in programs i need to remove, the are 2 large Lord of the Rings texture data files on the desktop I think should be moved. Would like to clean HP stuff out but use the HP Digital Imaging Monitorfor the wireless HP printer this PC is used with..... not sure what Apple Safari is, Google Chrome I don't think I need. This PC is used for Internet, photo's, Cubase music and mp3 files for a sansa player, and Lord of the Rings MMorpg. Trying to streamline the startup as much as logical, this PC could use this I feel. What do recommend as an approach to this?

Thankyou
Kim

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Fri 10 Jun 2011, 1:49 am

Hello.
We can remove unneeded startup items with this tool.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Tue 14 Jun 2011, 11:24 pm

Here is the log file of the HijackThis, purpose of this PC, playing music, looking at photos, playing online mmo game

thanks
Kim

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:41 AM, on 6/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10290 bytes

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Wed 15 Jun 2011, 3:00 am

Hello.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
    O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
    O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally, is startup any faster now? there is still some work to be done as well, a few more things need updating and removing.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Wed 15 Jun 2011, 10:57 pm

I forgot to mention that we do print wirelessly to an HP printer from this PC, are any of these services to remove for that?

Thankyou

Kim

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Thu 16 Jun 2011, 5:25 am

Hmm, I don't think the startup removal should effect it, but we can restore any HP related items and put them back on startup.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Thu 16 Jun 2011, 11:55 pm

Good Morning...

Ran the fixes, couldn't check the printer as it wasn't working anyway. I removed all the HP items as indicated. It does start faster. What's next? While I am thinking about it, how do you feel about Norton and its interference and resource use. I don't think you can easily turn it fully off for gaming. FYI we are at 526MB used of 1024MB avail RAM.

Thankyou

Kim

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Fri 17 Jun 2011, 6:55 am

Hello.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 26.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader X

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Fri 17 Jun 2011, 9:59 am

snappier and good

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Sat 18 Jun 2011, 12:34 am

Is there anything else we need to do? It is running much better now, I deleted some HP games and such and ran a defrag. I was curious about the restore drive still having axel.dav in it hiding, I heard thats where it came from, during the restore. Also could you look at my husbands Hijack this log please? He said, I wonder what junk is running on my PC He knows about Sandbox. He pretty much gets email, internet, prints wirelessly and Lord of the Rings mmo on his PC. Thankyou so much!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:11:11 PM, on 6/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GIGABYTE\Common\GNConfig.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: HP91A286 HP0017A491A286
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Search-Results Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Babylon Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kim1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Driver performer.lnk = C:\Documents and Settings\Kim1\Local Settings\Temp\7ZipSfx.000\dp.exe
O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 9396 bytes

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Belahzur on Sat 18 Jun 2011, 4:56 am

The log looks fine.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: axel.dav

Post by limbot on Mon 20 Jun 2011, 11:36 am

So we are done?

limbot

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-06-02
Operating System : XP SP2

View user profile

Back to top Go down

Re: axel.dav

Post by Sneakyone on Tue 21 Jun 2011, 2:13 pm

Yep.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: axel.dav

Post by Sponsored content Today at 4:31 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum