Don't know what happened...files got deleted

View previous topic View next topic Go down

Don't know what happened...files got deleted

Post by cwiesner on Wed Nov 09, 2011 6:23 pm

This involves my work computer and I don't know what happened, but I noticed that after I had downloaded the new docmagic doc viewer program, all of the files on my desktop and old files in a backup folder were all deleted. I'm not sure if this was the cause of it or not. I tried system restore but it didn't do anything/and couldn't be completed. I'm really hoping all of the files weren't permanently deleted.

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Thu Nov 10, 2011 5:53 pm

Hello, Welcome to GeekPolice! I am Houndmom and I will be helping you get your computer cleaned up. Right On!


Please note the following information about the malware forum:


    * Only Tech Officers, Global Moderators, Administrators,, Malware Advisors and Tech Staff are allowed to give advice on removing malware from your computer.
    * From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    * Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    * If you have already asked for help somewhere, please post the link to the topic you were helped.
    * We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

    * Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


As I am a student, Please wait while I consult my instructors on the first step.


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Thu Nov 10, 2011 11:24 pm

Thanks for waiting. We can begin now, but as before I need to consult with my instructors each time.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Then run this tool:



  • Download[You must be registered and logged in to see this link.] onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.

    Note: To Copy - highlight text and choosing CTRL C or by right click and choose copy
    To Paste - by clicking in your post box here on the forum and choosing CTRL V or right click and choose paste






If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Thu Nov 10, 2011 11:53 pm

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8135

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/10/2011 3:52:28 PM
mbam-log-2011-11-10 (15-52-28).txt

Scan type: Quick scan
Objects scanned: 200530
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Fri Nov 11, 2011 12:11 am

Did you also run OTL?
If so, I need that log also.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Mon Nov 14, 2011 11:13 pm

OTL logfile created on: 11/14/2011 2:51:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 479.07 Mb Available Physical Memory | 47.19% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 118.71 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Computer Name: YOUR-235B2CE4A2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 14:51:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL(5).exe
PRC - [2011/11/10 09:05:24 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/21 16:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2010/02/01 14:11:48 | 000,297,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe
PRC - [2009/11/16 15:11:30 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/05/29 15:27:56 | 000,036,864 | ---- | M] (Ellie Mae, Inc.) -- C:\Program Files\Encompass\EncompassServer.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:33:38 | 000,886,000 | ---- | M] (AT&T Inc.) -- C:\Program Files\interwise\participant\pull.exe
PRC - [2003/10/20 10:51:08 | 000,178,688 | ---- | M] (Ricoh Co.,Ltd.) -- C:\Program Files\RDS\SrScanDr.exe
PRC - [2002/11/20 15:53:10 | 000,036,864 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\DdsSchedNT.exe
PRC - [2002/07/31 09:43:44 | 000,098,304 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\SOption.exe
PRC - [2002/07/10 16:55:28 | 000,139,264 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\Dds.exe
PRC - [2001/03/23 09:39:12 | 000,028,672 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\spooler.exe
PRC - [2000/11/30 21:34:36 | 000,065,536 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\RsiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 09:05:25 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/14 12:42:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 12:38:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 08:33:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 08:33:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 08:32:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 08:27:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 08:26:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 08:23:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/09/22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/06/18 11:22:36 | 005,612,496 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/02/01 14:11:48 | 000,297,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe
MOD - [2008/04/14 04:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:35:10 | 000,024,576 | ---- | M] () -- C:\Program Files\interwise\participant\IwReg.dll
MOD - [2002/12/06 22:15:18 | 000,418,304 | ---- | M] () -- C:\Program Files\interwise\participant\exchndl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/21 16:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2010/02/01 14:11:48 | 000,297,120 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe -- (DML Service)
SRV - [2008/05/29 15:27:56 | 000,036,864 | ---- | M] (Ellie Mae, Inc.) [Auto | Running] -- C:\Program Files\Encompass\EncompassServer.exe -- (EncompassServer)
SRV - [2003/10/20 10:51:08 | 000,178,688 | ---- | M] (Ricoh Co.,Ltd.) [Auto | Running] -- C:\Program Files\RDS\SrScanDr.exe -- (ScanRouterDriverV2)
SRV - [2002/11/20 15:53:10 | 000,036,864 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\DdsSchedNT.exe -- (DdsSched)
SRV - [2002/07/31 09:43:44 | 000,098,304 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\SOption.exe -- (SOption)
SRV - [2000/11/30 21:34:36 | 000,065,536 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\RsiSvc.exe -- (RsiSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/03 19:05:22 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111113.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/03 19:05:22 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111113.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/21 16:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys -- (ccHP)
DRV - [2011/09/21 16:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/09/21 16:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS -- (SYMFW)
DRV - [2011/09/21 16:40:13 | 000,036,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2011/09/21 16:40:13 | 000,033,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS -- (SYMIDS)
DRV - [2011/08/22 23:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111111.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/06/02 15:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/01/27 11:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/08/22 00:26:08 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 00:26:08 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 00:26:08 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 00:26:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 00:25:58 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 00:25:58 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/08/20 07:57:17 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/26 13:48:00 | 004,881,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/09 20:10:00 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys -- (HSFHWBS3)
DRV - [2008/09/09 20:09:54 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/09/09 20:09:52 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2008/08/07 03:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.%(version)s

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/14 14:26:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 14:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2010/03/11 11:22:47 | 000,000,000 | ---D | M]

[2009/10/22 15:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/11/14 09:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zsvxsg3j.default\extensions
[2010/06/25 08:25:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zsvxsg3j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 16:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/14 14:26:43 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/11/10 16:13:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2010/03/11 11:22:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOVE NETWORKS
[2009/11/16 15:11:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Push Client.LNK = C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Delivery Services.lnk = C:\Program Files\RDS\DdsLaunch.exe (RICOH Company Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mrmlsmatrix.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safemls.net ([]* in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBFFCC26-CE82-4A1F-AE27-0EB9F991A359}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 14:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0662fd71-3b71-11de-babc-0024818d0e72}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 09:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/10 15:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/11/10 15:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/10 15:43:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/10 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/10 14:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Martiniez
[2011/11/09 14:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Borjkhani
[2011/11/08 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Teora
[2011/11/08 14:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\T. Kaloper
[2011/11/08 14:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Monroy
[2011/11/08 14:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\L. Mardesich
[2011/11/08 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\DocMaster
[2011/11/08 12:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\DocMagic
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 14:42:06 | 001,884,625 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park.pdf
[2011/11/14 14:34:19 | 000,399,842 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park comps.pdf
[2011/11/14 14:34:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 14:34:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 09:00:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 09:00:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 15:43:24 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 15:36:50 | 000,001,453 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2011/11/10 15:19:13 | 000,127,769 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\3429 edloft.pdf
[2011/11/10 14:55:40 | 001,300,132 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\1335 W 8th St San Pedro Ca .pdf
[2011/11/08 15:08:43 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Sean.lnk
[2011/11/08 12:40:53 | 000,491,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 12:40:53 | 000,090,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 12:32:54 | 000,910,877 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Note and Deed.pdf
[2011/10/27 11:40:58 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 14:42:06 | 001,884,625 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park.pdf
[2011/11/14 13:05:57 | 000,399,842 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park comps.pdf
[2011/11/10 15:43:24 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 15:19:13 | 000,127,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\3429 edloft.pdf
[2011/11/10 14:55:39 | 001,300,132 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\1335 W 8th St San Pedro Ca .pdf
[2011/11/08 15:08:43 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Sean.lnk
[2011/11/08 12:32:54 | 000,910,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Note and Deed.pdf
[2011/05/18 14:17:04 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/28 10:26:25 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/09 15:07:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/26 10:19:43 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2010/04/26 10:19:43 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2010/04/26 10:19:43 | 000,352,256 | R--- | C] () -- C:\WINDOWS\System32\zSHP2600.EXE
[2010/04/26 10:19:43 | 000,299,008 | R--- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
[2010/01/04 15:25:53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2010/01/04 15:25:53 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2010/01/04 15:25:05 | 000,001,453 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2010/01/04 15:16:26 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/08/07 15:45:58 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2009/08/07 15:45:58 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2009/07/17 10:38:52 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/07/17 10:38:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/11/26 15:38:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 14:40:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 14:27:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/26 14:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/26 13:11:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 13:10:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 13:10:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 13:10:49 | 000,491,354 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 13:10:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 13:10:49 | 000,090,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 13:10:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 13:10:49 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 13:10:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/11/26 13:10:46 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 13:10:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 13:10:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 13:10:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 06:17:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/26 06:17:10 | 000,147,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/24 10:33:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2003/11/12 09:16:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2000/02/17 13:57:02 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\GN32.DLL
[1999/10/13 14:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\GNS2KZIP.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/26 14:25:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/02 15:06:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/02/14 15:10:50 | 000,022,016 | ---- | M] (RICOH COMPANY, LTD.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\RC00C1B0.dll
[2007/06/27 01:00:00 | 000,057,344 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/26 14:25:54 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/10/06 17:03:57 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\Thumbs.db
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/07 16:45:04 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/11/26 14:29:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/08/18 13:43:24 | 001,277,680 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CouponPrinter.exe

< %USERPROFILE%\*.exe >
[2010/08/25 10:05:45 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\g2mdlhlpx.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/10 09:05:23 | 000,110,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/10 09:05:24 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/10 09:05:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/10 09:05:37 | 000,247,768 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/07 16:45:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/26 06:16:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/11/26 06:16:42 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/11/26 06:16:41 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 04:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/09/06 05:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/02 15:06:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll
[2007/02/14 15:10:50 | 000,022,016 | ---- | M] (RICOH COMPANY, LTD.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\RC00C1B0.dll
[2007/06/27 01:00:00 | 000,057,344 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\zIMFPRNT.DLL

< %SYSTEMDRIVE%\*.* >
[2010/07/26 08:57:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/11/26 14:25:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/07 16:44:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/26 14:25:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/26 14:25:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/04 13:51:47 | 000,000,457 | -H-- | M] () -- C:\IPH.PH
[2010/04/26 10:21:04 | 000,023,048 | ---- | M] () -- C:\LJCP1215.log
[2008/11/26 14:25:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/14 09:00:46 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/09/08 08:42:09 | 000,000,328 | ---- | M] () -- C:\updatedatfix.log

< %PROGRAMFILES%\*. >
[2011/10/04 08:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/09 09:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/10/04 08:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/11/26 14:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/11/26 14:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/09/12 11:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/11/26 14:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2011/11/08 12:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\DocMagic
[2011/10/06 14:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\Encompass
[2009/05/08 08:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\EncompassData
[2010/02/03 08:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/04/26 10:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2009/09/01 09:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\ieSpell
[2009/07/17 10:20:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/11/26 14:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/10/14 08:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/23 11:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\interwise
[2009/11/16 15:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/09/12 11:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2011/11/10 15:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/08 15:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/03/04 12:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/11/26 14:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/08/05 12:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/14 14:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/03/22 08:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/07/06 10:23:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/06 16:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/05/08 10:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2009/05/12 09:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 08:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/14 14:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/11/26 14:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/11/26 14:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/26 14:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/01/05 09:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/30 08:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/11/26 14:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/07/15 09:22:53 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2011/02/19 09:21:42 | 000,000,000 | R--D | M] -- C:\Program Files\Norton Support
[2009/07/15 09:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2008/11/26 14:22:41 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 10:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/11/26 14:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2009/10/26 15:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/17 10:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\RDS
[2008/11/26 14:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/07/28 10:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\RedX
[2008/11/26 14:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/20 07:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/11/26 14:29:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/04 12:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/03/04 12:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/11/26 14:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/26 14:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/15 09:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/26 14:24:06 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/11/26 14:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2008/11/26 06:17:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:disk.sys
[2008/04/14 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:usbstor.sys
[2008/04/14 04:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-10 17:08:14

< End of report >

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Mon Nov 14, 2011 11:15 pm

OTL Extras logfile created on: 11/14/2011 2:51:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 479.07 Mb Available Physical Memory | 47.19% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 118.71 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Computer Name: YOUR-235B2CE4A2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1370:TCP" = 1370:TCP:*:Enabled:1370
"1370:UDP" = 1370:UDP:*:Enabled:1370
"1369:TCP" = 1369:TCP:*:Enabled:1369
"1369:UDP" = 1369:UDP:*:Enabled:1369
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Encompass\EncompassServer.exe" = C:\Program Files\Encompass\EncompassServer.exe:LocalSubNet:Enabled:Encompass Server -- (Ellie Mae, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EMMSDE)
"{2D1421F3-0E2C-4989-A146-64090A48701F}" = Encompass
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{387D6CC5-6D6C-4BA0-8EAF-955813BFC5D8}" = ScanRouter V2 Lite
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6100998A-C99C-4F91-93FC-3485243A030D}" = Encompass Installation Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD SE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}" = Point 7.2
"{E6B4F1D6-A245-4A78-BB91-A34905DD6551}" = RolEDX Advantage
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AT&T Connect Participant" = AT&T Connect Participant
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"N360" = Norton 360
"OUTLOOKR" = Microsoft Office Outlook 2007
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2011 7:39:58 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Error | ID = 1000
Description = Faulting application winpoint.exe, version 7.2.1146.1029, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/10/2011 4:19:52 PM | Computer Name = YOUR-235B2CE4A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application winpoint.exe, version 7.2.1146.1029, stamp 4aea7833,
faulting module mscorwks.dll, version 2.0.50727.3625, stamp 4e154c98, debug? 0,
fault address 0x000b0dce.

Error - 11/10/2011 8:08:31 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 8:54:04 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL(3).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:03:13 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL(3).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:04:12 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:07:11 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:09:48 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:10:16 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:10:19 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/10/2011 3:38:56 PM | Computer Name = YOUR-235B2CE4A2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 11/10/2011 8:10:43 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 11/10/2011 8:11:13 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 11/10/2011 8:12:12 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 11/10/2011 8:13:32 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/10/2011 8:14:04 PM | Computer Name = YOUR-235B2CE4A2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 11/10/2011 8:15:37 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/10/2011 8:15:37 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/14/2011 1:00:52 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/14/2011 1:01:28 PM | Computer Name = YOUR-235B2CE4A2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3


< End of report >

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Tue Nov 15, 2011 12:57 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


If your files are still not showing up, Please run:

  • Please download and run [You must be registered and logged in to see this link.] by Grinler.
  • Once finished let me know if they are back?


You need to update JAVA and adobe :
Go into control panel >>remove a program to uninstall the old version 6 Update17 then:
Install Java 6 Update29 [You must be registered and logged in to see this link.]

Uninstall Adobe 9.4.6 by going into the control panel >>remove program
Install Adobe X [You must be registered and logged in to see this link.]
Uncheck the McAfee scan box, download and allow the install.

How is the machine running now? Any more problems?


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Wed Nov 16, 2011 12:34 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80be0464808cc04a939f6be98b6af2fd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-16 12:32:34
# local_time=2011-11-15 04:32:34 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777173 100 100 2128873 69548350 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78931
# found=0
# cleaned=0
# scan_time=4049

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Thu Nov 17, 2011 10:01 pm

Files still didn't show up ...

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Fri Nov 18, 2011 12:20 am

Thanks for posting the ESET results.




Did you update JAVA and Adobe ?

Also, are there any remaining issues?


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Fri Nov 18, 2011 1:31 am

yes i did install the updates. there are no other issues besides my files being gone/deleted

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Fri Nov 18, 2011 10:52 am

Hello again
Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Fri Nov 18, 2011 6:24 pm

ComboFix 11-11-18.02 - HP_Administrator 11/18/2011 10:10:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.483 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\commy.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\PostBuild.exe
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-16 23:17 . 2011-11-16 23:17 -------- d-----w- c:\program files\Common Files\Java
2011-11-16 23:16 . 2011-10-03 13:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-16 23:16 . 2011-10-03 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 23:21 . 2011-11-15 23:21 -------- d-----w- c:\program files\ESET
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-10 23:43 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 20:06 . 2011-11-08 20:06 -------- d-----w- c:\program files\DocMagic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-11-26 22:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:37 . 2009-11-16 23:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-11-26 21:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-11-26 21:10 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2007-10-09 21:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2008-11-26 21:10 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-22 00:40 . 2011-10-11 16:04 48760 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symndisv.sys
2011-09-22 00:40 . 2011-10-11 16:04 217464 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symtdi.sys
2011-09-22 00:40 . 2011-10-11 16:03 36472 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symndis.sys
2011-09-22 00:40 . 2011-10-11 16:03 89976 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symfw.sys
2011-09-22 00:40 . 2011-10-11 16:03 33144 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symids.sys
2011-09-22 00:40 . 2011-10-11 16:03 467592 ----a-w- c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys
2011-09-06 13:20 . 2008-11-26 21:10 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-11-26 21:10 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-11-26 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-11-26 21:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-11-26 21:10 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-26 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Push Client.LNK - c:\program files\interwise\participant\pull.exe [2009-11-23 886000]
Start Delivery Services.lnk - c:\program files\RDS\DdsLaunch.exe [2009-7-17 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 23:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1370:TCP"= 1370:TCP:1370
"1370:UDP"= 1370:UDP:1370
"1369:TCP"= 1369:TCP:1369
"1369:UDP"= 1369:UDP:1369
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/11/2011 8:03 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/11/2011 8:03 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/11/2011 8:03 AM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111117.030\IDSXpx86.sys [11/17/2011 4:20 PM 356280]
R2 DdsSched;Dds Scheduler Deamon;c:\program files\RDS\DdsSchedNT.exe [7/17/2009 10:20 AM 36864]
R2 EncompassServer;EncompassServer;c:\program files\Encompass\EncompassServer.exe [5/29/2008 3:27 PM 36864]
R2 MSSQL$EMMSDE;SQL Server (EMMSDE);c:\program files\Microsoft SQL Server\EMMSDE\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [10/11/2011 8:02 AM 117648]
R2 RsiSvc;Ridoc Server Information Service;c:\program files\RDS\RsiSvc.exe [7/17/2009 10:20 AM 65536]
R2 ScanRouterDriverV2;ScanRouterDriverV2;c:\program files\RDS\SrScanDr.exe [7/17/2009 10:20 AM 178688]
R2 SOption;SOption;c:\program files\RDS\SOption.exe [7/17/2009 10:20 AM 98304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 9:12 AM 106104]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 2:34 PM 207872]
S2 DML Service;DML Service;c:\documents and settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe [2/1/2010 2:11 PM 297120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:39 AM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:39 AM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:39]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
Trusted Zone: docmagic.com\www
Trusted Zone: mrmlsmatrix.com
Trusted Zone: safemls.net
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zsvxsg3j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Move Media Player: [You must be registered and logged in to see this link.] - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-18 10:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-11-18 10:21:30
ComboFix-quarantined-files.txt 2011-11-18 18:21
.
Pre-Run: 128,724,328,448 bytes free
Post-Run: 128,887,738,368 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5E193A564A6222D185D553C9B900AA6B

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Sat Nov 19, 2011 1:27 am

You will need to enable hidden files and folders by doing the following:
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


*Double-click SystemLook.exe to run it.

*Copy the content of the following codebox into the main textfield:

Code:
:dir
%Temp%\smtmp /s

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Mon Nov 21, 2011 11:36 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:35 on 21/11/2011 by HP_Administrator
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\smtmp - Unable to find folder.

-= EOF =-

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Sat Nov 26, 2011 5:39 pm

Let's see if this program will find the files.


  • Please download and run [You must be registered and logged in to see this link.] by Grinler.
  • Once finished let me know if are back?


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Mon Nov 28, 2011 7:55 pm

it didn't work the files aren't back

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Wed Nov 30, 2011 12:45 am

I've been running searches on the computer and looking up the old folders that were on the desktop before they disappeared and they all show up when I run a search. I just can't access them since they are all "short cuts" that were located on the desktop. I don't know if this info helps at all...

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Wed Nov 30, 2011 10:31 pm

Hello,

and old files in a backup folder were all deleted.
Did you use a temp cleaner just before loosing the folders?


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by cwiesner on Wed Nov 30, 2011 10:58 pm

Not that I know of, unless a temp cleaner was automatically ran when I downloaded the new version of a document viewer required for the program docmagic

cwiesner
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-11-09
OS OS : windows vista
Points Points : 18688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Don't know what happened...files got deleted

Post by houndmom on Thu Dec 01, 2011 12:07 am

Let me know if this program finds the folders

Recover Lost Files using Recuva:


Download and install Recuva from [You must be registered and logged in to see this link.]
Run Recuva and in the wizard that pops up, click Next and then click the radio button next to Other and click Next
Leave the I'm not sure button selected and click Next
Click the Start button
After a few moments it should show you the results
Click on Advanced Mode and click Options...
Under Interface click the drop down menu next to View mode and select Tree View
Click the + next to C:\ and click the + next to Users
Check the box next to each user that you wish to restore
Do the same for ProgramData as it may have been removed as well (though it likely was not)



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29747
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum