Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
HJT checkup HJT checkup
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 02-14-2007, 10:48 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 45
OS: WinXP Sp3


HJT checkup
Hello, I have been getting connections problems on my PC game, not sure if its the game or my computer (getting wierd since Bitdefender was installed) so heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:45:11 PM, on 2/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack Log\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com...prodid=nav2005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [RegisterDaysRemind] c:\\hp\\bin\\spawn.exe c:\\windows\\system32\\pcintro\\autorun.exe c:\\windows\\system32\\pcintro\\remind.cmd Register7d.html
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F77D10-3691-4DDF-A282-1D839BEDB538}: NameServer = 68.87.72.130,68.87.77.130
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Sledesma1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-16-2007, 03:58 PM   #2 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 45
OS: WinXP Sp3


Bump.
Sledesma1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-17-2007, 06:56 PM   #3 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 45
OS: WinXP Sp3


Bump.
Sledesma1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 08:28 AM   #4 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Glaswegian : 02-18-2007 at 12:46 PM. Reason: No need for additional parts of the post at this time.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 09:47 PM   #5 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear.
The absence of symptoms does not mean that everything is clean.

Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer.

---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

*Note* On the install please uncheck the option "Add CCleaner Yahoo toolbar and use CCleaner from within IE"

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.

---------------------------------------------------------------------------------------------

Ad-Aware's AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:
  • Open AdAware SE.
  • Go to AdWatch User Interface.
  • Go to Tools and Preferences.
  • At the bottom of the screen you will see 2 options Active and Automatic.
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
  • Unless they are turned off they could interfere with the fix by HijackThis.

---------------------------------------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).


---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Download ComboScan to your Desktop.
  1. Close all applications and windows.
  2. Double-click on comboscan.exe to run it, and follow the prompts.
  3. When the scan is complete, a text file will open - ComboScan.txt
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
  5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
  6. Please attach Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware Log
Panda results
ComboScan.txt
Supplementary.txt - Please Attach
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-19-2007, 07:38 PM   #6 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 45
OS: WinXP Sp3


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:37:52 PM 2/19/2007

+ Scan result:



C:\Documents and Settings\HP_Administrator\My Documents\Mugen Ultimate Collection\Misc MUGEN files\gca_v09k.exe -> Trojan.Regspy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0001406.exe -> Trojan.Regspy : Cleaned with backup (quarantined).


::Report end

Incident Status Location

Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL

ComboScan v20070212.14 run by HP_Administrator on 2007-02-19 at 20:20:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as HP_Administrator.com) ---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:21:08 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YME6L0KY\comboscan[1].exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~nemaphw.tmp\HP_Administrator.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com...prodid=nav2005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F77D10-3691-4DDF-A282-1D839BEDB538}: NameServer = 68.87.72.130,68.87.77.130
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1 AmdK8 (AMD Processor Driver) - system32\DRIVERS\AmdK8.sys
3 aracpi - system32\DRIVERS\aracpi.sys
3 arhidfltr (MS Ar HID Filter Driver) - system32\DRIVERS\arhidfltr.sys
3 arkbcfltr (Microsoft PS2 Keyboard Filter) - system32\DRIVERS\arkbcfltr.sys
3 armoucfltr (Microsoft PS2 Mouse Filter) - system32\DRIVERS\armoucfltr.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
3 ARPolicy - system32\DRIVERS\arpolicy.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
0 bb-run (Promise driver accelerator) - system32\DRIVERS\bb-run.sys
3 bdfdll - \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
3 BDFSDRV - \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
2 BDRSDRV - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
0 ftsata2 - system32\DRIVERS\ftsata2.sys
0 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - system32\DRIVERS\gagp30kx.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HSFHWBS2 - system32\DRIVERS\HSFHWBS2.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
0 iaStor (Intel RAID Controller) - system32\DRIVERS\iaStor.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 MHNDRV (MHN driver) - system32\DRIVERS\mhndrv.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
3 Ps2 - system32\DRIVERS\PS2.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - system32\DRIVERS\Rtlnicxp.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - system32\DRIVERS\sisnic.sys
0 sptd - System32\Drivers\sptd.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - system32\DRIVERS\usbohci.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
0 ViaIde - system32\DRIVERS\viaide.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 ARSVC - C:\WINDOWS\arservice.exe
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 bdss (BitDefender Scan Server) - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2 ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
3 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 LIVESRV (BitDefender Desktop Update Service) - "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
0 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 VSSERV (BitDefender Virus Shield) - "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
2 XCOMM (BitDefender Communicator) - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service


-- Scheduled Tasks --------------------------------------------------------------

2007-02-15 20:30:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-19 and 2007-02-19 ------------------------------

2007-02-19 18:44:45 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-19 18:44:43 0 d-------- C:\WINDOWS\LastGood
2007-02-19 14:40:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-18 23:13:27 0 d-------- C:\Program Files\CCleaner
2007-02-18 23:09:54 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-18 23:09:46 0 d-------- C:\Program Files\Grisoft
2007-02-13 15:56:57 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-13 15:52:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2007-02-13 15:52:21 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech<LEADER~1>
2007-02-13 15:50:12 0 d-------- C:\Program Files\Greetings Workshop<GREETI~1>
2007-02-09 16:52:34 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-02-07 20:56:10 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-02-07 20:17:32 0 d-------- C:\Program Files\TurboTax
2007-02-07 20:17:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield<INSTAL~1>
2007-02-06 19:46:17 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender<BITDEF~1>
2007-02-06 19:32:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender<BITDEF~1>
2007-02-06 19:21:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-06 19:12:15 0 d-------- C:\Hijack Log<HIJACK~1>
2007-02-05 22:49:13 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2007-02-05 22:47:59 0 d-------- C:\Program Files\VideoLAN
2007-02-05 21:42:16 0 d-------- C:\WINDOWS\Sun
2007-02-05 21:42:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2007-02-05 18:35:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2007-02-05 18:29:08 0 d-------- C:\temp
2007-02-05 18:22:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2007-02-05 16:55:42 0 d--hs---- C:\RECYCLER
2007-02-05 16:55:22 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-02-03 23:16:24 0 d-------- C:\Boot
2007-02-03 19:02:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-03 18:39:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-02 23:00:56 0 d-------- C:\Program Files\OpenSource Flash Video Splitter<OPENSO~1>
2007-02-02 22:11:52 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2007-02-02 22:08:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2007-02-02 21:49:03 0 d-------- C:\Program Files\Trillian
2007-02-02 20:51:13 2560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-02 20:51:13 2432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-02 20:51:12 129784 --a------ C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-02 20:50:59 0 d-------- C:\Program Files\DivX
2007-02-02 19:27:21 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-02 19:26:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-02 19:20:59 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-02 19:17:53 0 d--hs---- C:\Documents and Settings\HP_Administrator\UserData
2007-02-02 19:12:28 0 d-------- C:\WINDOWS\WBEM
2007-02-02 19:12:27 0 d-------- C:\WINDOWS\system32\en-US
2007-02-02 19:11:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-02-02 19:11:18 0 d-------- C:\Program Files\uTorrent
2007-02-02 19:11:16 0 d--h---c- C:\WINDOWS\ie7
2007-02-02 19:10:22 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-02 19:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-02 19:07:49 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-02 19:07:47 0 d-------- C:\46be12e08c1c346fe4b659c421d678<46BE12~1>
2007-02-02 18:55:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2007-02-02 18:55:42 0 d-------- C:\Program Files\Lavasoft
2007-02-02 18:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer<APPLEC~1>
2007-02-02 18:35:00 0 d-------- C:\Program Files\iPod
2007-02-02 18:34:57 0 d-------- C:\Program Files\iTunes
2007-02-02 18:34:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-02 18:34:17 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-02 18:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-02 18:16:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2007-02-02 18:16:26 308 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-02-02 17:44:24 1168 --a------ C:\WINDOWS\mozver.dat
2007-02-02 17:42:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-02 17:41:55 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-02 17:13:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-02 14:46:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InterVideo<INTERV~1>
2007-02-02 14:41:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-02-02 14:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 14:37:25 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2007-02-02 14:37:25 2621440 --ah----- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2007-02-02 14:37:08 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Intuit
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 13:17:20 0 d--h----- C:\WINDOWS\PIF
2007-02-02 12:57:36 0 d-------- C:\WINDOWS\Prefetch
2007-02-02 12:56:42 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2007-02-02 12:43:59 0 dr-hs---- C:\cmdcons
2007-02-02 12:43:58 0 d-------- C:\WINDOWS\setup.pss
2007-02-02 12:43:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-02 12:43:45 0 d-------- C:\WINDOWS\setupupd
2007-02-02 11:44:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-02 11:33:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-02-02 11:32:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-02 11:29:36 0 d-------- C:\Program Files\Google
2007-02-02 11:25:04 0 d-------- C:\Program Files\PC-Doctor for DOS<PC-DOC~2>
2007-02-02 11:24:59 22396 --a------ C:\WINDOWS\system32\drivers\USBkey.sys<Unsigned: n/a>
2007-02-02 11:24:59 13440 --a------ C:\WINDOWS\system32\drivers\pcdrndisuio.sys<PCDRND~1.SYS><Unsigned: Windows (R) 2000 DDK provider>
2007-02-02 11:24:41 0 d-------- C:\Program Files\PC-Doctor 5 for Windows<PC-DOC~1>
2007-02-02 11:22:03 0 d-------- C:\WINDOWS\HPCPCUninstall-9972322<HPCPCU~1>
2007-02-02 11:21:52 0 d-------- C:\Program Files\Updates from HP<UPDATE~1>
2007-02-02 11:21:28 0 d-a------ C:\WINDOWS\system32\pcintro
2007-02-02 11:21:08 36864 --a------ C:\WINDOWS\system32\fpalsu.dll<Unsigned: Hewlett-Packard Company>
2007-02-02 11:21:08 14314 --a------ C:\WINDOWS\system32\CHODDI.SYS<Unsigned: n/a>
2007-02-02 11:21:06 40960 --a------ C:\WINDOWS\system32\omano.dll<Unsigned: Hewlett-Packard>
2007-02-02 11:21:03 45056 --a------ C:\WINDOWS\system32\hpreg.dll<Unsigned: n/a>
2007-02-02 11:18:21 1613824 --a------ C:\WINDOWS\system32\cdintf250.dll<CDINTF~1.DLL><Unsigned: Amyuni Technologies>
2007-02-02 11:18:13 0 d-------- C:\Program Files\Common Files\Palo Alto Software<PALOAL~1>
2007-02-02 11:18:09 0 d-------- C:\Program Files\Common Files\Intuit
2007-02-02 11:18:06 0 d-------- C:\Program Files\Quicken
2007-02-02 11:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-02-02 11:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-02-02 11:17:50 0 d-a------ C:\Program Files\TurboTax Online<TURBOT~1>
2007-02-02 11:17:36 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-02 11:17:36 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-02 11:16:46 0 d-------- C:\Program Files\Common Files\muvee Technologies<MUVEET~1>
2007-02-02 11:16:45 0 d-------- C:\Program Files\muvee Technologies<MUVEET~1>
2007-02-02 11:15:39 266240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll<SHELLV~2.DLL><Unsigned: XSS>
2007-02-02 11:15:39 237568 --a------ C:\WINDOWS\system32\ShellvRTF.dll<SHELLV~1.DLL><Unsigned: XSS>
2007-02-02 11:15:38 0 d-------- C:\WINDOWS\CREATOR
2007-02-02 11:15:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-02-02 11:14:47 17920 --a------ C:\WINDOWS\system32\mdimon.dll<Unsigned: Microsoft Corporation>
2007-02-02 11:14:10 0 d-------- C:\Program Files\Common Files\L&H
2007-02-02 11:14:05 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-02 11:13:48 0 d-------- C:\WINDOWS\SHELLNEW
2007-02-02 11:13:41 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-02 11:13:26 0 dr-h----- C:\MSOCache
2007-02-02 11:12:48 0 d-------- C:\Program Files\Microsoft Works<MICROS~3>
2007-02-02 11:11:48 0 d-------- C:\Program Files\Microsoft Money 2005<MICROS~2>
2007-02-02 11:11:31 0 d-a------ C:\Program Files\IntelliMoverDemo<INTELL~1>
2007-02-02 11:11:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-02 11:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-02 11:10:20 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll<IV828C~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll<IV760B~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll<IVIRES~4.DLL><Unsigned: n/a>
2007-02-02 11:10:20 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll<IVIRES~3.DLL><Unsigned: n/a>
2007-02-02 11:10:20 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll<IVIRES~2.DLL><Unsigned: n/a>
2007-02-02 11:10:20 20480 --a------ C:\WINDOWS\system32\IVIresize.dll<IVIRES~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-02-02 11:10:13 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-02-02 11:09:59 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-02 11:09:28 0 d-a------ C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-02-02 11:08:51 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-02 11:08:37 0 d-------- C:\Program Files\Common Files\TiVo Shared<TIVOSH~1>
2007-02-02 11:04:57 0 d-------- C:\Program Files\WildTangent<WILDTA~1>
2007-02-02 11:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-02-02 11:04:20 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-02-02 11:04:16 0 d-------- C:\Program Files\Sonic
2007-02-02 11:03:29 45929 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE><Unsigned: n/a>
2007-02-02 11:03:16 0 d-------- C:\Program Files\Netscape
2007-02-02 11:03:09 0 d-------- C:\Program Files\Rhapsody
2007-02-02 11:02:57 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-02 11:02:51 0 d-------- C:\Program Files\Real
2007-02-02 11:02:50 0 d-------- C:\Program Files\Common Files\Real
2007-02-02 11:02:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-02-02 11:02:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 11:02:10 0 d-------- C:\Program Files\MSN Encarta Standard<MSNENC~1>
2007-02-02 11:00:11 90112 --a------ C:\WINDOWS\system32\ps2.EXE<Signed: Hewlett-Packard Company>
2007-02-02 11:00:05 90112 --a------ C:\WINDOWS\system32\ps2.bat
2007-02-02 11:00:05 19072 --a------ C:\WINDOWS\system32\drivers\PS2.sys<Signed: Hewlett-Packard Company>
2007-02-02 10:58:10 4011 --a------ C:\WINDOWS\hphmdl08.dat
2007-02-02 10:58:10 80417 --a------ C:\WINDOWS\HPHins08.dat
2007-02-02 10:57:13 0 --a------ C:\WINDOWS\hpimdl01.dat
2007-02-02 10:57:13 72881 --a------ C:\WINDOWS\hpiins01.dat
2007-02-02 10:55:49 21124 --a------ C:\WINDOWS\hpomdl07.dat
2007-02-02 10:55:49 112873 --a------ C:\WINDOWS\hpoins07.dat
2007-02-02 10:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-02-02 10:55:00 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-02 10:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-02-02 10:54:37 0 d-------- C:\Program Files\Common Files\HP
2007-02-02 10:53:18 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-02 10:53:05 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll<Signed: HP>
2007-02-02 10:53:05 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll<Signed: HP>
2007-02-02 10:53:05 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll<Signed: HP>
2007-02-02 10:53:05 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe<Signed: HP>
2007-02-02 10:53:05 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe<Signed: HP>
2007-02-02 10:53:05 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll<Signed: HP>
2007-02-02 10:52:45 0 d-------- C:\Program Files\HP
2007-02-02 10:52:41 5389 --a------ C:\WINDOWS\hpomdl06.dat
2007-02-02 10:52:41 88403 --a------ C:\WINDOWS\hpoins06.dat
2007-02-02 10:51:46 0 d-------- C:\WINDOWS\system32\FxsTmp
2007-02-02 10:51:05 0 d-------- C:\Program Files\CONEXANT
2007-02-02 10:49:00 36352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys<Signed: Advanced Micro Devices>
2007-02-02 10:48:48 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll<Signed: Conexant>
2007-02-02 10:48:48 39018 --a------ C:\WINDOWS\system32\hsfci012.dll<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 13059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys<Signed: Conexant>
2007-02-02 10:48:48 220928 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 1038208 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 703232 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:31 74496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys<Signed: Realtek Semiconductor Corporation >
2007-02-02 10:48:16 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-02 10:48:16 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-02 10:48:13 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-02 10:48:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-02 10:47:50 599552 --a------ C:\WINDOWS\system32\ativvaxx.dll<Signed: ATI Technologies Inc. >
2007-02-02 10:47:50 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:50 17408 --a------ C:\WINDOWS\system32\atitvo32.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:50 106496 --a------ C:\WINDOWS\system32\atipdlxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:50 4718592 --a------ C:\WINDOWS\system32\atioglxx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 1313792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 40960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 147456 --a------ C:\WINDOWS\system32\atikvmag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 104361 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-02 10:47:49 258048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 2408800 --a------ C:\WINDOWS\system32\ati3duag.dll<Signed: ATI Technologies Inc. >
2007-02-02 10:47:49 25088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:49 376832 --a------ C:\WINDOWS\system32\ati2evxx.exe<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 46080 --a------ C:\WINDOWS\system32\ati2evxx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 39936 --a------ C:\WINDOWS\system32\ati2edxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:49 238592 --a------ C:\WINDOWS\system32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 233472 --a------ C:\WINDOWS\system32\ati2cqag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:43:47 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-02 10:42:50 52736 --a------ C:\WINDOWS\system\hpsysdrv.exe<Unsigned: Hewlett-Packard Company>
2007-02-02 10:40:49 786944 --a------ C:\WINDOWS\system32\RDBios32.dll<Unsigned: Hewlett Packard>
2007-02-02 10:40:49 532480 --a------ C:\WINDOWS\system32\cPC_DMIRD.dll<CPC_DM~1.DLL><Unsigned: Hewlett Packard>
2007-02-02 10:40:10 0 d-------- C:\Program Files\Java
2007-02-02 10:40:10 0 d-------- C:\Program Files\Common Files\Java
2007-02-02 10:38:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SBSI
2007-02-02 10:37:05 306688 --a------ C:\WINDOWS\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-02 10:35:40 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-02 10:33:24 0 d-------- C:\Program Files\GemMaster<GEMMAS~1>
2007-02-02 10:31:20 0 d-------- C:\WINDOWS\system32\URTTemp
2007-02-02 10:29:18 40832 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys<Signed: Creative Technology Ltd.>
2007-02-02 10:27:00 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-02 09:22:38 0 d-------- C:\WINDOWS\I386
2007-02-02 09:20:40 0 d-------- C:\Program Files<PROGRA~1>
2007-02-02 09:20:38 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-02 09:04:58 0 dr--s---- C:\WINDOWS\assembly
2007-02-02 09:04:56 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-02 09:04:42 0 dr-hs---- C:\WINDOWS\system32\dllcache
2007-02-01 22:55:51 707 --a------ C:\WINDOWS\_default.pif
2007-02-01 22:55:15 13312 --a------ C:\WINDOWS\system32\win87em.dll<Signed: n/a>
2007-02-01 22:55:14 18432 --a------ C:\WINDOWS\system32\win.com
2007-02-01 22:55:06 1129 --a------ C:\WINDOWS\system32\vwipxspx.exe<Signed: n/a>
2007-02-01 22:55:03 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-01 22:54:58 25600 --a------ C:\WINDOWS\twunk_32.exe<Signed: Twain Working Group>
2007-02-01 22:54:58 49680 --a------ C:\WINDOWS\twunk_16.exe<Signed: Twain Working Group>
2007-02-01 22:54:58 50688 --a------ C:\WINDOWS\twain_32.dll<Signed: Twain Working Group>
2007-02-01 22:54:58 94784 --a------ C:\WINDOWS\twain.dll<Signed: Twain Working Group>
2007-02-01 22:54:58 15360 --a------ C:\WINDOWS\system32\tsd32.dll<Signed: n/a>
2007-02-01 22:54:57 11264 --a------ C:\WINDOWS\system32\tree.com
2007-02-01 22:52:55 679936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-02-01 22:52:55 14336 --a------ C:\WINDOWS\system32\ssstars.scr
2007-02-01 22:52:55 610304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-02-01 22:52:55 18944 --a------ C:\WINDOWS\system32\ssmyst.scr
2007-02-01 22:52:55 47104 --a------ C:\WINDOWS\system32\ssmypics.scr
2007-02-01 22:52:55 20992 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-02-01 22:52:55 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-02-01 22:52:54 19968 --a------ C:\WINDOWS\system32\ssbezier.scr
2007-02-01 22:52:54 704512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-02-01 22:52:52 24661 --a------ C:\WINDOWS\system32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-01 22:52:27 14848 --a------ C:\WINDOWS\system32\slbrccsp.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:27 98304 --a------ C:\WINDOWS\system32\slbiop.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:27 306176 --a------ C:\WINDOWS\system32\slbcsp.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:23 882 --a------ C:\WINDOWS\system32\share.exe<Signed: n/a>
2007-02-01 22:52:22 11753 --a------ C:\WINDOWS\system32\setver.exe<Signed: n/a>
2007-02-01 22:52:20 27440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys<Signed: n/a>
2007-02-01 22:52:19 9216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-02-01 22:52:19 10240 --a------ C:\WINDOWS\system32\scriptpw.dll<Signed: n/a>
2007-02-01 22:52:18 291840 --a------ C:\WINDOWS\system32\sbe.dll<Signed: n/a>
2007-02-01 22:52:15 49152 --a------ C:\WINDOWS\system32\rsm.exe<Signed: Microsoft Corp>
2007-02-01 22:52:12 397824 --a------ C:\WINDOWS\system32\regwizc.dll<Signed: Microsoft>
2007-02-01 22:52:12 4608 --a------ C:\WINDOWS\system32\regwiz.exe<Signed: Microsoft>
2007-02-01 22:52:11 3338 --a------ C:\WINDOWS\system32\redir.exe<Signed: n/a>
2007-02-01 22:52:08 1287680 --a------ C:\WINDOWS\system32\quartz.dll<Signed: n/a>
2007-02-01 22:52:07 733696 --a------ C:\WINDOWS\system32\qedwipes.dll<Signed: n/a>
2007-02-01 22:52:06 562176 --a------ C:\WINDOWS\system32\qedit.dll<Signed: n/a>
2007-02-01 22:52:06 385024 --a------ C:\WINDOWS\system32\qdvd.dll<Signed: n/a>
2007-02-01 22:52:06 279040 --a------ C:\WINDOWS\system32\qdv.dll<Signed: n/a>
2007-02-01 22:52:06 192512 --a------ C:\WINDOWS\system32\qcap.dll<Signed: n/a>
2007-02-01 22:52:06 3708 --a------ C:\WINDOWS\system32\pubprn.vbs
2007-02-01 22:52:06 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys<Signed: Parallel Technologies, Inc.>
2007-02-01 22:51:53 15860 --a------ C:\WINDOWS\system32\prnqctl.vbs
2007-02-01 22:51:53 29454 --a------ C:\WINDOWS\system32\prnport.vbs
2007-02-01 22:51:53 32546 --a------ C:\WINDOWS\system32\prnmngr.vbs
2007-02-01 22:51:53 21527 --a------ C:\WINDOWS\system32\prnjobs.vbs
2007-02-01 22:51:53 25415 --a------ C:\WINDOWS\system32\prndrvr.vbs
2007-02-01 22:51:53 35755 --a------ C:\WINDOWS\system32\prncnfg.vbs
2007-02-01 22:51:51 272128 --a------ C:\WINDOWS\system32\perfi009.dat
2007-02-01 22:51:51 28626 --a------ C:\WINDOWS\system32\perfd009.dat
2007-02-01 22:51:43 4490 --a------ C:\WINDOWS\system32\oembios.dat
2007-02-01 22:51:28 3252 --a------ C:\WINDOWS\system32\nw16.exe<Signed: n/a>
2007-02-01 22:51:22 34560 --a------ C:\WINDOWS\system32\ntio804.sys<Signed: n/a>
2007-02-01 22:51:22 35424 --a------ C:\WINDOWS\system32\ntio412.sys<Signed: n/a>
2007-02-01 22:51:22 35648 --a------ C:\WINDOWS\system32\ntio411.sys<Signed: n/a>
2007-02-01 22:51:22 34560 --a------ C:\WINDOWS\system32\ntio404.sys<Signed: n/a>
2007-02-01 22:51:22 33840 --a------ C:\WINDOWS\system32\ntio.sys<Signed: n/a>
2007-02-01 22:51:21 29146 --a------ C:\WINDOWS\system32\ntdos804.sys<Signed: n/a>
2007-02-01 22:51:21 29274 --a------ C:\WINDOWS\system32\ntdos412.sys<Signed: n/a>
2007-02-01 22:51:21 29370 --a------ C:\WINDOWS\system32\ntdos411.sys<Signed: n/a>
2007-02-01 22:51:21 29146 --a------ C:\WINDOWS\system32\ntdos404.sys<Signed: n/a>
2007-02-01 22:51:21 27866 --a------ C:\WINDOWS\system32\ntdos.sys<Signed: n/a>
2007-02-01 22:51:17 741 --a------ C:\WINDOWS\system32\noise.dat
2007-02-01 22:51:17 7052 --a------ C:\WINDOWS\system32\nlsfunc.exe<Signed: n/a>
2007-02-01 22:50:35 94282 --a------ C:\WINDOWS\system32\msencode.dll<Signed: n/a>
2007-02-01 22:50:34 4126 --a------ C:\WINDOWS\system32\msdxmlc.dll<Signed: n/a>
2007-02-01 22:50:34 14336 --a------ C:\WINDOWS\system32\msdmo.dll<Signed: n/a>
2007-02-01 22:50:33 817 --a------ C:\WINDOWS\system32\mscdexnt.exe<Signed: n/a>
2007-02-01 22:50:25 15872 --a------ C:\WINDOWS\system32\more.com
2007-02-01 22:50:24 19456 --a------ C:\WINDOWS\system32\mode.com
2007-02-01 22:50:22 673088 --a------ C:\WINDOWS\system32\mlang.dat
2007-02-01 22:50:17 39274 --a------ C:\WINDOWS\system32\mem.exe<Signed: n/a>
2007-02-01 22:50:15 35328 --a------ C:\WINDOWS\system32\mciqtz32.dll<Signed: n/a>
2007-02-01 22:50:12 220672 --a------ C:\WINDOWS\system32\logon.scr
2007-02-01 22:50:12 487 --a------ C:\WINDOWS\system32\login.cmd
2007-02-01 22:50:11 1131 --a------ C:\WINDOWS\system32\loadfix.com
2007-02-01 22:50:08 42537 --a------ C:\WINDOWS\system32\keyboard.sys<Signed: n/a>
2007-02-01 22:50:08 42809 --a------ C:\WINDOWS\system32\key01.sys<Signed: n/a>
2007-02-01 22:50:07 14710 --a------ C:\WINDOWS\system32\kb16.com
2007-02-01 22:50:06 65536 --a------ C:\WINDOWS\system32\jgsh400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 45568 --a------ C:\WINDOWS\system32\jgsd400.dll<Signed: America Online>
2007-02-01 22:50:06 35840 --a------ C:\WINDOWS\system32\jgmd400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 44544 --a------ C:\WINDOWS\system32\jgaw400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll<Signed: Intel Corporation>
2007-02-01 22:50:05 183808 --a------ C:\WINDOWS\system32\ir50_qcx.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 200192 --a------ C:\WINDOWS\system32\ir50_qc.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 755200 --a------ C:\WINDOWS\system32\ir50_32.dll<Signed: Intel Corporation>
2007-02-01 22:50:05 338432 --a------ C:\WINDOWS\system32\ir41_qcx.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 120320 --a------ C:\WINDOWS\system32\ir41_qc.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 199168 --a------ C:\WINDOWS\system32\ir32_32.dll<Signed: n/a>
2007-02-01 22:49:54 80384 --a------ C:\WINDOWS\system32\iccvid.dll<Signed: Radius Inc.>
2007-02-01 22:49:54 347136 --a------ C:\WINDOWS\system32\hypertrm.dll<Signed: Hilgraeve, Inc.>
2007-02-01 22:49:53 44544 --a------ C:\WINDOWS\system32\hticons.dll<Signed: Hilgraeve, Inc.>
2007-02-01 22:49:49 4768 --a------ C:\WINDOWS\system32\himem.sys<Signed: n/a>
2007-02-01 22:49:46 19694 --a------ C:\WINDOWS\system32\graphics.com
2007-02-01 22:49:46 26112 --a------ C:\WINDOWS\system32\graftabl.com
2007-02-01 22:49:15 25600 --a------ C:\WINDOWS\system32\format.com
2007-02-01 22:49:14 882 --a------ C:\WINDOWS\system32\fastopen.exe<Signed: n/a>
2007-02-01 22:49:11 8424 --a------ C:\WINDOWS\system32\exe2bin.exe<Signed: n/a>
2007-02-01 22:49:10 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll<Signed: Equinox Systems Inc.>
2007-02-01 22:49:09 456192 --a------ C:\WINDOWS\system32\encdec.dll<Signed: n/a>
2007-02-01 22:49:09 12642 --a------ C:\WINDOWS\system32\edlin.exe<Signed: n/a>
2007-02-01 22:49:09 69886 --a------ C:\WINDOWS\system32\edit.com
2007-02-01 22:49:08 498742 --a------ C:\WINDOWS\system32\dxmasf.dll<Signed: n/a>
2007-02-01 22:49:06 218003 --a------ C:\WINDOWS\system32\dssec.dat
2007-02-01 22:48:08 53840 --a------ C:\WINDOWS\system32\dosx.exe<Signed: n/a>
2007-02-01 22:48:08 23552 --a------ C:\WINDOWS\system32\dmserver.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys<Signed: Microsoft Corp., Veritas Software.>
2007-02-01 22:48:07 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 15872 --a------ C:\WINDOWS\system32\dmremote.exe<Signed: Microsoft Corp.>
2007-02-01 22:48:07 18432 --a------ C:\WINDOWS\system32\dmintf.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 118784 --a------ C:\WINDOWS\system32\dmdskres.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 200704 --a------ C:\WINDOWS\system32\dmdskmgr.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 273920 --a------ C:\WINDOWS\system32\dmdlgs.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 330752 --a------ C:\WINDOWS\system32\dmconfig.dll<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 224768 --a------ C:\WINDOWS\system32\dmadmin.exe<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:03 7168 --a------ C:\WINDOWS\system32\diskcopy.com
2007-02-01 22:48:03 9216 --a------ C:\WINDOWS\system32\diskcomp.com
2007-02-01 22:48:01 85020 --a------ C:\WINDOWS\system32\dgsetup.dll<Signed: Digi International>
2007-02-01 22:48:01 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll<Signed: Digi International, Inc.>
2007-02-01 22:48:01 111104 --a------ C:\WINDOWS\system32\dgnet.dll<Signed: Microsoft>
2007-02-01 22:48:01 123904 --a------ C:\WINDOWS\system32\dfrgui.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 38912 --a------ C:\WINDOWS\system32\dfrgsnap.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 51200 --a------ C:\WINDOWS\system32\dfrgres.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:00 59904 --a------ C:\WINDOWS\system32\devenum.dll<Signed: n/a>
2007-02-01 22:48:00 25088 --a------ C:\WINDOWS\system32\defrag.exe<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:00 20634 --a------ C:\WINDOWS\system32\debug.exe<Signed: n/a>
2007-02-01 22:47:52 27097 --a------ C:\WINDOWS\system32\country.sys<Signed: n/a>
2007-02-01 22:47:49 252928 --a------ C:\WINDOWS\system32\compatUI.dll<Signed: n/a>
2007-02-01 22:47:49 50620 --a------ C:\WINDOWS\system32\command.com
2007-02-01 22:47:45 7680 --a------ C:\WINDOWS\system32\chcp.com
2007-02-01 22:47:36 30208 --a------ C:\WINDOWS\system32\atmlib.dll<Signed: Adobe Systems>
2007-02-01 22:47:36 285696 --a------ C:\WINDOWS\system32\atmfd.dll<Signed: Adobe Systems Incorporated>
2007-02-01 22:47:36 32256 --a------ C:\WINDOWS\system32\asr_ldm.exe<Signed: Microsoft Corp.>
2007-02-01 22:47:19 12498 --a------ C:\WINDOWS\system32\append.exe<Signed: n/a>
2007-02-01 22:47:19 9029 --a------ C:\WINDOWS\system32\ansi.sys<Signed: n/a>
2007-02-01 22:47:19 70656 --a------ C:\WINDOWS\system32\amstream.dll<Signed: n/a>
2007-01-31 22:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 15:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 17:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-29 23:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-29 23:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-29 23:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-29 22:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-29 22:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-29 22:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>


-- Find3M Report ----------------------------------------------------------------

2007-02-13 15:57:32 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft<MICROS~1>
2007-02-05 18:31:29 146946 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~2.LOG>
2007-02-05 18:30:40 2204 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-05 18:28:34 375 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log<HELPFI~1.LOG>
2007-02-05 18:28:32 0 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log<HELPFI~2.LOG>
2007-02-05 18:28:24 3031 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log<PATCHU~1.LOG>
2007-02-05 18:27:31 40487 --a------ C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-05 18:27:23 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll<Unsigned: Hewlett Packard>
2007-02-02 17:44:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia<MACROM~1>
2007-02-02 17:42:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2007-02-02 11:13:03 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~4>
2007-02-02 11:12:55 0 d-------- C:\Program Files\Windows Plus<WINDOW~3>
2007-02-02 11:12:55 0 d-------- C:\Program Files\Windows NT<WINDOW~2>
2007-02-02 11:04:14 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-02 11:03:28 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-02 11:03:27 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-02 11:01:55 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-02 11:01:54 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-02 10:57:09 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-02 10:56:54 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-02 10:56:41 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-02 10:53:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities<IDENTI~1>
2007-01-29 23:03:34 36624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys<Unsigned: Sonic Solutions>
2006-12-12 10:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Plus\\Ad-Watch.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\micro