Desktop icons have disappeared, cannot connect wirelessly

cashionl · 04-18-2009, 09:05 AM

I seem to have gotten my new computer a nasty virus.

My desktop icons show up with the laptop first starts and immediately disappear. I am not able to run the Check Disk Utility on my computer. I am also unable to connect to the internet wirelessly even though the wireless light is on. I don't know if these are related or not.

I have read the "Read This Before Posting" instructions and am unable to download the DDS program. I have looked through my Add/Remove Programs and did not see any of the programs that were recommended to be removed.

The laptop is about two weeks old.
Windows Vista Home Premium
Intel Core 2 Duo CPU P7450 2.13GHz
4.00 GB Ram
NVIDIA GeForce 9800M GS

Can you please help me?

Thank you so much in advance.

Lisa

Jintan · 04-18-2009, 09:17 PM

Hello cashionl.

Yes, please post the DDS.txt log for review here. Also go to Task Manager (press Ctrl - Alt - Delete), click File - New Task, type in explorer.exe then click OK. See if your desktop icons appear then. Might be explorer has been hijacked in some way as well, so for now be sure to post that log so i can get an idea of things there,

cashionl · 04-19-2009, 08:41 AM

Jintan,

I can't post the DDS.txt log because I was unable to download it. I tried but it did not show up on the desktop. I looked in the add/delete program log and it is not there either.

I opened task manager, new task and typed explorer.exe and it opened my documents file.

cashionl · 04-19-2009, 08:49 AM

Jintan,

I went to my desktop and right clicked, clicked on view, removed the check mark next to view icons and then reversed the steps. My icons are back but who knows for how long.
I tried again to download DDS. It comes up with the DOS looking black box but it says "This tool does not support your operating system. Press any key to continue." When I press a key it disappears.

Jintan · 04-19-2009, 06:47 PM

Let's do a different look then. Surprising so much is occurring on a new system - did you install something and then this all started? Also I am not clear if you are having download issues or issues running the scans. You say "download" but then with that "DOS" reference are describing the scan tool running. Be sure on Vista to right click - Run as Administrator for all the tools we use here.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

cashionl · 04-19-2009, 07:36 PM

When I try to run the latest program you instructed me to I get:

Error

Line -1
Error Script used with non-Array variable.

With the DDS program it does open the DOS window and then tells me "This tool does not support your operating system. Press any key to continue." When I press a key it disappears.

I do not understand what you mean by right click to run as Administrator.

Jintan · 04-19-2009, 08:44 PM

When you follow the steps to click/run and tool file, right click that file (example - DDS.scr) and select "Run as Adminstrator". Try this now for DDS.scr if you would.

If that does not work, Download OTListIt2 from here to your desktop, then click OTListIt2.exe to open the scan display. Remember - right click - Run as Administrator.

Place a check in the "Scan All Users" box at the top of OTListIt, then click "Run Scan".

Once the scan completes a text box will open - copy/paste those contents back here please (this will also be saved to the desktop as OTListIt.txt).

Do not make any other changes in OTListIt before running the scan.

cashionl · 04-20-2009, 08:09 AM

I did finally get the DDS file to download to my desk top but a right click does not give me the option to Run As Administrator. When I click on the file it still tells me it does not support my system.

Here is the OTList.

OTListIt logfile created on: 4/20/2009 7:42:38 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 62.06% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.35 Gb Total Space | 212.28 Gb Free Space | 73.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/31 22:09:37 | 01,178,728 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2008/03/31 04:55:48 | 00,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/08/13 22:59:52 | 00,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/08/08 02:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/11/30 13:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2008/06/18 00:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/29 17

16 | 00,223,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/03/24 23:39:18 | 00,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/06/09 12:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/08/13 22:59:56 | 00,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2008/09/19 05:07:44 | 00,029,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/08/20 18:26:08 | 02,705,976 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2008/07/18 21:52:16 | 00,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/09/02 19:11:04 | 08,105,984 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2006/11/02 10:27:32 | 00,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/04/01 01:09:30 | 00,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/03/05 17:10:40 | 06,308,728 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2008/08/13 18:21:56 | 02,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/08/13 23:00:08 | 00,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:00:16 | 00,158,264 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/01/20 20:48:05 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe
PRC - [2008/06/09 12:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/01 08:01:07 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2007/08/03 14:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2009/02/25 15:24:42 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/03/02 20:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysWOW64\wbem\wmiprvse.exe
PRC - [2009/03/02 20:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysWOW64\wbem\wmiprvse.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/02/25 15:24:42 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE
PRC - [2008/05/22 17:29:12 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN\MSNCoreFiles\MSN.EXE
PRC - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe
PRC - [2009/04/20 07:37:06 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/31 04:55:48 | 00,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/13 22:59:52 | 00,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService [Auto | Running])
SRV - [2007/08/08 02:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 12:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 09:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 19:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/09/19 05:07:44 | 00,029,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751 [On_Demand | Stopped])
SRV - [2008/09/19 05:10:58 | 00,156,656 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/06/19 19:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/06/09 12:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/06/19 19:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 20:47:55 | 00,079,360 | ---- | M] () -- C:\Windows\sysnative\pcasvc.dll -- (PcaSvc [Auto | Running])
SRV - [2008/01/20 20:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2009/04/01 08:01:07 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet [Auto | Running])
SRV - [2007/08/03 14:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2009/02/25 15:24:42 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2009/03/31 22:09:37 | 01,178,728 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/08/10 22:19:44 | 00,034,872 | ---- | M] () -- C:\Windows\sysnative\drivers\AsDsm.sys -- (AsDsm [Boot | Running])
DRV - [2007/07/24 13:11:32 | 00,014,904 | ---- | M] () -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64 [Auto | Running])
DRV - [2008/01/20 20:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/08/02 22:26:47 | 00,017,464 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio [Auto | Running])
DRV - [2006/11/01 23:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/09/11 23:48:25 | 00,406,040 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/12/18 19:57:12 | 00,059,392 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\itecir.sys -- (itecir [On_Demand | Running])
DRV - [2008/06/03 00:41:49 | 00,017,464 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\kbfiltr.sys -- (kbfiltr [On_Demand | Running])
DRV - [2008/05/29 12:21:00 | 00,016,440 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\lullaby.sys -- (lullaby [Boot | Running])
DRV - [2006/10/27 07:01:07 | 00,013,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\ATK64AMD.sys -- (MTsensor [On_Demand | Running])
DRV - [2008/08/28 09:57:23 | 04,745,216 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NETw5v64.sys -- (NETw5v64 [On_Demand | Running])
DRV - [2008/09/05 11:50:19 | 00,058,912 | ---- | M] () -- C:\Windows\sysnative\drivers\nvhda64v.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/06/24 15:50:00 | 00,065,024 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\rimmpx64.sys -- (rimmptsk [Auto | Running])
DRV - [2007/07/26 22:33:54 | 00,055,296 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\rimspx64.sys -- (rimsptsk [Auto | Running])
DRV - [2007/07/27 21:45:52 | 00,057,856 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\rixdpx64.sys -- (rismxdp [Auto | Running])
DRV - [2008/05/01 23:59:47 | 00,166,912 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/01/20 20:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Running])
DRV - [2008/04/01 03:59:19 | 01,878,440 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2009/02/25 15:24:54 | 00,037,488 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/02/25 15:24:56 | 00,135,280 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\ssidrv.sys -- (ssidrv [Boot | Running])
DRV - [2007/12/06 04:12:55 | 00,320,048 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 20:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
DRV - [2006/10/03 19:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...ASUS&bmod=ASUS

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...ASUS&bmod=ASUS
IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\S-1-5-21-1890846853-2239924484-2808309089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/04 19:37:17 | 00,000,000 | ---D | M]

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] "C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe" (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE" (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" (ASUS)
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" (ASUS)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000..\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\..Trusted Sites: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\..Trusted Sites: //@signup.mar@/ ([]msn in Computer)
O15 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\..Trusted Domains: hrsaccount.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1890846853-2239924484-2808309089-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eecf0832-288b-11de-9d3f-00235493050a}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/20 07:41:38 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTListIt2.exe
[2009/04/19 19:25:45 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/19 19:25:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2009/04/19 08:52:17 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\HP
[2009/04/17 08:13:29 | 00,001,668 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L9EB8E03F387A4DAA8B50816947BC2AAB.job
[2009/04/15 12:17:34 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 12:17:19 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 12:17:18 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 12:17:17 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 12:17:17 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 12:16:47 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/15 12:16:44 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/15 12:16:40 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/15 12:16:38 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/15 12:16:38 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/15 12:16:38 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/15 12:16:37 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/15 12:16:35 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/15 12:16:34 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/15 12:16:34 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/15 12:16:32 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/15 12:16:31 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/15 12:16:29 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/15 12:16:26 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/15 12:16:23 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/15 12:15:53 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 12:15:53 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 12:15:53 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 12:15:53 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 12:15:52 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 12:15:44 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 12:15:44 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/14 21:24:37 | 00,000,189 | ---- | C] () -- C:\Users\Admin\Desktop\STORE N GO (D) - Shortcut.lnk
[2009/04/14 19:03:07 | 00,020,480 | ---- | C] () -- C:\Users\Admin\Documents\Evals SERGIO V #2.xls
[2009/04/14 17:26:35 | 00,011,927 | ---- | C] () -- C:\Users\Admin\Documents\DonationAddresses.csv
[2009/04/14 16:54:07 | 00,004,046 | ---- | C] () -- C:\Users\Admin\Documents\MSN contacts.csv
[2009/04/14 16:33:44 | 00,008,679 | ---- | C] () -- C:\Users\Admin\Documents\Sample_CSVContactsFile(1).csv
[2009/04/14 15:19:10 | 00,020,992 | ---- | C] () -- C:\Users\Admin\Documents\Donation email.wps
[2009/04/14 13:31:10 | 00,037,376 | ---- | C] () -- C:\Users\Admin\Documents\A Walk for Stephanie.wps
[2009/04/14 08:22:14 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Help
[2009/04/14 08:21:53 | 00,008,661 | ---- | C] () -- C:\Users\Admin\Documents\RegisteredVisitors(1).csv
[2009/04/13 18:37:56 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\Quicken
[2009/04/13 16:42:52 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Intuit
[2009/04/13 16:42:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2009/04/13 16:42:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2009/04/13 16:42:18 | 00,000,076 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/04/13 16:41:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2009/04/10 18:00:27 | 00,018,944 | ---- | C] () -- C:\Users\Admin\Documents\FAFSA Estimated 2009 letter.wps
[2009/04/10 16:36:03 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Template
[2009/04/10 16:35:25 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games
[2009/04/10 16:33:25 | 00,004,608 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 07:49:45 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2009/04/08 21:48:58 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Double Deluxe.lnk
[2009/04/08 21:48:17 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\EA Games
[2009/04/08 21:21:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2009/04/08 21:21:56 | 00,445,504 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2009/04/07 08

45 | 00,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tisspwiz.lnk
[2009/04/07 08:04:51 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2009/04/07 08:03:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2009/04/07 08:02:37 | 00,002,065 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.01.lnk
[2009/04/07 08:02:02 | 00,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2009/04/07 08:02:01 | 00,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2009/04/07 08:01:49 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\HPAppData
[2009/04/07 08:00:03 | 00,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/04/07 07:59:30 | 00,001,191 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/04/07 07:59:18 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/04/07 07:58:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2009/04/07 07:52:03 | 00,145,902 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/04/07 07:43:43 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/04/06 17:00:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\spool
[2009/04/06 17:00:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2009/04/06 16:59:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2009/04/06 16:56:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2009/04/06 16:56:04 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/04/06 16:53:21 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/04/06 14:49:41 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/06 14:49:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/04/06 14:49:01 | 00,000,000 | ---D | C] -- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
[2009/04/06 14:49:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/04/06 08:11:55 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2009/04/06 08:11:55 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
[2009/04/06 08:11:06 | 00,000,000 | ---D | C] -- C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
[2009/04/06 08:10:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2009/04/06 08:10:14 | 00,001,763 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/04/06 08:09:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/04/06 08:09:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/04/06 08:09:27 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2009/04/06 08:09:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2009/04/06 08:08:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2009/04/06 08:08:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/04/06 08:05:21 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\My Downloads
[2009/04/04 21:40:54 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\CyberLink
[2009/04/04 20:51:12 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\ASUS
[2009/04/04 20:50:58 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ASUS
[2009/04/04 19:38:14 | 00,000,000 | ---D | C] -- C:\d6ada35bb640d158c2317adc388f42
[2009/04/04 19:32:19 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/04/04 19:32:09 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/04/04 19:32:07 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/04/04 19:32:07 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/04/04 19:32:07 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/04/04 19:32:04 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/04/04 19:31:49 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/04/04 19:31:44 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/04/04 19:24:12 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/04/04 19:23:51 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/04/04 19:23:37 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/04/04 19:23:20 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/04/04 19:23:12 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/04/02 14:57:10 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
[2009/04/01 12:34:09 | 00,000,336 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/04/01 08:12:55 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Oberon Games
[2009/04/01 08:09:46 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/04/01 08:01:39 | 00,047,104 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/04/01 08:01:39 | 00,047,104 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/04/01 07:52:35 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2009/04/01 07:52:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2009/04/01 07:52:19 | 00,000,000 | ---D | C] -- C:\Binaries
[2009/04/01 07:52:08 | 01,553,784 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/04/01 07:52:08 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Webroot
[2009/04/01 07:52:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2009/04/01 07:52:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/04/01 07:52:04 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/04/01 07:52:03 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/04/01 07:52:03 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/04/01 07:52:03 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/04/01 07:52:03 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/04/01 07:51:21 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/04/01 07:51:17 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/04/01 07:51:12 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/04/01 07:51:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/04/01 07:51:09 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/04/01 07:50:59 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/04/01 07:50:58 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/04/01 07:50:56 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/04/01 07:50:54 | 03,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/01 07:50:54 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2009/04/01 07:50:54 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/04/01 07:50:53 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/04/01 07:50:52 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/04/01 07:50:52 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/04/01 07:50:52 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/04/01 07:50:45 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/04/01 07:50:42 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/04/01 07:50:41 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/04/01 07:50:41 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/04/01 07:50:41 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/04/01 07:50:41 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/04/01 07:42:46 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/04/01 07:42:46 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/04/01 07:42:46 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/04/01 07:42:39 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/04/01 07:42:39 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/04/01 07:07:33 | 00,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{8BDE2B48-8F4D-4C15-9E3F-B51AE4E7D244}.job
[2009/03/31 22:42:07 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/03/31 22:40:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009/03/31 22:12:45 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2009/03/31 22:12:45 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2009/03/31 22:12:44 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/03/31 22:09:27 | 00,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2009/03/31 22:09:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2009/03/31 22:01:21 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/03/31 21:50:06 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\My Received Files
[2009/03/31 21:49:46 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\MSN6
[2009/03/31 21:46:14 | 00,002,034 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2009/03/31 21:45:00 | 00,001,652 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L74F07908C6B04E1BBFCC70CD663E32A2.job
[2009/03/31 21:41:50 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\MSNInstaller
[2009/03/31 21:41:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2009/02/25 15:24:48 | 00,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2008/12/08 18:08:19 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/09/19 05:41:00 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/01/18 01:33:29 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2006/11/02 06:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:34:27 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2004/12/21 11:13:56 | 00,191,136 | ---- | C] () -- C:\Windows\System32\plx_upldr.dll

========== Files - Modified Within 30 Days ==========

[2009/04/20 07:37:25 | 00,048,639 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/04/20 07:37:06 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTListIt2.exe
[2009/04/20 07:27:01 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2009/04/20 07:26:52 | 00,048,639 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/04/20 07:26:52 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/04/20 07:26:52 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2009/04/20 07:26:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/20 07:26:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/20 07:26:16 | 42,941,68576 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/19 22:33:02 | 03,064,064 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2009/04/19 12:07:26 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8BDE2B48-8F4D-4C15-9E3F-B51AE4E7D244}.job
[2009/04/18 08:00:04 | 00,001,668 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L9EB8E03F387A4DAA8B50816947BC2AAB.job
[2009/04/16 17:00:03 | 00,001,652 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L74F07908C6B04E1BBFCC70CD663E32A2.job
[2009/04/15 07:08:39 | 00,037,376 | ---- | M] () -- C:\Users\Admin\Documents\A Walk for Stephanie.wps
[2009/04/15 07:08:39 | 00,000,336 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/04/15 06:52:14 | 00,020,992 | ---- | M] () -- C:\Users\Admin\Documents\Donation email.wps
[2009/04/14 21:24:37 | 00,000,189 | ---- | M] () -- C:\Users\Admin\Desktop\STORE N GO (D) - Shortcut.lnk
[2009/04/14 19:03:08 | 00,020,480 | ---- | M] () -- C:\Users\Admin\Documents\Evals SERGIO V #2.xls
[2009/04/14 17:27:09 | 00,011,927 | ---- | M] () -- C:\Users\Admin\Documents\DonationAddresses.csv
[2009/04/14 17:01:56 | 00,004,046 | ---- | M] () -- C:\Users\Admin\Documents\MSN contacts.csv
[2009/04/14 16:36:14 | 00,008,679 | ---- | M] () -- C:\Users\Admin\Documents\Sample_CSVContactsFile(1).csv
[2009/04/14 13:01:06 | 00,008,661 | ---- | M] () -- C:\Users\Admin\Documents\RegisteredVisitors(1).csv
[2009/04/14 07:19:08 | 00,000,076 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2009/04/10 18:00:27 | 00,018,944 | ---- | M] () -- C:\Users\Admin\Documents\FAFSA Estimated 2009 letter.wps
[2009/04/10 16:33:26 | 00,004,608 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 21:48:58 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Double Deluxe.lnk
[2009/04/07 08:04:46 | 00,145,902 | ---- | M] () -- C:\Windows\hpoins21.dat
[2009/04/07 08:04:17 | 00,000,179 | ---- | M] () -- C:\Windows\win.ini
[2009/04/07 08:02:37 | 00,002,065 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.01.lnk
[2009/04/07 08:02:02 | 00,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2009/04/07 07:59:30 | 00,001,191 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/04/06 17:02:14 | 00,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/04/06 14:49:41 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/06 08:10:14 | 00,001,763 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/04/01 15:10:39 | 00,002,034 | ---- | M] () -- C:\Users\Public\Desktop\MSN.lnk
[2009/04/01 08:01:07 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/03/31 22:09:27 | 00,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2009/03/31 22:02:03 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
< End of report >

Jintan · 04-20-2009, 02:44 PM

64 bit. I tend to be geared up for malware counter-attacks, so it just didn't cross my mind you are running a 64 bit system. Most of our tools, as well as myself pretty much, are set up for 32 bit systems only. I think I see the items related to both the desktop icons and running a check disk perhaps, but not sure these were set by any infection. Maybe some changes made by SpySweeper? Was everything running okay, or with this 2 week old laptop have you never had these things working correctly?

Be sure to temp disable SpySweeper and any other security software.

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

Open Notepad (Start Search, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

---------------

Code:

@ECHO OFF
if exist winkey.txt del winkey.txt 
REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute > winkey.txt
notepad winkey.txt

Open Notepad (Start Search, type notepad and press Enter).

Copy/paste the above text into the open text box, then save this to your desktop as "cfgcheck.bat"

Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

cashionl · 04-20-2009, 07:59 PM

The desktop icons were working properly when I got the computer. I do not know if the other program was working since I had not tried to run it before I started getting the error messages.

Here are the results for the latest scan you asked for.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

Jintan · 04-20-2009, 10:06 PM

That check disk is already preset to run. Have you rebooted recently to check again if it will run at bootup? I am sensing that these problems are not malware related, and having me guess at them on a 64 bit Vista install would not be in your best interests here. Better if you asked on these issues in the TSF Windows Vista Support here. If you placed a link in a request there to this thread then the folks who might help out will also be able to check the log info here.

cashionl · 04-21-2009, 05:04 PM

I still believe this to be a virus of some sort. It is getting worse. Now I get

hpqtra08.exe - Corrupt File
The file of directory C:\Users\Admin\AppData\Roaming\Microsoft\Windows\StartMenu\Programs is corrupt and unreadable. Please run Chkdsk utility.

Anything I try to do locks up the computer. Opening Control Panel, starting MSN etc.

cashionl · 04-21-2009, 05:08 PM

I still believe this to be a virus of some sort. It is getting worse. Now I get

hpqtra08.exe - Corrupt File
The file of directory C:\Users\Admin\AppData\Roaming\Microsoft\Windows\StartMenu\Programs is corrupt and unreadable. Please run Chkdsk utility.

Anything I try to do locks up the computer. Opening Control Panel, starting MSN etc.

I have been running my Webroot Antivirus Program daily and every time it finds 5 - 25 cookies. Is this normal?

Jintan · 04-21-2009, 07:06 PM

HP Digital Imaging Monitor startup having problems there. I have seen this being pretty quick at startups to load, and I sense maybe SpySweeper or some setting you have on it may be keeping it from doing that. Yes, cookies are relatively harmless, and are normal when you do web surfing. I really do feel you are having issues using SpySweeper on this already fairly complex setup, and encourage you to ask folks who are more handy with 64 bit Vista for ideas and suggestions.

04-18-2009, 09:05 AM	#1 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Desktop icons have disappeared, cannot connect wirelessly I seem to have gotten my new computer a nasty virus. My desktop icons show up with the laptop first starts and immediately disappear. I am not able to run the Check Disk Utility on my computer. I am also unable to connect to the internet wirelessly even though the wireless light is on. I don't know if these are related or not. I have read the "Read This Before Posting" instructions and am unable to download the DDS program. I have looked through my Add/Remove Programs and did not see any of the programs that were recommended to be removed. The laptop is about two weeks old. Windows Vista Home Premium Intel Core 2 Duo CPU P7450 2.13GHz 4.00 GB Ram NVIDIA GeForce 9800M GS Can you please help me? Thank you so much in advance. Lisa

04-18-2009, 09:17 PM	#2 (permalink)
Jintan Analyst, Security Team Join Date: Feb 2006 Posts: 228 OS: 2K	Re: Desktop icons have disappeared, cannot connect wirelessly Hello cashionl. Yes, please post the DDS.txt log for review here. Also go to Task Manager (press Ctrl - Alt - Delete), click File - New Task, type in explorer.exe then click OK. See if your desktop icons appear then. Might be explorer has been hijacked in some way as well, so for now be sure to post that log so i can get an idea of things there, __________________

04-19-2009, 08:41 AM	#3 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Re: Desktop icons have disappeared, cannot connect wirelessly Jintan, I can't post the DDS.txt log because I was unable to download it. I tried but it did not show up on the desktop. I looked in the add/delete program log and it is not there either. I opened task manager, new task and typed explorer.exe and it opened my documents file.

04-19-2009, 08:49 AM	#4 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Re: Desktop icons have disappeared, cannot connect wirelessly Jintan, I went to my desktop and right clicked, clicked on view, removed the check mark next to view icons and then reversed the steps. My icons are back but who knows for how long. I tried again to download DDS. It comes up with the DOS looking black box but it says "This tool does not support your operating system. Press any key to continue." When I press a key it disappears.

04-19-2009, 06:47 PM	#5 (permalink)
Jintan Analyst, Security Team Join Date: Feb 2006 Posts: 228 OS: 2K	Re: Desktop icons have disappeared, cannot connect wirelessly Let's do a different look then. Surprising so much is occurring on a new system - did you install something and then this all started? Also I am not clear if you are having download issues or issues running the scans. You say "download" but then with that "DOS" reference are describing the scan tool running. Be sure on Vista to right click - Run as Administrator for all the tools we use here. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. If necessary allow it to locate or download a copy of HijackThis as needed. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed. __________________

04-19-2009, 07:36 PM	#6 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Re: Desktop icons have disappeared, cannot connect wirelessly When I try to run the latest program you instructed me to I get: Error Line -1 Error Script used with non-Array variable. With the DDS program it does open the DOS window and then tells me "This tool does not support your operating system. Press any key to continue." When I press a key it disappears. I do not understand what you mean by right click to run as Administrator.

04-19-2009, 08:44 PM	#7 (permalink)
Jintan Analyst, Security Team Join Date: Feb 2006 Posts: 228 OS: 2K	Re: Desktop icons have disappeared, cannot connect wirelessly When you follow the steps to click/run and tool file, right click that file (example - DDS.scr) and select "Run as Adminstrator". Try this now for DDS.scr if you would. If that does not work, Download OTListIt2 from here to your desktop, then click OTListIt2.exe to open the scan display. Remember - right click - Run as Administrator. Place a check in the "Scan All Users" box at the top of OTListIt, then click "Run Scan". Once the scan completes a text box will open - copy/paste those contents back here please (this will also be saved to the desktop as OTListIt.txt). Do not make any other changes in OTListIt before running the scan. __________________

04-20-2009, 02:44 PM	#9 (permalink)
Jintan Analyst, Security Team Join Date: Feb 2006 Posts: 228 OS: 2K	Re: Desktop icons have disappeared, cannot connect wirelessly 64 bit. I tend to be geared up for malware counter-attacks, so it just didn't cross my mind you are running a 64 bit system. Most of our tools, as well as myself pretty much, are set up for 32 bit systems only. I think I see the items related to both the desktop icons and running a check disk perhaps, but not sure these were set by any infection. Maybe some changes made by SpySweeper? Was everything running okay, or with this 2 week old laptop have you never had these things working correctly? Be sure to temp disable SpySweeper and any other security software. Code: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoActiveDesktop"=dword:00000000 "NoActiveDesktopChanges"=dword:00000000 Open Notepad (Start Search, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox. Save this to your desktop as "fixer.reg" Be sure to include the "" quotes in the name. Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry. --------------- Code: @ECHO OFF if exist winkey.txt del winkey.txt REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute > winkey.txt notepad winkey.txt Open Notepad (Start Search, type notepad and press Enter). Copy/paste the above text into the open text box, then save this to your desktop as "cfgcheck.bat" Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please. __________________

04-20-2009, 07:59 PM	#10 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Re: Desktop icons have disappeared, cannot connect wirelessly The desktop icons were working properly when I got the computer. I do not know if the other program was working since I had not tried to run it before I started getting the error messages. Here are the results for the latest scan you asked for. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

04-20-2009, 10:06 PM	#11 (permalink)
Jintan Analyst, Security Team Join Date: Feb 2006 Posts: 228 OS: 2K	Re: Desktop icons have disappeared, cannot connect wirelessly That check disk is already preset to run. Have you rebooted recently to check again if it will run at bootup? I am sensing that these problems are not malware related, and having me guess at them on a 64 bit Vista install would not be in your best interests here. Better if you asked on these issues in the TSF Windows Vista Support here. If you placed a link in a request there to this thread then the folks who might help out will also be able to check the log info here. __________________

04-21-2009, 05:04 PM	#12 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Re: Desktop icons have disappeared, cannot connect wirelessly I still believe this to be a virus of some sort. It is getting worse. Now I get hpqtra08.exe - Corrupt File The file of directory C:\Users\Admin\AppData\Roaming\Microsoft\Windows\StartMenu\Programs is corrupt and unreadable. Please run Chkdsk utility. Anything I try to do locks up the computer. Opening Control Panel, starting MSN etc.

04-21-2009, 05:08 PM	#13 (permalink)
cashionl Registered User Join Date: Sep 2007 Posts: 16 OS: Windows Vista	Re: Desktop icons have disappeared, cannot connect wirelessly I still believe this to be a virus of some sort. It is getting worse. Now I get hpqtra08.exe - Corrupt File The file of directory C:\Users\Admin\AppData\Roaming\Microsoft\Windows\StartMenu\Programs is corrupt and unreadable. Please run Chkdsk utility. Anything I try to do locks up the computer. Opening Control Panel, starting MSN etc. I have been running my Webroot Antivirus Program daily and every time it finds 5 - 25 cookies. Is this normal?

04-21-2009, 07:06 PM	#14 (permalink)
Jintan Analyst, Security Team Join Date: Feb 2006 Posts: 228 OS: 2K	Re: Desktop icons have disappeared, cannot connect wirelessly HP Digital Imaging Monitor startup having problems there. I have seen this being pretty quick at startups to load, and I sense maybe SpySweeper or some setting you have on it may be keeping it from doing that. Yes, cookies are relatively harmless, and are normal when you do web surfing. I really do feel you are having issues using SpySweeper on this already fairly complex setup, and encourage you to ask folks who are more handy with 64 bit Vista for ideas and suggestions. __________________