WiredWX Hobby Weather ToolsLog in

 


Don't know what happened...files got deleted

2 posters

descriptionDon't know what happened...files got deleted EmptyDon't know what happened...files got deleted

more_horiz
This involves my work computer and I don't know what happened, but I noticed that after I had downloaded the new docmagic doc viewer program, all of the files on my desktop and old files in a backup folder were all deleted. I'm not sure if this was the cause of it or not. I tried system restore but it didn't do anything/and couldn't be completed. I'm really hoping all of the files weren't permanently deleted.

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Hello, Welcome to GeekPolice! I am Houndmom and I will be helping you get your computer cleaned up. Right On!


Please note the following information about the malware forum:


    * Only Tech Officers, Global Moderators, Administrators,, Malware Advisors and Tech Staff are allowed to give advice on removing malware from your computer.
    * From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    * Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    * If you have already asked for help somewhere, please post the link to the topic you were helped.
    * We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

    * Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


As I am a student, Please wait while I consult my instructors on the first step.

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Thanks for waiting. We can begin now, but as before I need to consult with my instructors each time.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Then run this tool:



  • Download OTL.exe onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.

    Note: To Copy - highlight text and choosing CTRL C or by right click and choose copy
    To Paste - by clicking in your post box here on the forum and choosing CTRL V or right click and choose paste




descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8135

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/10/2011 3:52:28 PM
mbam-log-2011-11-10 (15-52-28).txt

Scan type: Quick scan
Objects scanned: 200530
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Did you also run OTL?
If so, I need that log also.

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
OTL logfile created on: 11/14/2011 2:51:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 479.07 Mb Available Physical Memory | 47.19% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 118.71 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Computer Name: YOUR-235B2CE4A2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 14:51:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL(5).exe
PRC - [2011/11/10 09:05:24 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/21 16:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2010/02/01 14:11:48 | 000,297,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe
PRC - [2009/11/16 15:11:30 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/05/29 15:27:56 | 000,036,864 | ---- | M] (Ellie Mae, Inc.) -- C:\Program Files\Encompass\EncompassServer.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:33:38 | 000,886,000 | ---- | M] (AT&T Inc.) -- C:\Program Files\interwise\participant\pull.exe
PRC - [2003/10/20 10:51:08 | 000,178,688 | ---- | M] (Ricoh Co.,Ltd.) -- C:\Program Files\RDS\SrScanDr.exe
PRC - [2002/11/20 15:53:10 | 000,036,864 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\DdsSchedNT.exe
PRC - [2002/07/31 09:43:44 | 000,098,304 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\SOption.exe
PRC - [2002/07/10 16:55:28 | 000,139,264 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\Dds.exe
PRC - [2001/03/23 09:39:12 | 000,028,672 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\spooler.exe
PRC - [2000/11/30 21:34:36 | 000,065,536 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\RsiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 09:05:25 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/14 12:42:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 12:38:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 08:33:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 08:33:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 08:32:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 08:27:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 08:26:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 08:23:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/09/22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/06/18 11:22:36 | 005,612,496 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/02/01 14:11:48 | 000,297,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe
MOD - [2008/04/14 04:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:35:10 | 000,024,576 | ---- | M] () -- C:\Program Files\interwise\participant\IwReg.dll
MOD - [2002/12/06 22:15:18 | 000,418,304 | ---- | M] () -- C:\Program Files\interwise\participant\exchndl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/21 16:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2010/02/01 14:11:48 | 000,297,120 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe -- (DML Service)
SRV - [2008/05/29 15:27:56 | 000,036,864 | ---- | M] (Ellie Mae, Inc.) [Auto | Running] -- C:\Program Files\Encompass\EncompassServer.exe -- (EncompassServer)
SRV - [2003/10/20 10:51:08 | 000,178,688 | ---- | M] (Ricoh Co.,Ltd.) [Auto | Running] -- C:\Program Files\RDS\SrScanDr.exe -- (ScanRouterDriverV2)
SRV - [2002/11/20 15:53:10 | 000,036,864 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\DdsSchedNT.exe -- (DdsSched)
SRV - [2002/07/31 09:43:44 | 000,098,304 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\SOption.exe -- (SOption)
SRV - [2000/11/30 21:34:36 | 000,065,536 | ---- | M] (RICOH Company Ltd.) [Auto | Running] -- C:\Program Files\RDS\RsiSvc.exe -- (RsiSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/03 19:05:22 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111113.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/03 19:05:22 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111113.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/21 16:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys -- (ccHP)
DRV - [2011/09/21 16:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/09/21 16:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS -- (SYMFW)
DRV - [2011/09/21 16:40:13 | 000,036,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2011/09/21 16:40:13 | 000,033,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS -- (SYMIDS)
DRV - [2011/08/22 23:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111111.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/06/02 15:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/01/27 11:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/08/22 00:26:08 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 00:26:08 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 00:26:08 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 00:26:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 00:25:58 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 00:25:58 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/08/20 07:57:17 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/26 13:48:00 | 004,881,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/09 20:10:00 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys -- (HSFHWBS3)
DRV - [2008/09/09 20:09:54 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/09/09 20:09:52 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2008/08/07 03:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/14 14:26:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 14:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2010/03/11 11:22:47 | 000,000,000 | ---D | M]

[2009/10/22 15:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/11/14 09:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zsvxsg3j.default\extensions
[2010/06/25 08:25:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zsvxsg3j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 16:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/14 14:26:43 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/11/10 16:13:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2010/03/11 11:22:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOVE NETWORKS
[2009/11/16 15:11:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Push Client.LNK = C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Delivery Services.lnk = C:\Program Files\RDS\DdsLaunch.exe (RICOH Company Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mrmlsmatrix.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safemls.net ([]* in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBFFCC26-CE82-4A1F-AE27-0EB9F991A359}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 14:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0662fd71-3b71-11de-babc-0024818d0e72}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 09:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/10 15:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/11/10 15:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/10 15:43:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/10 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/10 14:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Martiniez
[2011/11/09 14:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Borjkhani
[2011/11/08 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Teora
[2011/11/08 14:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\T. Kaloper
[2011/11/08 14:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Monroy
[2011/11/08 14:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\L. Mardesich
[2011/11/08 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\DocMaster
[2011/11/08 12:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\DocMagic
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 14:42:06 | 001,884,625 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park.pdf
[2011/11/14 14:34:19 | 000,399,842 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park comps.pdf
[2011/11/14 14:34:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 14:34:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 09:00:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 09:00:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 15:43:24 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 15:36:50 | 000,001,453 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2011/11/10 15:19:13 | 000,127,769 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\3429 edloft.pdf
[2011/11/10 14:55:40 | 001,300,132 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\1335 W 8th St San Pedro Ca .pdf
[2011/11/08 15:08:43 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Sean.lnk
[2011/11/08 12:40:53 | 000,491,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 12:40:53 | 000,090,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 12:32:54 | 000,910,877 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Note and Deed.pdf
[2011/10/27 11:40:58 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 14:42:06 | 001,884,625 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park.pdf
[2011/11/14 13:05:57 | 000,399,842 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ocean park comps.pdf
[2011/11/10 15:43:24 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 15:19:13 | 000,127,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\3429 edloft.pdf
[2011/11/10 14:55:39 | 001,300,132 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\1335 W 8th St San Pedro Ca .pdf
[2011/11/08 15:08:43 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Sean.lnk
[2011/11/08 12:32:54 | 000,910,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Note and Deed.pdf
[2011/05/18 14:17:04 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/28 10:26:25 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/09 15:07:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/26 10:19:43 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2010/04/26 10:19:43 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2010/04/26 10:19:43 | 000,352,256 | R--- | C] () -- C:\WINDOWS\System32\zSHP2600.EXE
[2010/04/26 10:19:43 | 000,299,008 | R--- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
[2010/01/04 15:25:53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2010/01/04 15:25:53 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2010/01/04 15:25:05 | 000,001,453 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2010/01/04 15:16:26 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/08/07 15:45:58 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2009/08/07 15:45:58 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2009/07/17 10:38:52 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/07/17 10:38:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/11/26 15:38:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 14:40:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 14:27:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/26 14:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/26 13:11:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 13:10:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 13:10:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 13:10:49 | 000,491,354 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 13:10:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 13:10:49 | 000,090,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 13:10:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 13:10:49 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 13:10:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/11/26 13:10:46 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 13:10:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 13:10:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 13:10:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 06:17:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/26 06:17:10 | 000,147,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/24 10:33:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2003/11/12 09:16:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2000/02/17 13:57:02 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\GN32.DLL
[1999/10/13 14:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\GNS2KZIP.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/26 14:25:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/02 15:06:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/02/14 15:10:50 | 000,022,016 | ---- | M] (RICOH COMPANY, LTD.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\RC00C1B0.dll
[2007/06/27 01:00:00 | 000,057,344 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/26 14:25:54 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/10/06 17:03:57 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\Thumbs.db
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/07 16:45:04 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/11/26 14:29:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/08/18 13:43:24 | 001,277,680 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CouponPrinter.exe

< %USERPROFILE%\*.exe >
[2010/08/25 10:05:45 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\g2mdlhlpx.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/10 09:05:23 | 000,110,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/10 09:05:24 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/10 09:05:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/10 09:05:37 | 000,247,768 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/07 16:45:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/26 06:16:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/11/26 06:16:42 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/11/26 06:16:41 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 04:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/09/06 05:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/02 15:06:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll
[2007/02/14 15:10:50 | 000,022,016 | ---- | M] (RICOH COMPANY, LTD.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\RC00C1B0.dll
[2007/06/27 01:00:00 | 000,057,344 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\zIMFPRNT.DLL

< %SYSTEMDRIVE%\*.* >
[2010/07/26 08:57:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/11/26 14:25:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/07 16:44:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/26 14:25:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/26 14:25:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/04 13:51:47 | 000,000,457 | -H-- | M] () -- C:\IPH.PH
[2010/04/26 10:21:04 | 000,023,048 | ---- | M] () -- C:\LJCP1215.log
[2008/11/26 14:25:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/14 09:00:46 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/09/08 08:42:09 | 000,000,328 | ---- | M] () -- C:\updatedatfix.log

< %PROGRAMFILES%\*. >
[2011/10/04 08:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/09 09:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/10/04 08:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/11/26 14:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/11/26 14:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/09/12 11:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/11/26 14:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2011/11/08 12:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\DocMagic
[2011/10/06 14:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\Encompass
[2009/05/08 08:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\EncompassData
[2010/02/03 08:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/04/26 10:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2009/09/01 09:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\ieSpell
[2009/07/17 10:20:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/11/26 14:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/10/14 08:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/23 11:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\interwise
[2009/11/16 15:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/09/12 11:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2011/11/10 15:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/08 15:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/03/04 12:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/11/26 14:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/08/05 12:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/14 14:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/03/22 08:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/07/06 10:23:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/06 16:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/05/08 10:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2009/05/12 09:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 08:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/14 14:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/11/26 14:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/11/26 14:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/26 14:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/01/05 09:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/30 08:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/11/26 14:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/07/15 09:22:53 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2011/02/19 09:21:42 | 000,000,000 | R--D | M] -- C:\Program Files\Norton Support
[2009/07/15 09:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2008/11/26 14:22:41 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 10:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/11/26 14:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2009/10/26 15:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/17 10:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\RDS
[2008/11/26 14:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/07/28 10:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\RedX
[2008/11/26 14:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/20 07:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/11/26 14:29:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/04 12:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/03/04 12:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/11/26 14:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/26 14:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/15 09:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/26 14:24:06 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/11/26 14:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2008/11/26 06:17:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:disk.sys
[2008/04/14 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:usbstor.sys
[2008/04/14 04:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-10 17:08:14

< End of report >

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
OTL Extras logfile created on: 11/14/2011 2:51:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 479.07 Mb Available Physical Memory | 47.19% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 118.71 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Computer Name: YOUR-235B2CE4A2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1370:TCP" = 1370:TCP:*:Enabled:1370
"1370:UDP" = 1370:UDP:*:Enabled:1370
"1369:TCP" = 1369:TCP:*:Enabled:1369
"1369:UDP" = 1369:UDP:*:Enabled:1369
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Encompass\EncompassServer.exe" = C:\Program Files\Encompass\EncompassServer.exe:LocalSubNet:Enabled:Encompass Server -- (Ellie Mae, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EMMSDE)
"{2D1421F3-0E2C-4989-A146-64090A48701F}" = Encompass
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{387D6CC5-6D6C-4BA0-8EAF-955813BFC5D8}" = ScanRouter V2 Lite
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6100998A-C99C-4F91-93FC-3485243A030D}" = Encompass Installation Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD SE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}" = Point 7.2
"{E6B4F1D6-A245-4A78-BB91-A34905DD6551}" = RolEDX Advantage
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AT&T Connect Participant" = AT&T Connect Participant
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"N360" = Norton 360
"OUTLOOKR" = Microsoft Office Outlook 2007
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2011 7:39:58 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Error | ID = 1000
Description = Faulting application winpoint.exe, version 7.2.1146.1029, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/10/2011 4:19:52 PM | Computer Name = YOUR-235B2CE4A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application winpoint.exe, version 7.2.1146.1029, stamp 4aea7833,
faulting module mscorwks.dll, version 2.0.50727.3625, stamp 4e154c98, debug? 0,
fault address 0x000b0dce.

Error - 11/10/2011 8:08:31 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 8:54:04 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL(3).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:03:13 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL(3).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:04:12 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:07:11 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:09:48 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:10:16 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:10:19 PM | Computer Name = YOUR-235B2CE4A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/10/2011 3:38:56 PM | Computer Name = YOUR-235B2CE4A2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 11/10/2011 8:10:43 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 11/10/2011 8:11:13 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 11/10/2011 8:12:12 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 11/10/2011 8:13:32 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/10/2011 8:14:04 PM | Computer Name = YOUR-235B2CE4A2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 11/10/2011 8:15:37 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/10/2011 8:15:37 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/14/2011 1:00:52 PM | Computer Name = YOUR-235B2CE4A2 | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 11/14/2011 1:01:28 PM | Computer Name = YOUR-235B2CE4A2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3


< End of report >

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


If your files are still not showing up, Please run:

  • Please download and run UnHide.exe by Grinler.
  • Once finished let me know if they are back?


You need to update JAVA and adobe :
Go into control panel >>remove a program to uninstall the old version 6 Update17 then:
Install Java 6 Update29 here

Uninstall Adobe 9.4.6 by going into the control panel >>remove program
Install Adobe X here
Uncheck the McAfee scan box, download and allow the install.

How is the machine running now? Any more problems?

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80be0464808cc04a939f6be98b6af2fd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-16 12:32:34
# local_time=2011-11-15 04:32:34 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777173 100 100 2128873 69548350 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78931
# found=0
# cleaned=0
# scan_time=4049

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Files still didn't show up ...

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Thanks for posting the ESET results.




Did you update JAVA and Adobe ?

Also, are there any remaining issues?

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
yes i did install the updates. there are no other issues besides my files being gone/deleted

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
Hello again
Please download ComboFix Don't know what happened...files got deleted Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
ComboFix 11-11-18.02 - HP_Administrator 11/18/2011 10:10:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.483 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\commy.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\PostBuild.exe
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-16 23:17 . 2011-11-16 23:17 -------- d-----w- c:\program files\Common Files\Java
2011-11-16 23:16 . 2011-10-03 13:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-16 23:16 . 2011-10-03 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 23:21 . 2011-11-15 23:21 -------- d-----w- c:\program files\ESET
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-10 23:43 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 20:06 . 2011-11-08 20:06 -------- d-----w- c:\program files\DocMagic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-11-26 22:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:37 . 2009-11-16 23:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-11-26 21:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-11-26 21:10 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2007-10-09 21:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2008-11-26 21:10 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-22 00:40 . 2011-10-11 16:04 48760 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symndisv.sys
2011-09-22 00:40 . 2011-10-11 16:04 217464 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symtdi.sys
2011-09-22 00:40 . 2011-10-11 16:03 36472 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symndis.sys
2011-09-22 00:40 . 2011-10-11 16:03 89976 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symfw.sys
2011-09-22 00:40 . 2011-10-11 16:03 33144 ----a-w- c:\windows\system32\drivers\N360\0308030.006\symids.sys
2011-09-22 00:40 . 2011-10-11 16:03 467592 ----a-w- c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys
2011-09-06 13:20 . 2008-11-26 21:10 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-11-26 21:10 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-11-26 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-11-26 21:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-11-26 21:10 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-26 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Push Client.LNK - c:\program files\interwise\participant\pull.exe [2009-11-23 886000]
Start Delivery Services.lnk - c:\program files\RDS\DdsLaunch.exe [2009-7-17 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 23:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1370:TCP"= 1370:TCP:1370
"1370:UDP"= 1370:UDP:1370
"1369:TCP"= 1369:TCP:1369
"1369:UDP"= 1369:UDP:1369
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/11/2011 8:03 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/11/2011 8:03 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/11/2011 8:03 AM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111117.030\IDSXpx86.sys [11/17/2011 4:20 PM 356280]
R2 DdsSched;Dds Scheduler Deamon;c:\program files\RDS\DdsSchedNT.exe [7/17/2009 10:20 AM 36864]
R2 EncompassServer;EncompassServer;c:\program files\Encompass\EncompassServer.exe [5/29/2008 3:27 PM 36864]
R2 MSSQL$EMMSDE;SQL Server (EMMSDE);c:\program files\Microsoft SQL Server\EMMSDE\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [10/11/2011 8:02 AM 117648]
R2 RsiSvc;Ridoc Server Information Service;c:\program files\RDS\RsiSvc.exe [7/17/2009 10:20 AM 65536]
R2 ScanRouterDriverV2;ScanRouterDriverV2;c:\program files\RDS\SrScanDr.exe [7/17/2009 10:20 AM 178688]
R2 SOption;SOption;c:\program files\RDS\SOption.exe [7/17/2009 10:20 AM 98304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 9:12 AM 106104]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 2:34 PM 207872]
S2 DML Service;DML Service;c:\documents and settings\HP_Administrator\Application Data\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe [2/1/2010 2:11 PM 297120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:39 AM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:39 AM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:39]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: docmagic.com\www
Trusted Zone: mrmlsmatrix.com
Trusted Zone: safemls.net
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zsvxsg3j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 10:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-11-18 10:21:30
ComboFix-quarantined-files.txt 2011-11-18 18:21
.
Pre-Run: 128,724,328,448 bytes free
Post-Run: 128,887,738,368 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5E193A564A6222D185D553C9B900AA6B

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
You will need to enable hidden files and folders by doing the following:
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


*Double-click SystemLook.exe to run it.

*Copy the content of the following codebox into the main textfield:

Code:

:dir
%Temp%\smtmp /s


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionDon't know what happened...files got deleted EmptyRe: Don't know what happened...files got deleted

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum