Thread: HJT checkup
View Single Post
Old 02-19-2007, 07:38 PM   #6 (permalink)
Sledesma1
Registered User
 
Join Date: Aug 2005
Posts: 47
OS: WinXP Sp3


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:37:52 PM 2/19/2007

+ Scan result:



C:\Documents and Settings\HP_Administrator\My Documents\Mugen Ultimate Collection\Misc MUGEN files\gca_v09k.exe -> Trojan.Regspy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0001406.exe -> Trojan.Regspy : Cleaned with backup (quarantined).


::Report end

Incident Status Location

Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL

ComboScan v20070212.14 run by HP_Administrator on 2007-02-19 at 20:20:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as HP_Administrator.com) ---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:21:08 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YME6L0KY\comboscan[1].exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~nemaphw.tmp\HP_Administrator.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com...prodid=nav2005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F77D10-3691-4DDF-A282-1D839BEDB538}: NameServer = 68.87.72.130,68.87.77.130
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1 AmdK8 (AMD Processor Driver) - system32\DRIVERS\AmdK8.sys
3 aracpi - system32\DRIVERS\aracpi.sys
3 arhidfltr (MS Ar HID Filter Driver) - system32\DRIVERS\arhidfltr.sys
3 arkbcfltr (Microsoft PS2 Keyboard Filter) - system32\DRIVERS\arkbcfltr.sys
3 armoucfltr (Microsoft PS2 Mouse Filter) - system32\DRIVERS\armoucfltr.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
3 ARPolicy - system32\DRIVERS\arpolicy.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
0 bb-run (Promise driver accelerator) - system32\DRIVERS\bb-run.sys
3 bdfdll - \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
3 BDFSDRV - \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
2 BDRSDRV - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
0 ftsata2 - system32\DRIVERS\ftsata2.sys
0 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - system32\DRIVERS\gagp30kx.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HSFHWBS2 - system32\DRIVERS\HSFHWBS2.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
0 iaStor (Intel RAID Controller) - system32\DRIVERS\iaStor.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 MHNDRV (MHN driver) - system32\DRIVERS\mhndrv.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
3 Ps2 - system32\DRIVERS\PS2.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - system32\DRIVERS\Rtlnicxp.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - system32\DRIVERS\sisnic.sys
0 sptd - System32\Drivers\sptd.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - system32\DRIVERS\usbohci.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
0 ViaIde - system32\DRIVERS\viaide.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 ARSVC - C:\WINDOWS\arservice.exe
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 bdss (BitDefender Scan Server) - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2 ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
3 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 LIVESRV (BitDefender Desktop Update Service) - "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
0 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 VSSERV (BitDefender Virus Shield) - "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
2 XCOMM (BitDefender Communicator) - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service


-- Scheduled Tasks --------------------------------------------------------------

2007-02-15 20:30:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-19 and 2007-02-19 ------------------------------

2007-02-19 18:44:45 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-19 18:44:43 0 d-------- C:\WINDOWS\LastGood
2007-02-19 14:40:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-18 23:13:27 0 d-------- C:\Program Files\CCleaner
2007-02-18 23:09:54 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-18 23:09:46 0 d-------- C:\Program Files\Grisoft
2007-02-13 15:56:57 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-13 15:52:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2007-02-13 15:52:21 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech<LEADER~1>
2007-02-13 15:50:12 0 d-------- C:\Program Files\Greetings Workshop<GREETI~1>
2007-02-09 16:52:34 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-02-07 20:56:10 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-02-07 20:17:32 0 d-------- C:\Program Files\TurboTax
2007-02-07 20:17:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield<INSTAL~1>
2007-02-06 19:46:17 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender<BITDEF~1>
2007-02-06 19:32:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender<BITDEF~1>
2007-02-06 19:21:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-06 19:12:15 0 d-------- C:\Hijack Log<HIJACK~1>
2007-02-05 22:49:13 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2007-02-05 22:47:59 0 d-------- C:\Program Files\VideoLAN
2007-02-05 21:42:16 0 d-------- C:\WINDOWS\Sun
2007-02-05 21:42:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2007-02-05 18:35:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2007-02-05 18:29:08 0 d-------- C:\temp
2007-02-05 18:22:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2007-02-05 16:55:42 0 d--hs---- C:\RECYCLER
2007-02-05 16:55:22 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-02-03 23:16:24 0 d-------- C:\Boot
2007-02-03 19:02:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-03 18:39:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-02 23:00:56 0 d-------- C:\Program Files\OpenSource Flash Video Splitter<OPENSO~1>
2007-02-02 22:11:52 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2007-02-02 22:08:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2007-02-02 21:49:03 0 d-------- C:\Program Files\Trillian
2007-02-02 20:51:13 2560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-02 20:51:13 2432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-02 20:51:12 129784 --a------ C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-02 20:50:59 0 d-------- C:\Program Files\DivX
2007-02-02 19:27:21 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-02 19:26:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-02 19:20:59 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-02 19:17:53 0 d--hs---- C:\Documents and Settings\HP_Administrator\UserData
2007-02-02 19:12:28 0 d-------- C:\WINDOWS\WBEM
2007-02-02 19:12:27 0 d-------- C:\WINDOWS\system32\en-US
2007-02-02 19:11:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-02-02 19:11:18 0 d-------- C:\Program Files\uTorrent
2007-02-02 19:11:16 0 d--h---c- C:\WINDOWS\ie7
2007-02-02 19:10:22 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-02 19:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-02 19:07:49 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-02 19:07:47 0 d-------- C:\46be12e08c1c346fe4b659c421d678<46BE12~1>
2007-02-02 18:55:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2007-02-02 18:55:42 0 d-------- C:\Program Files\Lavasoft
2007-02-02 18:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer<APPLEC~1>
2007-02-02 18:35:00 0 d-------- C:\Program Files\iPod
2007-02-02 18:34:57 0 d-------- C:\Program Files\iTunes
2007-02-02 18:34:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-02 18:34:17 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-02 18:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-02 18:16:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2007-02-02 18:16:26 308 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-02-02 17:44:24 1168 --a------ C:\WINDOWS\mozver.dat
2007-02-02 17:42:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-02 17:41:55 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-02 17:13:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-02 14:46:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InterVideo<INTERV~1>
2007-02-02 14:41:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-02-02 14:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 14:37:25 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2007-02-02 14:37:25 2621440 --ah----- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2007-02-02 14:37:08 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Intuit
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 13:17:20 0 d--h----- C:\WINDOWS\PIF
2007-02-02 12:57:36 0 d-------- C:\WINDOWS\Prefetch
2007-02-02 12:56:42 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2007-02-02 12:43:59 0 dr-hs---- C:\cmdcons
2007-02-02 12:43:58 0 d-------- C:\WINDOWS\setup.pss
2007-02-02 12:43:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-02 12:43:45 0 d-------- C:\WINDOWS\setupupd
2007-02-02 11:44:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-02 11:33:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-02-02 11:32:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-02 11:29:36 0 d-------- C:\Program Files\Google
2007-02-02 11:25:04 0 d-------- C:\Program Files\PC-Doctor for DOS<PC-DOC~2>
2007-02-02 11:24:59 22396 --a------ C:\WINDOWS\system32\drivers\USBkey.sys<Unsigned: n/a>
2007-02-02 11:24:59 13440 --a------ C:\WINDOWS\system32\drivers\pcdrndisuio.sys<PCDRND~1.SYS><Unsigned: Windows (R) 2000 DDK provider>
2007-02-02 11:24:41 0 d-------- C:\Program Files\PC-Doctor 5 for Windows<PC-DOC~1>
2007-02-02 11:22:03 0 d-------- C:\WINDOWS\HPCPCUninstall-9972322<HPCPCU~1>
2007-02-02 11:21:52 0 d-------- C:\Program Files\Updates from HP<UPDATE~1>
2007-02-02 11:21:28 0 d-a------ C:\WINDOWS\system32\pcintro
2007-02-02 11:21:08 36864 --a------ C:\WINDOWS\system32\fpalsu.dll<Unsigned: Hewlett-Packard Company>
2007-02-02 11:21:08 14314 --a------ C:\WINDOWS\system32\CHODDI.SYS<Unsigned: n/a>
2007-02-02 11:21:06 40960 --a------ C:\WINDOWS\system32\omano.dll<Unsigned: Hewlett-Packard>
2007-02-02 11:21:03 45056 --a------ C:\WINDOWS\system32\hpreg.dll<Unsigned: n/a>
2007-02-02 11:18:21 1613824 --a------ C:\WINDOWS\system32\cdintf250.dll<CDINTF~1.DLL><Unsigned: Amyuni Technologies>
2007-02-02 11:18:13 0 d-------- C:\Program Files\Common Files\Palo Alto Software<PALOAL~1>
2007-02-02 11:18:09 0 d-------- C:\Program Files\Common Files\Intuit
2007-02-02 11:18:06 0 d-------- C:\Program Files\Quicken
2007-02-02 11:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-02-02 11:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-02-02 11:17:50 0 d-a------ C:\Program Files\TurboTax Online<TURBOT~1>
2007-02-02 11:17:36 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-02 11:17:36 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-02 11:16:46 0 d-------- C:\Program Files\Common Files\muvee Technologies<MUVEET~1>
2007-02-02 11:16:45 0 d-------- C:\Program Files\muvee Technologies<MUVEET~1>
2007-02-02 11:15:39 266240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll<SHELLV~2.DLL><Unsigned: XSS>
2007-02-02 11:15:39 237568 --a------ C:\WINDOWS\system32\ShellvRTF.dll<SHELLV~1.DLL><Unsigned: XSS>
2007-02-02 11:15:38 0 d-------- C:\WINDOWS\CREATOR
2007-02-02 11:15:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-02-02 11:14:47 17920 --a------ C:\WINDOWS\system32\mdimon.dll<Unsigned: Microsoft Corporation>
2007-02-02 11:14:10 0 d-------- C:\Program Files\Common Files\L&H
2007-02-02 11:14:05 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-02 11:13:48 0 d-------- C:\WINDOWS\SHELLNEW
2007-02-02 11:13:41 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-02 11:13:26 0 dr-h----- C:\MSOCache
2007-02-02 11:12:48 0 d-------- C:\Program Files\Microsoft Works<MICROS~3>
2007-02-02 11:11:48 0 d-------- C:\Program Files\Microsoft Money 2005<MICROS~2>
2007-02-02 11:11:31 0 d-a------ C:\Program Files\IntelliMoverDemo<INTELL~1>
2007-02-02 11:11:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-02 11:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-02 11:10:20 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll<IV828C~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll<IV760B~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll<IVIRES~4.DLL><Unsigned: n/a>
2007-02-02 11:10:20 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll<IVIRES~3.DLL><Unsigned: n/a>
2007-02-02 11:10:20 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll<IVIRES~2.DLL><Unsigned: n/a>
2007-02-02 11:10:20 20480 --a------ C:\WINDOWS\system32\IVIresize.dll<IVIRES~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-02-02 11:10:13 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-02-02 11:09:59 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-02 11:09:28 0 d-a------ C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-02-02 11:08:51 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-02 11:08:37 0 d-------- C:\Program Files\Common Files\TiVo Shared<TIVOSH~1>
2007-02-02 11:04:57 0 d-------- C:\Program Files\WildTangent<WILDTA~1>
2007-02-02 11:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-02-02 11:04:20 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-02-02 11:04:16 0 d-------- C:\Program Files\Sonic
2007-02-02 11:03:29 45929 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE><Unsigned: n/a>
2007-02-02 11:03:16 0 d-------- C:\Program Files\Netscape
2007-02-02 11:03:09 0 d-------- C:\Program Files\Rhapsody
2007-02-02 11:02:57 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-02 11:02:51 0 d-------- C:\Program Files\Real
2007-02-02 11:02:50 0 d-------- C:\Program Files\Common Files\Real
2007-02-02 11:02:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-02-02 11:02:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 11:02:10 0 d-------- C:\Program Files\MSN Encarta Standard<MSNENC~1>
2007-02-02 11:00:11 90112 --a------ C:\WINDOWS\system32\ps2.EXE<Signed: Hewlett-Packard Company>
2007-02-02 11:00:05 90112 --a------ C:\WINDOWS\system32\ps2.bat
2007-02-02 11:00:05 19072 --a------ C:\WINDOWS\system32\drivers\PS2.sys<Signed: Hewlett-Packard Company>
2007-02-02 10:58:10 4011 --a------ C:\WINDOWS\hphmdl08.dat
2007-02-02 10:58:10 80417 --a------ C:\WINDOWS\HPHins08.dat
2007-02-02 10:57:13 0 --a------ C:\WINDOWS\hpimdl01.dat
2007-02-02 10:57:13 72881 --a------ C:\WINDOWS\hpiins01.dat
2007-02-02 10:55:49 21124 --a------ C:\WINDOWS\hpomdl07.dat
2007-02-02 10:55:49 112873 --a------ C:\WINDOWS\hpoins07.dat
2007-02-02 10:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-02-02 10:55:00 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-02 10:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-02-02 10:54:37 0 d-------- C:\Program Files\Common Files\HP
2007-02-02 10:53:18 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-02 10:53:05 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll<Signed: HP>
2007-02-02 10:53:05 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll<Signed: HP>
2007-02-02 10:53:05 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll<Signed: HP>
2007-02-02 10:53:05 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe<Signed: HP>
2007-02-02 10:53:05 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe<Signed: HP>
2007-02-02 10:53:05 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll<Signed: HP>
2007-02-02 10:52:45 0 d-------- C:\Program Files\HP
2007-02-02 10:52:41 5389 --a------ C:\WINDOWS\hpomdl06.dat
2007-02-02 10:52:41 88403 --a------ C:\WINDOWS\hpoins06.dat
2007-02-02 10:51:46 0 d-------- C:\WINDOWS\system32\FxsTmp
2007-02-02 10:51:05 0 d-------- C:\Program Files\CONEXANT
2007-02-02 10:49:00 36352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys<Signed: Advanced Micro Devices>
2007-02-02 10:48:48 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll<Signed: Conexant>
2007-02-02 10:48:48 39018 --a------ C:\WINDOWS\system32\hsfci012.dll<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 13059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys<Signed: Conexant>
2007-02-02 10:48:48 220928 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 1038208 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 703232 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:31 74496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys<Signed: Realtek Semiconductor Corporation >
2007-02-02 10:48:16 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-02 10:48:16 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-02 10:48:13 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-02 10:48:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-02 10:47:50 599552 --a------ C:\WINDOWS\system32\ativvaxx.dll<Signed: ATI Technologies Inc. >
2007-02-02 10:47:50 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:50 17408 --a------ C:\WINDOWS\system32\atitvo32.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:50 106496 --a------ C:\WINDOWS\system32\atipdlxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:50 4718592 --a------ C:\WINDOWS\system32\atioglxx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 1313792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 40960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 147456 --a------ C:\WINDOWS\system32\atikvmag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 104361 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-02 10:47:49 258048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 2408800 --a------ C:\WINDOWS\system32\ati3duag.dll<Signed: ATI Technologies Inc. >
2007-02-02 10:47:49 25088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:49 376832 --a------ C:\WINDOWS\system32\ati2evxx.exe<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 46080 --a------ C:\WINDOWS\system32\ati2evxx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 39936 --a------ C:\WINDOWS\system32\ati2edxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:49 238592 --a------ C:\WINDOWS\system32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 233472 --a------ C:\WINDOWS\system32\ati2cqag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:43:47 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-02 10:42:50 52736 --a------ C:\WINDOWS\system\hpsysdrv.exe<Unsigned: Hewlett-Packard Company>
2007-02-02 10:40:49 786944 --a------ C:\WINDOWS\system32\RDBios32.dll<Unsigned: Hewlett Packard>
2007-02-02 10:40:49 532480 --a------ C:\WINDOWS\system32\cPC_DMIRD.dll<CPC_DM~1.DLL><Unsigned: Hewlett Packard>
2007-02-02 10:40:10 0 d-------- C:\Program Files\Java
2007-02-02 10:40:10 0 d-------- C:\Program Files\Common Files\Java
2007-02-02 10:38:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SBSI
2007-02-02 10:37:05 306688 --a------ C:\WINDOWS\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-02 10:35:40 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-02 10:33:24 0 d-------- C:\Program Files\GemMaster<GEMMAS~1>
2007-02-02 10:31:20 0 d-------- C:\WINDOWS\system32\URTTemp
2007-02-02 10:29:18 40832 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys<Signed: Creative Technology Ltd.>
2007-02-02 10:27:00 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-02 09:22:38 0 d-------- C:\WINDOWS\I386
2007-02-02 09:20:40 0 d-------- C:\Program Files<PROGRA~1>
2007-02-02 09:20:38 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-02 09:04:58 0 dr--s---- C:\WINDOWS\assembly
2007-02-02 09:04:56 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-02 09:04:42 0 dr-hs---- C:\WINDOWS\system32\dllcache
2007-02-01 22:55:51 707 --a------ C:\WINDOWS\_default.pif
2007-02-01 22:55:15 13312 --a------ C:\WINDOWS\system32\win87em.dll<Signed: n/a>
2007-02-01 22:55:14 18432 --a------ C:\WINDOWS\system32\win.com
2007-02-01 22:55:06 1129 --a------ C:\WINDOWS\system32\vwipxspx.exe<Signed: n/a>
2007-02-01 22:55:03 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-01 22:54:58 25600 --a------ C:\WINDOWS\twunk_32.exe<Signed: Twain Working Group>
2007-02-01 22:54:58 49680 --a------ C:\WINDOWS\twunk_16.exe<Signed: Twain Working Group>
2007-02-01 22:54:58 50688 --a------ C:\WINDOWS\twain_32.dll<Signed: Twain Working Group>
2007-02-01 22:54:58 94784 --a------ C:\WINDOWS\twain.dll<Signed: Twain Working Group>
2007-02-01 22:54:58 15360 --a------ C:\WINDOWS\system32\tsd32.dll<Signed: n/a>
2007-02-01 22:54:57 11264 --a------ C:\WINDOWS\system32\tree.com
2007-02-01 22:52:55 679936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-02-01 22:52:55 14336 --a------ C:\WINDOWS\system32\ssstars.scr
2007-02-01 22:52:55 610304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-02-01 22:52:55 18944 --a------ C:\WINDOWS\system32\ssmyst.scr
2007-02-01 22:52:55 47104 --a------ C:\WINDOWS\system32\ssmypics.scr
2007-02-01 22:52:55 20992 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-02-01 22:52:55 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-02-01 22:52:54 19968 --a------ C:\WINDOWS\system32\ssbezier.scr
2007-02-01 22:52:54 704512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-02-01 22:52:52 24661 --a------ C:\WINDOWS\system32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-01 22:52:27 14848 --a------ C:\WINDOWS\system32\slbrccsp.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:27 98304 --a------ C:\WINDOWS\system32\slbiop.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:27 306176 --a------ C:\WINDOWS\system32\slbcsp.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:23 882 --a------ C:\WINDOWS\system32\share.exe<Signed: n/a>
2007-02-01 22:52:22 11753 --a------ C:\WINDOWS\system32\setver.exe<Signed: n/a>
2007-02-01 22:52:20 27440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys<Signed: n/a>
2007-02-01 22:52:19 9216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-02-01 22:52:19 10240 --a------ C:\WINDOWS\system32\scriptpw.dll<Signed: n/a>
2007-02-01 22:52:18 291840 --a------ C:\WINDOWS\system32\sbe.dll<Signed: n/a>
2007-02-01 22:52:15 49152 --a------ C:\WINDOWS\system32\rsm.exe<Signed: Microsoft Corp>
2007-02-01 22:52:12 397824 --a------ C:\WINDOWS\system32\regwizc.dll<Signed: Microsoft>
2007-02-01 22:52:12 4608 --a------ C:\WINDOWS\system32\regwiz.exe<Signed: Microsoft>
2007-02-01 22:52:11 3338 --a------ C:\WINDOWS\system32\redir.exe<Signed: n/a>
2007-02-01 22:52:08 1287680 --a------ C:\WINDOWS\system32\quartz.dll<Signed: n/a>
2007-02-01 22:52:07 733696 --a------ C:\WINDOWS\system32\qedwipes.dll<Signed: n/a>
2007-02-01 22:52:06 562176 --a------ C:\WINDOWS\system32\qedit.dll<Signed: n/a>
2007-02-01 22:52:06 385024 --a------ C:\WINDOWS\system32\qdvd.dll<Signed: n/a>
2007-02-01 22:52:06 279040 --a------ C:\WINDOWS\system32\qdv.dll<Signed: n/a>
2007-02-01 22:52:06 192512 --a------ C:\WINDOWS\system32\qcap.dll<Signed: n/a>
2007-02-01 22:52:06 3708 --a------ C:\WINDOWS\system32\pubprn.vbs
2007-02-01 22:52:06 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys<Signed: Parallel Technologies, Inc.>
2007-02-01 22:51:53 15860 --a------ C:\WINDOWS\system32\prnqctl.vbs
2007-02-01 22:51:53 29454 --a------ C:\WINDOWS\system32\prnport.vbs
2007-02-01 22:51:53 32546 --a------ C:\WINDOWS\system32\prnmngr.vbs
2007-02-01 22:51:53 21527 --a------ C:\WINDOWS\system32\prnjobs.vbs
2007-02-01 22:51:53 25415 --a------ C:\WINDOWS\system32\prndrvr.vbs
2007-02-01 22:51:53 35755 --a------ C:\WINDOWS\system32\prncnfg.vbs
2007-02-01 22:51:51 272128 --a------ C:\WINDOWS\system32\perfi009.dat
2007-02-01 22:51:51 28626 --a------ C:\WINDOWS\system32\perfd009.dat
2007-02-01 22:51:43 4490 --a------ C:\WINDOWS\system32\oembios.dat
2007-02-01 22:51:28 3252 --a------ C:\WINDOWS\system32\nw16.exe<Signed: n/a>
2007-02-01 22:51:22 34560 --a------ C:\WINDOWS\system32\ntio804.sys<Signed: n/a>
2007-02-01 22:51:22 35424 --a------ C:\WINDOWS\system32\ntio412.sys<Signed: n/a>
2007-02-01 22:51:22 35648 --a------ C:\WINDOWS\system32\ntio411.sys<Signed: n/a>
2007-02-01 22:51:22 34560 --a------ C:\WINDOWS\system32\ntio404.sys<Signed: n/a>
2007-02-01 22:51:22 33840 --a------ C:\WINDOWS\system32\ntio.sys<Signed: n/a>
2007-02-01 22:51:21 29146 --a------ C:\WINDOWS\system32\ntdos804.sys<Signed: n/a>
2007-02-01 22:51:21 29274 --a------ C:\WINDOWS\system32\ntdos412.sys<Signed: n/a>
2007-02-01 22:51:21 29370 --a------ C:\WINDOWS\system32\ntdos411.sys<Signed: n/a>
2007-02-01 22:51:21 29146 --a------ C:\WINDOWS\system32\ntdos404.sys<Signed: n/a>
2007-02-01 22:51:21 27866 --a------ C:\WINDOWS\system32\ntdos.sys<Signed: n/a>
2007-02-01 22:51:17 741 --a------ C:\WINDOWS\system32\noise.dat
2007-02-01 22:51:17 7052 --a------ C:\WINDOWS\system32\nlsfunc.exe<Signed: n/a>
2007-02-01 22:50:35 94282 --a------ C:\WINDOWS\system32\msencode.dll<Signed: n/a>
2007-02-01 22:50:34 4126 --a------ C:\WINDOWS\system32\msdxmlc.dll<Signed: n/a>
2007-02-01 22:50:34 14336 --a------ C:\WINDOWS\system32\msdmo.dll<Signed: n/a>
2007-02-01 22:50:33 817 --a------ C:\WINDOWS\system32\mscdexnt.exe<Signed: n/a>
2007-02-01 22:50:25 15872 --a------ C:\WINDOWS\system32\more.com
2007-02-01 22:50:24 19456 --a------ C:\WINDOWS\system32\mode.com
2007-02-01 22:50:22 673088 --a------ C:\WINDOWS\system32\mlang.dat
2007-02-01 22:50:17 39274 --a------ C:\WINDOWS\system32\mem.exe<Signed: n/a>
2007-02-01 22:50:15 35328 --a------ C:\WINDOWS\system32\mciqtz32.dll<Signed: n/a>
2007-02-01 22:50:12 220672 --a------ C:\WINDOWS\system32\logon.scr
2007-02-01 22:50:12 487 --a------ C:\WINDOWS\system32\login.cmd
2007-02-01 22:50:11 1131 --a------ C:\WINDOWS\system32\loadfix.com
2007-02-01 22:50:08 42537 --a------ C:\WINDOWS\system32\keyboard.sys<Signed: n/a>
2007-02-01 22:50:08 42809 --a------ C:\WINDOWS\system32\key01.sys<Signed: n/a>
2007-02-01 22:50:07 14710 --a------ C:\WINDOWS\system32\kb16.com
2007-02-01 22:50:06 65536 --a------ C:\WINDOWS\system32\jgsh400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 45568 --a------ C:\WINDOWS\system32\jgsd400.dll<Signed: America Online>
2007-02-01 22:50:06 35840 --a------ C:\WINDOWS\system32\jgmd400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 44544 --a------ C:\WINDOWS\system32\jgaw400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll<Signed: Intel Corporation>
2007-02-01 22:50:05 183808 --a------ C:\WINDOWS\system32\ir50_qcx.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 200192 --a------ C:\WINDOWS\system32\ir50_qc.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 755200 --a------ C:\WINDOWS\system32\ir50_32.dll<Signed: Intel Corporation>
2007-02-01 22:50:05 338432 --a------ C:\WINDOWS\system32\ir41_qcx.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 120320 --a------ C:\WINDOWS\system32\ir41_qc.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 199168 --a------ C:\WINDOWS\system32\ir32_32.dll<Signed: n/a>
2007-02-01 22:49:54 80384 --a------ C:\WINDOWS\system32\iccvid.dll<Signed: Radius Inc.>
2007-02-01 22:49:54 347136 --a------ C:\WINDOWS\system32\hypertrm.dll<Signed: Hilgraeve, Inc.>
2007-02-01 22:49:53 44544 --a------ C:\WINDOWS\system32\hticons.dll<Signed: Hilgraeve, Inc.>
2007-02-01 22:49:49 4768 --a------ C:\WINDOWS\system32\himem.sys<Signed: n/a>
2007-02-01 22:49:46 19694 --a------ C:\WINDOWS\system32\graphics.com
2007-02-01 22:49:46 26112 --a------ C:\WINDOWS\system32\graftabl.com
2007-02-01 22:49:15 25600 --a------ C:\WINDOWS\system32\format.com
2007-02-01 22:49:14 882 --a------ C:\WINDOWS\system32\fastopen.exe<Signed: n/a>
2007-02-01 22:49:11 8424 --a------ C:\WINDOWS\system32\exe2bin.exe<Signed: n/a>
2007-02-01 22:49:10 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll<Signed: Equinox Systems Inc.>
2007-02-01 22:49:09 456192 --a------ C:\WINDOWS\system32\encdec.dll<Signed: n/a>
2007-02-01 22:49:09 12642 --a------ C:\WINDOWS\system32\edlin.exe<Signed: n/a>
2007-02-01 22:49:09 69886 --a------ C:\WINDOWS\system32\edit.com
2007-02-01 22:49:08 498742 --a------ C:\WINDOWS\system32\dxmasf.dll<Signed: n/a>
2007-02-01 22:49:06 218003 --a------ C:\WINDOWS\system32\dssec.dat
2007-02-01 22:48:08 53840 --a------ C:\WINDOWS\system32\dosx.exe<Signed: n/a>
2007-02-01 22:48:08 23552 --a------ C:\WINDOWS\system32\dmserver.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys<Signed: Microsoft Corp., Veritas Software.>
2007-02-01 22:48:07 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 15872 --a------ C:\WINDOWS\system32\dmremote.exe<Signed: Microsoft Corp.>
2007-02-01 22:48:07 18432 --a------ C:\WINDOWS\system32\dmintf.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 118784 --a------ C:\WINDOWS\system32\dmdskres.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 200704 --a------ C:\WINDOWS\system32\dmdskmgr.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 273920 --a------ C:\WINDOWS\system32\dmdlgs.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 330752 --a------ C:\WINDOWS\system32\dmconfig.dll<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 224768 --a------ C:\WINDOWS\system32\dmadmin.exe<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:03 7168 --a------ C:\WINDOWS\system32\diskcopy.com
2007-02-01 22:48:03 9216 --a------ C:\WINDOWS\system32\diskcomp.com
2007-02-01 22:48:01 85020 --a------ C:\WINDOWS\system32\dgsetup.dll<Signed: Digi International>
2007-02-01 22:48:01 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll<Signed: Digi International, Inc.>
2007-02-01 22:48:01 111104 --a------ C:\WINDOWS\system32\dgnet.dll<Signed: Microsoft>
2007-02-01 22:48:01 123904 --a------ C:\WINDOWS\system32\dfrgui.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 38912 --a------ C:\WINDOWS\system32\dfrgsnap.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 51200 --a------ C:\WINDOWS\system32\dfrgres.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:00 59904 --a------ C:\WINDOWS\system32\devenum.dll<Signed: n/a>
2007-02-01 22:48:00 25088 --a------ C:\WINDOWS\system32\defrag.exe<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:00 20634 --a------ C:\WINDOWS\system32\debug.exe<Signed: n/a>
2007-02-01 22:47:52 27097 --a------ C:\WINDOWS\system32\country.sys<Signed: n/a>
2007-02-01 22:47:49 252928 --a------ C:\WINDOWS\system32\compatUI.dll<Signed: n/a>
2007-02-01 22:47:49 50620 --a------ C:\WINDOWS\system32\command.com
2007-02-01 22:47:45 7680 --a------ C:\WINDOWS\system32\chcp.com
2007-02-01 22:47:36 30208 --a------ C:\WINDOWS\system32\atmlib.dll<Signed: Adobe Systems>
2007-02-01 22:47:36 285696 --a------ C:\WINDOWS\system32\atmfd.dll<Signed: Adobe Systems Incorporated>
2007-02-01 22:47:36 32256 --a------ C:\WINDOWS\system32\asr_ldm.exe<Signed: Microsoft Corp.>
2007-02-01 22:47:19 12498 --a------ C:\WINDOWS\system32\append.exe<Signed: n/a>
2007-02-01 22:47:19 9029 --a------ C:\WINDOWS\system32\ansi.sys<Signed: n/a>
2007-02-01 22:47:19 70656 --a------ C:\WINDOWS\system32\amstream.dll<Signed: n/a>
2007-01-31 22:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 15:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 17:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-29 23:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-29 23:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-29 23:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-29 22:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-29 22:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-29 22:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>


-- Find3M Report ----------------------------------------------------------------

2007-02-13 15:57:32 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft<MICROS~1>
2007-02-05 18:31:29 146946 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~2.LOG>
2007-02-05 18:30:40 2204 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-05 18:28:34 375 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log<HELPFI~1.LOG>
2007-02-05 18:28:32 0 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log<HELPFI~2.LOG>
2007-02-05 18:28:24 3031 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log<PATCHU~1.LOG>
2007-02-05 18:27:31 40487 --a------ C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-05 18:27:23 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll<Unsigned: Hewlett Packard>
2007-02-02 17:44:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia<MACROM~1>
2007-02-02 17:42:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2007-02-02 11:13:03 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~4>
2007-02-02 11:12:55 0 d-------- C:\Program Files\Windows Plus<WINDOW~3>
2007-02-02 11:12:55 0 d-------- C:\Program Files\Windows NT<WINDOW~2>
2007-02-02 11:04:14 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-02 11:03:28 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-02 11:03:27 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-02 11:01:55 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-02 11:01:54 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-02 10:57:09 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-02 10:56:54 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-02 10:56:41 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-02 10:53:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities<IDENTI~1>
2007-01-29 23:03:34 36624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys<Unsigned: Sonic Solutions>
2006-12-12 10:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Plus\\Ad-Watch.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


-- End of ComboScan: finished at 2007-02-19 at 20:34:22 -------------------------

ComboScan v20070212.14 run by HP_Administrator on 2007-02-19 at 20:20:56
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 958.48 MiB / 481.23 MiB
Pagefile Memory (total/avail): 2311.25 MiB / 1877.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.67 MiB

C: is Fixed (NTFS) - 174.54 GiB total, 117.44 GiB free.
D: is Fixed (FAT32) - 11.74 GiB total, 4.82 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

FW: BitDefender Antivirus Plus v10 v7.2 (Softwin)
AV: BitDefender Antivirus Plus v10 v7.2 (Softwin)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
5 Card Slingo from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\Uninstall.exe"
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AstroPop Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\Uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Barnyard Invasion from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{65B5C023-F572-4078-865F-ECB93EFE37BD}
Blackhawk Striker 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
Crystal Maze from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Family Feud --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\Uninstall.exe"
FATE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Greetings Workshop --> C:\Program Files\Greetings Workshop\SETUP\setup.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~nemaphw.tmp\HijackThis.exe /uninstall
HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Insaniquarium Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Lemonade Tycoon 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\Uninstall.exe"
Lexibox Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Lost Worlds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
Snowboard SuperJam from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Zuma Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\Uninstall.exe"


-- End of ComboScan: finished at 2007-02-19 at 20:34:22 -------------------------
Sledesma1 is offline