Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91679 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] No desktop and HiJack Logfile


  • This topic is locked This topic is locked
10 replies to this topic

#1 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 25 October 2009 - 10:19 AM

Hey guys nice to meet you. I will tell you what I've already done and experienced and show you where I am at.

1. No desktop just wallpaper. Seems to be a pretty common virus

2. XP OS

3. No system restore exists. Was at first turned off by group policy and went into GPEDIT and fixed the System Restore and Regedit so I could then use these functions again.

4. There are no extra explorer.exe files outside of what is in C:\WINDOWS

5. Can only operate through Task Manager

6. I checked for SCVHOST virus and explorer.exe virus on Processes Tab. Non existant anymore.

7. Malware Bytes and Super Anti Spyware were infected and the main .exe files were removed and blocked. Went in because I couldn't use Safe Mode and put the computer into Restart with only basic functions, Redownloaded Malware with new mbam.exe file name. Was able to run a quick scan and found 60 trojans and renegades. Ran full scan and found 10 more.

8. Booted the computer to start with all normal functioning. Did another Malware scan. Found 11 more trojans.

9. Ran Super Anti and removed 100 tracking cookies and some trojans.

10. Ran several more times and came clear.

11. Still no desktop after restarting.

12. Have been through a ton a ton a ton of research on HKEY's.

13. Downloaded System Restart Scanner.

14. Downloaded HiJACK THIS AND DID A SCAN.

I am at a lost now and was wondering if someone could look through my scans and decipher it for me. Thanks

This is the Log.


////////////////////////

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SPRntiSpywr\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\JOSEPHBYTES\ZZZZZZZz.exe" /runcleanupscript
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ixajohuf] rundll32.exe "C:\WINDOWS\ipoxewofesed.dll",Startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [IeServer] C:\WINDOWS\help\NvCpl.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [sufefawuni] Rundll32.exe "C:\WINDOWS\system32\donikibi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sufefawuni] Rundll32.exe "C:\WINDOWS\system32\donikibi.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} (CPlayFirstMythicMarblesControl Object) - http://download.play...les.1.0.0.3.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgre...eensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.3.5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6262E38D-C782-4403-A333-8E1AB70E0CAC} (CPlayFirstWeddingDasControl Object) - http://download.play...eb.1.0.0.10.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.play...ash.1.0.0.9.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://download.play...eb.1.0.0.10.cab
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.play...eb.1.0.0.15.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://download.play...eb.1.0.0.13.cab
O16 - DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} (CPlayFirstMahjongRoaControl Object) - http://download.play...eb.1.0.0.16.cab
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} (CPlayFirstDressShopHControl Object) - http://download.play...Web.1.0.0.7.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O20 - AppInit_DLLs: sidesaje.dll c:\windows\system32\pawehuhe.dll c:\windows\system32\bamoleta.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SPRntiSpywr\SASWINLO.dll
O21 - SSODL: dagivaser - {16b55606-74c6-4c55-b9a1-7c39966fa451} - c:\windows\system32\bamoleta.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {16b55606-74c6-4c55-b9a1-7c39966fa451} - c:\windows\system32\bamoleta.dll (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 13547 bytes

    Advertisements

Register to Remove


#2 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 26 October 2009 - 08:58 AM

um someone replied and i can't see it

#3 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 27 October 2009 - 02:26 PM

someone please help me. i am trying to avoid reinstalling XP

#4 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 27 October 2009 - 03:01 PM

Here is my SystemLook log


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:47 on 27/10/2009 by HP_Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.ex*"
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a--- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c 1033216 bytes [23:12 29/09/2008] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c 1032192 bytes [11:07 15/08/2007] [12:00 10/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\explorer.exe --a--- 1033728 bytes [12:00 10/08/2004] [00:12 14/04/2008] (Unable to calculate MD5)
C:\WINDOWS\I386\EXPLORER.EX_ ------ 359533 bytes [04:00 10/08/2004] [12:00 10/08/2004] 4F061B12F3D5457315A0314954E7EF46
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------ 1033728 bytes [12:08 04/09/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
(Unable to open key - key not found)

-=End Of File=-


http://r3953724.cn

I also get this redirection website alot.

#5 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 27 October 2009 - 03:15 PM

My OTL Log



OTL logfile created on: 10/27/2009 5:10:59 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\HP_Administrator\desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 458.84 Mb Available Physical Memory | 45.19% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.03 Gb Total Space | 17.66 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.42 Gb Free Space | 17.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORNINGSTAR
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\desktop\otl.exe (OldTimer Tools)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
PRC - C:\Program Files\SPRntiSpywr\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\taskmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCTAVSvc [Auto | Running]) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SRV - (Pml Driver [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPHipm09.exe (HP)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe ()
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AVFilter [Auto | Running]) -- C:\WINDOWS\System32\drivers\AVFilter.sys (PC Tools Research Pty Ltd)
DRV - (AVHook [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AVHook.sys (PC Tools Research Pty Ltd.)
DRV - (AVRec [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AVRec.sys (PC Tools Research Pty Ltd )
DRV - (Dot4 HPH09 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hphid409.sys (HP)
DRV - (Dot4Print HPH09 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hphipr09.sys (HP)
DRV - (Dot4Storage HPH09 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hphius09.sys (HP)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FNETTBOH [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS (FNet Co., Ltd.)
DRV - (FNETURPX [System | Running]) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IKFileSec [Boot | Running]) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt [System | Running]) -- C:\WINDOWS\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKSysSec [System | Running]) -- C:\WINDOWS\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PcdrNdisuio [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys (Windows ® 2000 DDK provider)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SPRntiSpywr\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SPRntiSpywr\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\desktop\otl.exe (OldTimer Tools)
MOD - C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll (PC Tools Research Pty Ltd)
MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 03:43:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4A57944D-8BD9-4717-A14C-50D3213C9A77}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{4A57944D-8BD9-4717-A14C-50D3213C9A77} [2009/10/22 10:46:45 | 00,000,000 | ---D | M]

[2009/04/11 17:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\9r32gtbt.default\extensions
[2009/01/25 11:07:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\9r32gtbt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/01/24 00:24:32 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\9r32gtbt.default\searchplugins\search.xml
[2009/05/02 20:14:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/03/30 10:54:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/19 19:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/12/15 14:18:07 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/12/15 14:18:29 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/12/15 14:17:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/02/20 16:04:02 | 02,463,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: (104 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\HomePortal\2PortalMon.exe File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IeServer] C:\WINDOWS\help\NvCpl.exe (aaa)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Ixajohuf] C:\WINDOWS\ipoxewofesed.DLL (Apple Computer, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\JOSEPHBYTES\ZZZZZZZz.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} http://download.play...les.1.0.0.3.cab (CPlayFirstMythicMarblesControl Object)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.3.5.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6262E38D-C782-4403-A333-8E1AB70E0CAC} http://download.play...eb.1.0.0.10.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} http://download.play...ash.1.0.0.9.cab (CPlayFirstDoggieDashControl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://download.play...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} http://download.play...eb.1.0.0.15.cab (CPlayFirstPetShopHopControl Object)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://download.play...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} http://download.play...eb.1.0.0.16.cab (CPlayFirstMahjongRoaControl Object)
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} http://download.play...Web.1.0.0.7.cab (CPlayFirstDressShopHControl Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sidesaje.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\pawehuhe.dll) - C:\WINDOWS\System32\pawehuhe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\bamoleta.dll) - C:\WINDOWS\System32\bamoleta.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SPRntiSpywr\SASWINLO.dll - C:\Program Files\SPRntiSpywr\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: dagivaser - {16b55606-74c6-4c55-b9a1-7c39966fa451} - C:\WINDOWS\System32\bamoleta.dll File not found
O22 - SharedTaskScheduler: {16b55606-74c6-4c55-b9a1-7c39966fa451} - tokatiluy - C:\WINDOWS\System32\bamoleta.dll File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SPRntiSpywr\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/01 13:48:53 | 00,000,100 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/08/01 18:42:22 | 00,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/04 17:54:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/04 16:16:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FNET
[2009/10/04 16:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
[2009/10/07 10:25:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Canon
[2009/10/07 21:53:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
[2009/10/22 10:46:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{4A57944D-8BD9-4717-A14C-50D3213C9A77}
[2009/10/04 16:25:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/10/04 18:01:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009/10/25 08:42:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/04 16:25:19 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/10/04 17:42:23 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/10/04 17:50:58 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/10/24 19:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\JOSEPHBYTES
[2009/10/25 08:44:12 | 00,000,000 | ---D | C] -- C:\Program Files\SPRntiSpywr
[2009/10/25 11:45:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/04 16:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\TurboHddUsb
[2009/10/27 17:10:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/27 17:08:21 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/10/27 16:19:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Virus Scans
[2009/10/24 19:30:47 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 19:30:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/22 21:46:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2009/10/22 14:52:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/22 14:15:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/20 09:01:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Media Player
[2009/10/20 09:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Printer
[2009/10/04 18:01:30 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/10/04 18:01:30 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/10/04 17:53:54 | 00,230,912 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9I.DLL
[2009/10/04 17:51:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2009/10/04 17:51:27 | 00,188,416 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC190O.DLL
[2009/10/04 17:51:26 | 01,323,008 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC190C.DLL
[2009/10/04 17:51:26 | 00,200,704 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC190L.DLL
[2009/10/04 17:51:26 | 00,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC190I.DLL
[2009/10/04 16:47:30 | 00,000,000 | -HSD | C] -- C:\ArcBackupDeviceInfo
[2009/10/04 16:25:34 | 00,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2009/10/04 16:25:19 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2009/10/04 16:16:53 | 00,017,792 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS
[2009/10/04 16:16:53 | 00,007,040 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS
[2009/09/30 09:32:59 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/09/30 09:32:59 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/09/30 09:32:59 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/27 17:08:21 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/10/27 16:46:42 | 00,102,660 | ---- | M] () -- C:\SystemLook.exe
[2009/10/27 11:03:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/10/27 09:55:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 09:55:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 09:55:08 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/25 10:00:04 | 01,709,408 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\taskmanager17.exe
[2009/10/25 08:41:29 | 07,280,672 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware2.exe
[2009/10/24 22:57:42 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/24 22:57:42 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/10/24 22:57:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/24 20:47:16 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\huwupemu
[2009/10/22 22:39:51 | 00,001,405 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\enabledisabledesktopicons.vbs
[2009/10/22 21:57:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/22 13:02:55 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/10/22 13:00:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/22 13:00:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/22 12:47:28 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Hbegesugunep.dat
[2009/10/22 10:46:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Lzuzadomipus.bin
[2009/10/20 23:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/19 08:36:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/19 08:36:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/10/16 14:23:21 | 00,002,091 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Start LNL Proposals.lnk
[2009/10/16 14:10:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/10/16 14:10:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/10/16 08:24:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/10/16 08:24:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/10/16 03:11:08 | 00,507,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 03:11:08 | 00,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 03:11:08 | 00,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 03:07:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 18:11:08 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/10/15 18:11:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/10/15 08:58:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/10/15 08:58:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/10/14 18:44:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/10/14 18:44:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/10/13 13:57:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/13 13:57:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/10/11 11:39:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/11 11:39:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/07 19:22:42 | 01,233,609 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\KennyHill1.pdf
[2009/10/06 23:00:11 | 00,187,904 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TFel_ReferenceForm.doc
[2009/10/06 10:06:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/06 10:06:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/05 19:14:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/05 19:14:20 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/04 16:25:33 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2009/10/04 16:25:33 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia Backup & Record.lnk
[2009/10/04 16:16:54 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboHddUsb.LNK
[2009/10/04 16:16:53 | 00,017,792 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS
[2009/10/04 16:16:53 | 00,007,040 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS
[2009/10/04 16:13:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/04 16:13:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/02 10:53:46 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Documentation.lnk
[2009/10/02 08:53:36 | 01,448,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0070.JPG
[2009/10/02 08:53:27 | 01,498,650 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0068.JPG
[2009/10/02 08:53:03 | 01,723,437 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0066.JPG
[2009/10/02 08:51:52 | 00,509,611 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Photo_052409_001.JPG
[2009/10/02 08:51:46 | 00,187,090 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\5810_100178773333027_100000227132855_1991_4561306_n.JPG
[2009/10/02 08:51:33 | 00,140,881 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\5810_100178763333028_100000227132855_1989_5769799_n.JPG
[2009/10/02 08:51:26 | 00,114,355 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\5810_100178759999695_100000227132855_1988_8258408_n.JPG
[2009/10/02 08:51:18 | 00,153,397 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\l_c28f847b96c1420fbc141b454a781f8e.JPG
[2009/09/30 20:00:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/30 20:00:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/30 09:07:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/30 09:07:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/28 17:29:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/28 17:29:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm

========== Files - No Company Name ==========
[2009/10/27 16:46:42 | 00,102,660 | ---- | C] () -- C:\SystemLook.exe
[2009/10/25 09:59:59 | 01,709,408 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\taskmanager17.exe
[2009/10/25 08:41:14 | 07,280,672 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware2.exe
[2009/10/24 22:58:18 | 00,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2009/10/24 22:58:18 | 00,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/24 22:58:18 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2009/10/24 22:58:18 | 00,000,999 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/10/24 22:58:18 | 00,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/10/24 22:58:18 | 00,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
[2009/10/24 22:58:18 | 00,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
[2009/10/22 22:41:07 | 00,001,405 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\enabledisabledesktopicons.vbs
[2009/10/22 10:46:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Lzuzadomipus.bin
[2009/10/22 10:46:50 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Hbegesugunep.dat
[2009/10/16 09:32:10 | 00,002,091 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Start LNL Proposals.lnk
[2009/10/07 19:24:30 | 01,233,609 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\KennyHill1.pdf
[2009/10/06 23:00:11 | 00,187,904 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TFel_ReferenceForm.doc
[2009/10/04 20:52:07 | 01,723,437 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0066.JPG
[2009/10/04 20:52:07 | 01,498,650 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0068.JPG
[2009/10/04 20:52:07 | 01,448,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0070.JPG
[2009/10/04 20:52:07 | 00,509,611 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Photo_052409_001.JPG
[2009/10/04 20:52:07 | 00,187,090 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\5810_100178773333027_100000227132855_1991_4561306_n.JPG
[2009/10/04 20:52:07 | 00,153,397 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\l_c28f847b96c1420fbc141b454a781f8e.JPG
[2009/10/04 20:52:07 | 00,140,881 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\5810_100178763333028_100000227132855_1989_5769799_n.JPG
[2009/10/04 20:52:07 | 00,114,355 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\5810_100178759999695_100000227132855_1988_8258408_n.JPG
[2009/10/04 16:25:33 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia Backup & Record.lnk
[2009/10/04 16:16:54 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboHddUsb.LNK
[2009/07/22 22:41:40 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jaduzumi.dll
[2009/07/22 10:47:35 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\fovofope.dll
[2009/04/30 22:08:28 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tYpaiaMSat.gif
[2009/04/30 22:08:28 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tYpaiaMSzn.gif
[2009/04/30 22:08:28 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tYpaiaMSby.gif
[2009/04/15 09:57:03 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\tineraka.dll
[2009/04/12 04:04:59 | 01,403,873 | -HS- | C] () -- C:\WINDOWS\System32\onazegef.ini
[2009/04/11 16:03:38 | 01,408,898 | -HS- | C] () -- C:\WINDOWS\System32\ojiyusaw.ini
[2009/02/17 02:49:09 | 03,713,486 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/05/25 18:58:01 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/17 18:40:20 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/13 09:09:46 | 00,000,434 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 20:21:39 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2007/12/27 10:05:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2007/12/27 10:05:20 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2007/12/25 22:19:54 | 00,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/12/24 18:26:57 | 00,003,506 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\B1925410-6EB8-474A-8767-063FA33474FF.txt
[2007/11/11 20:45:49 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/10/24 18:53:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI
[2007/10/24 18:53:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI
[2007/10/24 18:53:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI
[2007/10/24 18:53:27 | 00,000,073 | ---- | C] () -- C:\WINDOWS\VMorpher.INI
[2007/10/23 21:46:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI
[2007/10/22 23:22:42 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2007/10/02 22:54:33 | 00,000,135 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/06 11:07:30 | 00,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/04 20:37:22 | 00,001,022 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/10 19:52:28 | 00,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2007/06/10 19:52:28 | 00,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2007/06/10 19:52:28 | 00,000,019 | ---- | C] () -- C:\WINDOWS\info3.ini
[2007/01/24 22:15:52 | 00,118,016 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
[2007/01/24 21:43:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb6334.dat
[2007/01/24 21:43:49 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb8467.dat
[2007/01/24 21:43:49 | 00,000,049 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb41.dat
[2007/01/24 21:43:42 | 00,000,210 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/24 21:43:40 | 00,000,151 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb292.dat
[2007/01/24 21:43:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb3902.dat
[2007/01/24 21:43:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb153.dat
[2007/01/24 21:43:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb5436.dat
[2007/01/24 21:43:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb4604.dat
[2007/01/24 21:43:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb2391.dat
[2007/01/24 21:43:38 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb4827.dat
[2007/01/24 21:43:37 | 00,000,382 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb1942.dat
[2007/01/24 21:43:37 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inifile41.ini
[2007/01/02 11:23:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/10 22:49:17 | 00,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2006/11/24 22:16:55 | 00,359,112 | ---- | C] () -- C:\Program Files\LimeWireWin.exe
[2006/10/15 13:17:37 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/10/03 21:22:08 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/12/05 20:49:52 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/04 17:23:22 | 00,000,319 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/29 18:54:56 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2005/11/25 15:56:17 | 00,065,616 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/25 14:57:32 | 00,096,768 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/01 13:50:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/01 13:48:02 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/01 13:48:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/01 13:48:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/01 13:48:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/01 13:48:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/01 13:48:02 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/01 13:18:14 | 00,015,326 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/06/01 13:18:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/06/01 13:17:50 | 00,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/06/01 13:13:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/01 12:51:12 | 00,011,972 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/06/01 12:49:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/01 12:44:16 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/06/01 12:30:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/06/01 12:28:10 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/06/01 12:28:10 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/06/01 12:27:48 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 05:41:20 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/27 21:30:40 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/27 21:30:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/01/20 01:45:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/20 01:45:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 01:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6974837
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE96529E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9075FC48
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78D09D71
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3857ABB7
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F
< End of report >

#6 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 27 October 2009 - 03:22 PM

Backed up with ERUNT and my second System Look log SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 17:17 on 27/10/2009 by HP_Administrator (Administrator - Elevation successful) ========== filefind ========== Searching for "sfcfiles.dll" C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll -----c 1580544 bytes [23:11 29/09/2008] [12:00 10/08/2004] 30A609E00BD1D4FFC49D6B5A432BE7F2 C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll ------ 1614848 bytes [12:09 04/09/2008] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79 C:\WINDOWS\system32\sfcfiles.dll --a--- 1614848 bytes [12:00 10/08/2004] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79 -=End Of File=-

#7 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 28 October 2009 - 07:52 AM

has anyone been able to make anything of this? thanks

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 28 October 2009 - 12:12 PM

Hi twint788, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

You shouldn't follow instructions given to another person. Your symptoms may appear to be the same, but the the fixes could make things worse.

Open Task Manager with ctrl,alt,del as you have been doing.
  • In Task Manager, click the Options button
  • check mark Allways on Top
  • This will keep Taskmanager from disappearing when you click on anything else.
  • Using your left mouse button, click on the top blue portion of Task Manager and slide it down to the lower part of your screen so these instructions are visible.

It is important that you do not minimize you browser or taskmanager. If you do you will loose them and will need to start over.

I'll have you create a batch file first then continue.

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    notepad.exe
  • click ok
Notepad should open

  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

ren "C:\WINDOWS\explorer.exe" "C:\WINDOWS\explorer.old"
copy "C:\WINDOWS\ServicePackFiles\i386\explorer.exe" "C:\Windows\explorer.exe"

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "fix.bat"
  • Click save

In Task Manager
  • click file
  • click New Task(Run...)
  • In the open field, copy and paste
    "%userprofile%\desktop\fix.bat"
  • click OK
You may see a brief flash on your screen, that's normal.

In Task Manager
  • click file
  • click New Task(Run...)
  • In the open field, copy and paste
    explorer.exe
  • click OK
Is your desktop back?

If not, please STOP and post back for further instructions.

If you desktop has reappeared, please continue.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Ixajohuf] C:\WINDOWS\ipoxewofesed.DLL (Apple Computer, Inc.)O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O20 - AppInit_DLLs: (sidesaje.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\pawehuhe.dll) - C:\WINDOWS\System32\pawehuhe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\bamoleta.dll) - C:\WINDOWS\System32\bamoleta.dll File not found
O21 - SSODL: dagivaser - {16b55606-74c6-4c55-b9a1-7c39966fa451} - C:\WINDOWS\System32\bamoleta.dll File not found
O22 - SharedTaskScheduler: {16b55606-74c6-4c55-b9a1-7c39966fa451} - tokatiluy - C:\WINDOWS\System32\bamoleta.dll File not found
[2009/10/22 10:46:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Lzuzadomipus.bin
[2009/10/22 10:46:50 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Hbegesugunep.dat
2009/07/22 22:41:40 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jaduzumi.dll
[2009/07/22 10:47:35 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\fovofope.dll
[2009/04/30 22:08:28 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tYpaiaMSat.gif
[2009/04/30 22:08:28 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tYpaiaMSzn.gif
[2009/04/30 22:08:28 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tYpaiaMSby.gif
[2009/04/15 09:57:03 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\tineraka.dll
[2009/04/12 04:04:59 | 01,403,873 | -HS- | C] () -- C:\WINDOWS\System32\onazegef.ini
[2009/04/11 16:03:38 | 01,408,898 | -HS- | C] () -- C:\WINDOWS\System32\ojiyusaw.ini
[2007/01/24 21:43:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb6334.dat
[2007/01/24 21:43:49 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb8467.dat
[2007/01/24 21:43:49 | 00,000,049 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb41.dat
[2007/01/24 21:43:42 | 00,000,210 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/24 21:43:40 | 00,000,151 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb292.dat
[2007/01/24 21:43:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb3902.dat
[2007/01/24 21:43:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb153.dat
[2007/01/24 21:43:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb5436.dat
[2007/01/24 21:43:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb4604.dat
[2007/01/24 21:43:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb2391.dat
[2007/01/24 21:43:38 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb4827.dat
[2007/01/24 21:43:37 | 00,000,382 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\internaldb1942.dat
[2007/01/24 21:43:37 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inifile41.ini

:Services

:Reg

:Files

:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL log.

Please post back with
  • OTL fix log
  • New OTL scan log
How's the computer?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 twint788

twint788

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 28 October 2009 - 01:18 PM

Thanks oldman but too late. I am just now back on. Here's the rundown of what had happened. I could not run safe mode so I tried safe boot.ini operation. This ended up locking me out and going into constant reboot. I was able to switch from a black screen with bbs pop instructions to the blue screen with F key instructions. After several failed attempts, I hit F10 and went into system recovery. The first attempt failed and I went into it again and was sucessful. I have a back hard drive, but I believe I lost all of my favorite websites. I have reinstalled IE8 again and Malware and Super Anti I have updated XP and reinstalled Windows Media Player and was able to recovery all of my wife's important family videos. Good thing is I think she backed up our computer to an external Hardrive before the issues. So now I can start pulling files back over. Thanks though guys. I have learned alot and haven't learned anything at the same time. Ciao.

#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 28 October 2009 - 02:17 PM

Hi, Ok, thanks for letting us know.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#11 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 November 2009 - 12:01 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users