WiredWX Hobby Weather ToolsLog in

 


hp laptop OS cant detect free HD space

2 posters

descriptionhp laptop OS cant detect free HD space Emptyhp laptop OS cant detect free HD space

more_horiz
It boots up fine but then I get tons of error messages from:
"vongo
One or more of the required program files are deleted or corrupted. Please go to control panel - Add/Remove programs, select Vongo then click on Change - REPAIR to repair your installation."

"windows - delayed write failed
failed to save all the components for the file \System32\[DIFF CODES]. The file is corrupted or unreadable. This error may be caused by a PC hardware problem."

"windows detected a hard disk problem"
I can "scan and fix" or "cancel and reboot"
scan opens a program called "system restore" to buy full version sends me to website: https://www.system-restore.com/secure/payments/

"critical error
windows OS can't detect a free hard drive space. hard drive error."

I put in a OS disc but it didnt work - tried both repair and fresh install from the disc.


************************************************************************************************************************
OTL logfile created on: 10/18/2011 11:45:27 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Things to do before posting to GP\OTL
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.16% Memory free
3.85 Gb Paging File | 3.50 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 7.49 Gb Free Space | 7.56% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 1.28 Gb Free Space | 10.90% Space Free | Partition Type: FAT32
Drive F: | 979.98 Mb Total Space | 428.04 Mb Free Space | 43.68% Space Free | Partition Type: FAT32

Computer Name: PC219851897729 | User Name: samuellanderos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 11:33:52 | 000,349,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
PRC - [2011/10/18 11:12:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Things to do before posting to GP\OTL\OTL.com
PRC - [2011/10/14 00:44:57 | 000,466,432 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe
PRC - [2006/05/09 15:11:10 | 000,176,128 | -H-- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2006/03/15 21:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/15 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2005/11/10 21:03:52 | 000,036,975 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/08/11 16:30:30 | 000,618,496 | -H-- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 11:14:43 | 001,291,776 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/07/19 15:13:42 | 000,172,032 | -H-- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2006/05/09 15:09:14 | 000,159,744 | -H-- | M] () -- C:\Program Files\Vongo\CaPolMgr.dll
MOD - [2006/03/15 21:00:00 | 000,262,144 | -H-- | M] () -- C:\WINDOWS\ixohehafiley.dll
MOD - [2006/03/15 21:00:00 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/15 21:00:00 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/03/12 09:07:42 | 003,940,352 | -H-- | M] () -- C:\Program Files\Vongo\qt-mt335.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/01/15 05:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/05/09 15:11:10 | 000,176,128 | -H-- | M] (Starz Entertainment Group LLC) [Auto | Stop_Pending] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2006/03/15 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2006/03/15 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2006/03/15 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2005/10/06 18:12:30 | 000,855,552 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2009/06/22 04:48:44 | 000,091,776 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/06/06 13:39:56 | 000,061,952 | -H-- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 08:02:36 | 000,572,928 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 13:05:02 | 000,057,320 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 10:06:24 | 001,429,632 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/04/20 09:03:20 | 000,995,712 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 09:02:40 | 000,208,000 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 09:02:36 | 000,727,296 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/15 21:00:00 | 000,200,064 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMCast.sys -- (RMCAST)
DRV - [2005/12/22 10:02:22 | 000,051,840 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 13:28:32 | 000,028,928 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 11:08:00 | 000,308,992 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 14:24:20 | 000,005,760 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:24:10 | 000,009,344 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14:23:52 | 000,007,808 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/03 23:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC88FB4D-73A9-4ABB-91C7-0C6C174B3013}: C:\Documents and Settings\SAMUEL L\Local Settings\Application Data\{FC88FB4D-73A9-4ABB-91C7-0C6C174B3013}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C8220996-5223-4ACD-B446-49BEBE1D7AD8}: C:\Documents and Settings\albino landeros.PC219851897729\Local Settings\Application Data\{C8220996-5223-4ACD-B446-49BEBE1D7AD8} [2011/03/19 15:08:13 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{68083949-B3E6-46DA-B0AC-1A9E46778242}: C:\Documents and Settings\SAMUEL L.PC219851897729\Local Settings\Application Data\{68083949-B3E6-46DA-B0AC-1A9E46778242}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F9D99D17-B8EF-48F1-B8C9-FD90FBE58639}: C:\Documents and Settings\SAMUEL L.PC219851897729\Local Settings\Application Data\{F9D99D17-B8EF-48F1-B8C9-FD90FBE58639}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C25B3CE6-1D3E-464E-9793-B384685B3F3F}: C:\Documents and Settings\SAMLP\Local Settings\Application Data\{C25B3CE6-1D3E-464E-9793-B384685B3F3F}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77E2552D-2AC3-43C2-BB41-EB8E14AD7291}: C:\Documents and Settings\Landeros\Local Settings\Application Data\{77E2552D-2AC3-43C2-BB41-EB8E14AD7291}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D5982A55-729E-4A54-B815-08FA29B60526}: C:\Documents and Settings\samuel.PC219851897729\Local Settings\Application Data\{D5982A55-729E-4A54-B815-08FA29B60526}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{54BA8C2A-07B7-4FBC-AC28-9677A739F9F0}: C:\Documents and Settings\SAMLP\Local Settings\Application Data\{54BA8C2A-07B7-4FBC-AC28-9677A739F9F0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E34B300-AF0F-4893-ABDF-4DC46D7ED3D0}: C:\Documents and Settings\SAMUELLP\Local Settings\Application Data\{1E34B300-AF0F-4893-ABDF-4DC46D7ED3D0}\ [2011/07/06 20:21:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3EE624C3-4910-4A4F-97E4-335E449FA90C}: C:\Documents and Settings\Samuell\Local Settings\Application Data\{3EE624C3-4910-4A4F-97E4-335E449FA90C}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5F80F9CF-5CF0-467E-929E-E31937B1E674}: C:\Documents and Settings\SamuelL\Local Settings\Application Data\{5F80F9CF-5CF0-467E-929E-E31937B1E674}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8ACCCE9F-5E2F-42F9-A376-1A37D14874F9}: C:\Documents and Settings\SamuelLanderos.PC219851897729\Local Settings\Application Data\{8ACCCE9F-5E2F-42F9-A376-1A37D14874F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0C2153B5-3CDA-4FAB-8188-2E9AAD8B2091}: C:\Documents and Settings\SAMUELLANDEROSPEREZ\Local Settings\Application Data\{0C2153B5-3CDA-4FAB-8188-2E9AAD8B2091}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{342EFFFE-B80B-4643-860E-9F1464F6CD0B}: C:\Documents and Settings\sam\Local Settings\Application Data\{342EFFFE-B80B-4643-860E-9F1464F6CD0B}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{086AAF6F-F601-45AE-97D4-63BEA0068448}: C:\Documents and Settings\samuel.PC219851897729\Local Settings\Application Data\{086AAF6F-F601-45AE-97D4-63BEA0068448}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BE9D2A13-D79F-4DDC-A2D2-4B3D77786914}: C:\Documents and Settings\samuel.PC219851897729\Local Settings\Application Data\{BE9D2A13-D79F-4DDC-A2D2-4B3D77786914}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{32D2A443-FC6E-4506-B08F-EA9C23061C7B}: C:\Documents and Settings\samuellanderos\Local Settings\Application Data\{32D2A443-FC6E-4506-B08F-EA9C23061C7B} [2011/10/17 01:20:07 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E2327739-C61D-45D8-B4C0-638EB8DC0B5F}: C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\{E2327739-C61D-45D8-B4C0-638EB8DC0B5F} [2011/10/17 23:58:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/16 12:25:45 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 15:02:37 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/10/16 15:01:23 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/10/16 15:02:37 | 000,000,000 | -H-D | M]

[2011/10/18 00:00:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Mozilla\Extensions
[2011/10/16 12:25:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/10 19:53:23 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/19 15:08:13 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ALBINO LANDEROS.PC219851897729\LOCAL SETTINGS\APPLICATION DATA\{C8220996-5223-4ACD-B446-49BEBE1D7AD8}
[2011/10/17 23:58:19 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SAMUELLANDEROS.PC219851897729\LOCAL SETTINGS\APPLICATION DATA\{E2327739-C61D-45D8-B4C0-638EB8DC0B5F}
[2011/10/17 01:20:07 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SAMUELLANDEROS\LOCAL SETTINGS\APPLICATION DATA\{32D2A443-FC6E-4506-B08F-EA9C23061C7B}
[2011/07/06 20:21:09 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SAMUELLP\LOCAL SETTINGS\APPLICATION DATA\{1E34B300-AF0F-4893-ABDF-4DC46D7ED3D0}
[2011/09/28 23:53:40 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/10 19:53:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 17:26:50 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ERCmYTJhduBEH.exe] C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Fgupuxujabowixa] C:\WINDOWS\ixohehafiley.dll ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 11:45:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Recent
[2011/10/18 11:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\System Restore
[2011/10/18 00:00:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\Mozilla
[2011/10/18 00:00:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Mozilla
[2011/10/17 23:58:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Apple Computer
[2011/10/17 23:58:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\{E2327739-C61D-45D8-B4C0-638EB8DC0B5F}
[2011/10/17 23:58:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Temporary Internet Files
[2011/10/17 23:58:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\History
[2011/10/17 23:57:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Microsoft
[2011/10/17 23:57:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Cookies
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Startup
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\SendTo
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\My Documents\My Videos
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\My Documents\My Pictures
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\My Documents\My Music
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\My Documents
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Favorites
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data
[2011/10/17 23:57:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Accessories
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\Wildtangent
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Vongo
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Templates
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Symantec
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\PrintHood
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Online Services
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\NetHood
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\Microsoft
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Macromedia
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\IsolatedStorage
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Intuit
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Identities
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\HP
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\BVRP Software
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\ApplicationHistory
[2011/10/17 23:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2011/10/17 11:26:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/10/17 11:26:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/10/17 11:05:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/10/17 11:05:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/10/17 11:05:52 | 000,000,000 | -H-D | C] -- C:\Program Files\McAfee Security Scan
[2011/10/17 10:57:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2011/10/17 10:57:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Cache
[2011/10/17 10:57:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\FxsTmp
[2011/10/17 10:57:30 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/10/17 10:57:30 | 000,012,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
[2011/10/17 10:57:30 | 000,012,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/10/17 10:57:30 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
[2011/10/17 10:57:30 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/10/17 10:57:29 | 000,065,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/10/17 10:57:29 | 000,057,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/10/17 10:57:29 | 000,045,056 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/10/17 10:57:29 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
[2011/10/17 10:57:29 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/10/17 10:57:29 | 000,038,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/10/17 10:57:29 | 000,023,040 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
[2011/10/17 10:57:29 | 000,023,040 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/10/17 10:57:29 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/10/17 10:57:29 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
[2011/10/17 10:57:16 | 000,073,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/10/17 10:57:16 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/10/17 10:57:16 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/10/17 10:57:16 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/10/17 10:57:16 | 000,031,232 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/10/17 10:57:16 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/10/17 10:57:16 | 000,020,992 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/10/17 10:57:16 | 000,020,480 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/10/17 10:57:16 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/10/17 10:57:16 | 000,016,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/10/17 10:57:16 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/10/17 10:57:16 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/10/17 10:57:16 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/10/17 10:57:16 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/10/17 10:57:15 | 000,169,984 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/10/17 10:57:15 | 000,094,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/10/17 10:57:15 | 000,060,928 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/10/17 10:57:15 | 000,049,664 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/10/17 10:57:15 | 000,045,568 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/10/17 10:57:15 | 000,029,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/10/17 10:57:15 | 000,019,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
[2011/10/17 10:57:15 | 000,019,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/10/17 10:57:15 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
[2011/10/17 10:57:15 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/10/17 10:57:15 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/10/17 10:57:15 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
[2011/10/17 10:57:15 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/10/17 10:57:15 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/10/17 10:57:15 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2011/10/17 10:57:15 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/10/17 10:57:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll
[2011/10/17 10:57:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/10/17 10:57:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll
[2011/10/17 10:57:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/10/17 10:57:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
[2011/10/17 10:57:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/10/17 10:57:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/10/17 10:57:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll
[2011/10/17 10:57:14 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/10/17 10:57:14 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
[2011/10/17 10:57:14 | 000,022,016 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/10/17 10:57:14 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/10/17 10:57:14 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/10/17 10:57:14 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
[2011/10/17 10:57:14 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/10/17 10:57:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/10/17 10:57:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll
[2011/10/17 10:57:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/10/17 10:57:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/10/17 10:57:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2011/10/17 10:57:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/10/17 10:57:13 | 000,456,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/10/17 10:57:13 | 000,369,664 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/10/17 10:57:13 | 000,363,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/10/17 10:57:13 | 000,331,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/10/17 10:57:13 | 000,132,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclntR.dll
[2011/10/17 10:57:13 | 000,132,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/10/17 10:57:13 | 000,111,104 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscfgwz.dll
[2011/10/17 10:57:13 | 000,111,104 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/10/17 10:57:13 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/10/17 10:57:13 | 000,061,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/10/17 10:57:13 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/10/17 10:57:13 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/10/17 10:57:13 | 000,045,056 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/10/17 10:57:13 | 000,037,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/10/17 10:57:13 | 000,032,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/10/17 10:57:13 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsroute.dll
[2011/10/17 10:57:13 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/10/17 10:57:13 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/10/17 10:57:13 | 000,011,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxssend.exe
[2011/10/17 10:57:13 | 000,011,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/10/17 10:57:13 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/10/17 10:57:13 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/10/17 10:57:12 | 002,134,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2011/10/17 10:57:12 | 000,829,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/10/17 10:57:12 | 000,290,816 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/10/17 10:57:12 | 000,290,816 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll
[2011/10/17 10:57:12 | 000,275,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/10/17 10:57:12 | 000,268,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/10/17 10:57:12 | 000,221,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2011/10/17 10:57:12 | 000,189,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/10/17 10:57:12 | 000,145,408 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/10/17 10:57:12 | 000,133,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll
[2011/10/17 10:57:12 | 000,133,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/10/17 10:57:12 | 000,103,424 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/10/17 10:57:12 | 000,085,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/10/17 10:57:12 | 000,079,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/10/17 10:57:12 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/10/17 10:57:12 | 000,076,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/10/17 10:57:12 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/10/17 10:57:12 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/10/17 10:57:12 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll
[2011/10/17 10:57:12 | 000,064,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll
[2011/10/17 10:57:12 | 000,064,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/10/17 10:57:12 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/10/17 10:57:12 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/10/17 10:57:12 | 000,044,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/10/17 10:57:12 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/10/17 10:57:12 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll
[2011/10/17 10:57:12 | 000,042,496 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/10/17 10:57:12 | 000,030,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/10/17 10:57:12 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/10/17 10:57:12 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll
[2011/10/17 10:57:12 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/10/17 10:57:12 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll
[2011/10/17 10:57:12 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/10/17 10:57:12 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/10/17 10:57:12 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2011/10/17 10:57:12 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/10/17 10:57:12 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2011/10/17 10:57:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/10/17 10:57:11 | 000,562,176 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2011/10/17 10:57:11 | 000,562,176 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/10/17 10:57:11 | 000,400,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2011/10/17 10:57:11 | 000,400,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/10/17 10:57:11 | 000,397,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2011/10/17 10:57:11 | 000,397,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/10/17 10:57:11 | 000,358,400 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/10/17 10:57:11 | 000,267,776 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/10/17 10:57:11 | 000,259,072 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/10/17 10:57:11 | 000,257,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/10/17 10:57:11 | 000,246,272 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2011/10/17 10:57:11 | 000,246,272 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/10/17 10:57:11 | 000,236,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/10/17 10:57:11 | 000,192,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2011/10/17 10:57:11 | 000,192,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/10/17 10:57:11 | 000,188,416 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/10/17 10:57:11 | 000,154,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2011/10/17 10:57:11 | 000,154,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/10/17 10:57:11 | 000,108,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/10/17 10:57:11 | 000,101,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll
[2011/10/17 10:57:11 | 000,101,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/10/17 10:57:11 | 000,092,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe
[2011/10/17 10:57:11 | 000,092,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/10/17 10:57:11 | 000,040,448 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/10/17 10:57:11 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll
[2011/10/17 10:57:11 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/10/17 10:57:11 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll
[2011/10/17 10:57:11 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/10/17 10:57:11 | 000,032,768 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/10/17 10:57:11 | 000,029,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/10/17 10:57:11 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/10/17 10:57:11 | 000,025,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/10/17 10:57:11 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe
[2011/10/17 10:57:11 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/10/17 10:57:11 | 000,022,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lpdsvc.dll
[2011/10/17 10:57:11 | 000,022,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/10/17 10:57:11 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprmon.dll
[2011/10/17 10:57:11 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/10/17 10:57:11 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/10/17 10:57:11 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/10/17 10:57:11 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll
[2011/10/17 10:57:11 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/10/17 10:57:11 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/10/17 10:57:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll
[2011/10/17 10:57:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/10/17 10:57:10 | 000,285,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2011/10/17 10:57:10 | 000,285,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/10/17 10:57:10 | 000,229,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2011/10/17 10:57:10 | 000,229,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/10/17 10:57:10 | 000,143,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2011/10/17 10:57:10 | 000,143,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/10/17 10:57:10 | 000,072,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2011/10/17 10:57:10 | 000,072,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/10/17 10:57:10 | 000,055,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2011/10/17 10:57:10 | 000,055,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/10/17 10:57:10 | 000,027,136 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2011/10/17 10:57:10 | 000,027,136 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/10/17 10:57:10 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2011/10/17 10:57:10 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/10/17 10:57:10 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2011/10/17 10:57:10 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/10/17 10:57:10 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2011/10/17 10:57:10 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/10/17 10:57:10 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2011/10/17 10:57:10 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/10/17 10:57:09 | 000,452,096 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2011/10/17 10:57:09 | 000,452,096 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/10/17 10:57:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Logfiles
[2011/10/17 10:57:08 | 000,000,000 | -H-D | C] -- C:\Inetpub
[2011/10/17 10:46:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/10/17 01:19:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/10/16 15:11:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/16 15:06:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/16 12:19:03 | 005,356,304 | -H-- | C] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2011/10/16 12:19:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2011/10/16 12:19:01 | 000,000,000 | -H-D | C] -- C:\Program Files\PC Cleaners
[2011/10/15 01:05:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/14 00:57:38 | 000,349,696 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/14 00:45:37 | 000,466,432 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe
[2011/06/23 16:49:07 | 000,894,976 | -H-- | C] (G Data) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/18 11:34:38 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/18 11:34:38 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\System Restore.lnk
[2011/10/18 11:33:52 | 000,349,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/18 11:24:16 | 000,001,081 | -H-- | M] () -- C:\hpqp.ini
[2011/10/18 11:24:00 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Hqivi.bin
[2011/10/18 11:23:56 | 000,000,039 | -H-- | M] () -- C:\XP_TV.ini
[2011/10/18 11:23:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 11:23:44 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 23:58:10 | 000,000,786 | -H-- | M] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\Windows Media Player.lnk
[2011/10/17 10:57:30 | 000,000,535 | -H-- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/10/17 10:55:22 | 000,004,625 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/16 12:18:36 | 005,356,304 | -H-- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2011/10/14 00:58:32 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/14 00:58:32 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/14 00:58:25 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/14 00:56:34 | 000,051,048 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/14 00:44:57 | 000,466,432 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe
[2011/10/14 00:42:40 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
========== Files Created - No Company Name ==========

[2011/10/18 11:34:38 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/18 11:34:38 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\System Restore.lnk
[2011/10/17 23:58:10 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Windows Media Player.lnk
[2011/10/17 23:58:10 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\Windows Media Player.lnk
[2011/10/17 23:57:57 | 000,001,712 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\Vongo.lnk
[2011/10/17 23:57:57 | 000,001,648 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\3 Month Trial AOL Music Now.lnk
[2011/10/17 23:57:57 | 000,000,992 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\Help and Support.lnk
[2011/10/17 23:57:56 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\fusioncache.dat
[2011/10/17 23:57:54 | 000,001,719 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\StartUp\Vongo Tray.lnk
[2011/10/17 23:57:54 | 000,001,503 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Remote Assistance.lnk
[2011/10/17 23:57:54 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Internet Explorer.lnk
[2011/10/17 23:57:54 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\samuellanderos.PC219851897729\Start Menu\Programs\Outlook Express.lnk
[2011/10/17 10:57:30 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/10/17 10:57:30 | 000,008,002 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2011/10/17 10:57:30 | 000,000,535 | -H-- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/10/17 10:57:29 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/10/17 10:57:29 | 000,000,773 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2011/10/17 10:57:15 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/10/17 10:57:15 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/10/17 10:57:15 | 000,005,379 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2011/10/17 10:57:15 | 000,002,024 | -H-- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2011/10/17 10:57:14 | 000,107,882 | -H-- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/10/17 10:57:14 | 000,049,275 | -H-- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/10/17 10:57:14 | 000,048,593 | -H-- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/10/17 10:57:14 | 000,038,608 | -H-- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/10/17 10:57:14 | 000,034,317 | -H-- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/10/17 10:57:14 | 000,030,448 | -H-- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/10/17 10:57:14 | 000,026,236 | -H-- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/10/17 10:57:14 | 000,026,100 | -H-- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/10/17 10:57:14 | 000,021,386 | -H-- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/10/17 10:57:14 | 000,020,079 | -H-- | C] () -- C:\WINDOWS\System32\http.mib
[2011/10/17 10:57:14 | 000,015,799 | -H-- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/10/17 10:57:14 | 000,013,767 | -H-- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/10/17 10:57:14 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/10/17 10:57:14 | 000,010,313 | -H-- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/10/17 10:57:14 | 000,004,332 | -H-- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/10/17 10:57:14 | 000,003,276 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2011/10/17 10:57:14 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2011/10/17 10:57:14 | 000,000,581 | -H-- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/10/17 10:57:13 | 000,016,617 | -H-- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/10/17 10:57:13 | 000,015,597 | -H-- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/10/17 10:57:13 | 000,006,179 | -H-- | C] () -- C:\WINDOWS\System32\ftp.mib
[2011/10/17 10:57:13 | 000,004,597 | -H-- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/10/17 10:57:13 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/10/17 10:57:13 | 000,001,361 | -H-- | C] () -- C:\WINDOWS\System32\fxscount.h
[2011/10/14 00:58:32 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/14 00:58:31 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/14 00:58:24 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/07/06 20:13:04 | 000,019,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf
[2011/06/15 22:39:16 | 000,147,968 | -H-- | C] () -- C:\WINDOWS\srvntfsboot.exe
[2011/04/15 18:11:14 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/18 20:24:18 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Ptuwabi.dat
[2011/03/18 20:24:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Hqivi.bin
[2011/03/17 08:19:55 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/20 14:36:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/11/20 13:40:53 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\EPART800.ini
[2009/12/15 00:30:16 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/10 11:59:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/20 16:55:05 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/08/20 16:36:37 | 000,118,668 | -H-- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2008/08/20 16:36:37 | 000,011,645 | -H-- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2007/11/25 19:45:27 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/26 17:48:39 | 000,118,668 | -H-- | C] () -- C:\WINDOWS\hpoins09.dat
[2007/01/03 23:18:49 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/12/23 19:17:17 | 000,001,331 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/15 15:13:07 | 000,001,402 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/13 05:34:55 | 000,000,174 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/13 05:30:55 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/13 05:30:55 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/13 05:16:44 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/13 05:05:15 | 000,028,836 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/19 22:58:00 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/19 22:58:00 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/19 22:58:00 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/19 22:58:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/19 22:58:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/19 22:58:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/19 22:58:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/19 22:58:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/19 22:58:00 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 12:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 12:18:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 11:49:18 | 000,087,268 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 11:46:56 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 11:43:40 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 11:27:08 | 000,391,638 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 11:27:08 | 000,056,124 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 11:18:06 | 000,256,656 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 11:13:00 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 11:08:28 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/15 21:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 21:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 21:00:00 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\ixohehafiley.dll
[2006/03/15 21:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 21:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 21:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 21:00:00 | 000,027,440 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/03/15 21:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 21:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/15 21:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/09 10:29:36 | 000,011,645 | -H-- | C] () -- C:\WINDOWS\hpomdl09.dat
[2006/03/04 00:07:34 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 11:09:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 11:06:32 | 000,016,480 | -H-- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 13:24:26 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 14:55:42 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/28 23:53:40 | 000,125,912 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/28 23:53:40 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/28 23:53:40 | 000,269,272 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/11/20 13:48:05 | 000,000,000 | -H-D | M] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2006/09/13 05:18:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2009/12/10 01:34:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Alwil Software
[2011/10/16 14:53:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2010/11/20 13:46:40 | 000,000,000 | -H-D | M] -- C:\Program Files\ArcSoft
[2010/02/19 17:14:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Ask.com
[2008/09/07 20:48:43 | 000,000,000 | -H-D | M] -- C:\Program Files\AviSynth 2.5
[2009/12/09 19:22:30 | 000,000,000 | -H-D | M] -- C:\Program Files\AVS4YOU
[2011/10/16 15:06:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2009/12/10 23:57:17 | 000,000,000 | -H-D | M] -- C:\Program Files\CCleaner
[2007/03/07 19:10:28 | 000,000,000 | -H-D | M] -- C:\Program Files\CDBurnerXP Pro 3
[2009/12/10 11:43:40 | 000,000,000 | -H-D | M] -- C:\Program Files\CleanUp!
[2011/03/10 15:09:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2006/09/13 03:40:54 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2011/03/03 02:06:56 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2011/03/03 02:06:56 | 000,000,000 | -H-D | M] -- C:\Program Files\DIGStream
[2011/03/03 02:06:56 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2011/03/03 02:06:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Encarta Online
[2011/03/03 02:07:00 | 000,000,000 | -H-D | M] -- C:\Program Files\EnglishOtto
[2010/11/20 13:48:27 | 000,000,000 | -H-D | M] -- C:\Program Files\epson
[2010/11/20 13:45:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Epson Software
[2011/03/03 02:07:00 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNMotion
[2010/11/23 19:52:50 | 000,000,000 | -H-D | M] -- C:\Program Files\FrostWire
[2010/06/03 12:39:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Gamevance
[2011/03/03 02:07:03 | 000,000,000 | -H-D | M] -- C:\Program Files\GemMaster
[2006/09/13 05:58:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2011/03/10 15:02:16 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2011/03/03 02:14:11 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Games
[2008/07/03 00:11:21 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Pavilion Webcam Demo
[2011/03/03 02:14:20 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Rhapsody
[2006/09/13 05:05:01 | 000,000,000 | -H-D | M] -- C:\Program Files\HPQ
[2008/07/05 23:32:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Incomplete
[2006/09/13 05:47:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/03/03 23:22:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2011/10/16 15:10:35 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/10/16 15:11:21 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2007/06/22 17:55:33 | 000,000,000 | -H-D | M] -- C:\Program Files\LG Drivers
[2010/09/29 16:12:19 | 000,000,000 | -H-D | M] -- C:\Program Files\LimeWire
[2009/12/10 16:05:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/17 11:05:52 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee Security Scan
[2011/03/03 23:34:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2011/03/03 02:14:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2011/03/03 02:15:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Money 2006
[2011/03/03 02:15:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/03/03 02:15:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office Trial Wizard
[2009/12/11 23:15:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/12/11 23:12:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/03 02:16:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2006/09/13 05:15:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2011/03/03 23:29:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/10/16 12:25:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2009/12/11 23:16:30 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2006/12/18 20:51:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2007/08/14 14:44:55 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 6.0
[2007/04/28 12:01:24 | 000,000,000 | -H-D | M] -- C:\Program Files\MTV Networks
[2011/03/03 02:16:21 | 000,000,000 | -H-D | M] -- C:\Program Files\music_now
[2006/09/13 05:33:12 | 000,000,000 | -H-D | M] -- C:\Program Files\muvee Technologies
[2008/03/09 15:00:41 | 000,000,000 | -H-D | M] -- C:\Program Files\M² Solutions, Inc
[2009/12/11 23:45:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Nero
[2009/12/12 00:00:10 | 000,000,000 | -H-D | M] -- C:\Program Files\NeroInstall.bak
[2007/08/22 20:51:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Netflix
[2011/03/03 02:16:41 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2006/09/13 05:30:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Netscape
[2011/03/03 02:16:59 | 000,000,000 | -H-D | M] -- C:\Program Files\NetWaiting
[2011/03/03 02:18:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2011/03/03 23:25:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2011/10/16 12:21:30 | 000,000,000 | -H-D | M] -- C:\Program Files\PC Cleaners
[2006/12/12 13:32:19 | 000,000,000 | -H-D | M] -- C:\Program Files\PeoplePC
[2009/12/12 00:26:29 | 000,000,000 | -H-D | M] -- C:\Program Files\PowerISO
[2011/03/03 02:18:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Quicken
[2011/03/03 02:18:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Quickensetup
[2011/10/16 15:02:34 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2009/08/21 14:45:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2011/03/03 02:18:40 | 000,000,000 | -H-D | M] -- C:\Program Files\RGB
[2009/11/05 01:06:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2009/12/10 16:16:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Shared
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2007/05/04 19:25:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony
[2006/09/13 05:17:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2009/12/10 11:45:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Trend Micro
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/10/08 21:57:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Verizon Wireless
[2011/10/16 12:07:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Vongo
[2006/09/13 05:22:53 | 000,000,000 | -H-D | M] -- C:\Program Files\WildTangent
[2011/03/03 02:19:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Connect 2
[2011/03/03 02:19:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2011/03/03 02:19:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2006/09/13 03:40:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Plus
[2006/09/13 03:40:56 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/11 23:08:51 | 000,000,000 | -H-D | M] -- C:\Program Files\WinRAR
[2006/09/13 03:40:56 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2006/09/13 05:30:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2011/10/17 11:26:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Yontoo Layers Runtime


< MD5 for: AGP440.SYS >
[2006/03/15 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2006/03/15 21:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 07:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/03/15 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2006/03/15 21:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2006/03/15 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2006/03/15 21:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2006/03/15 21:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\disk.sys

< MD5 for: IASTOR.SYS >
[2005/10/13 02:07:12 | 000,874,240 | -H-- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 02:07:12 | 000,874,240 | -H-- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 21:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-07 00:44:10

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 23:53:40 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 23:53:40 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 23:53:40 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/03/15 21:00:00 | 000,042,496 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/03/15 21:00:00 | 000,042,496 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/03/15 21:00:00 | 000,042,496 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\SAMLP\Local Settings\Application Data\emp.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 18:05:03 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 18:05:03 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 18:05:03 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 23:53:40 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 23:53:40 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 23:53:40 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 23:53:40 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/03/15 21:00:00 | 000,042,496 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/03/15 21:00:00 | 000,042,496 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/03/15 21:00:00 | 000,042,496 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\SAMLP\Local Settings\Application Data\emp.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 18:05:03 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 18:05:03 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 18:05:03 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"


< End of report >
***********************************************************



OTL Extras logfile created on: 10/18/2011 11:45:27 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Things to do before posting to GP\OTL
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.16% Memory free
3.85 Gb Paging File | 3.50 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 7.49 Gb Free Space | 7.56% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 1.28 Gb Free Space | 10.90% Space Free | Partition Type: FAT32
Drive F: | 979.98 Mb Total Space | 428.04 Mb Free Space | 43.68% Space Free | Partition Type: FAT32

Computer Name: PC219851897729 | User Name: samuellanderos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ESPNMotion" = ESPNMotion
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format Runtime
"WMCSetup" = Windows Media Connect
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

***********************************************************


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-18 11:56:10
-----------------------------
11:56:10.626 OS Version: Windows 5.1.2600 Service Pack 2
11:56:10.626 Number of processors: 2 586 0xF06
11:56:10.626 ComputerName: PC219851897729 UserName: samuellanderos
11:56:11.298 Initialize success
11:57:17.845 AVAST engine download error: 0
11:57:20.063 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:57:20.079 Disk 0 Vendor: Size: 0MB BusType: 0
11:57:20.095 Disk 0 MBR read successfully
11:57:20.095 Disk 0 MBR scan
11:57:20.095 Disk 0 unknown MBR code
11:57:20.095 Disk 0 MBR hidden
11:57:20.126 Disk 0 scanning C:\WINDOWS\system32\drivers
11:57:25.095 Service scanning
11:57:26.173 Modules scanning
11:57:32.766 Disk 0 trace - called modules:
11:57:32.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
11:57:32.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e22ab8]
11:57:32.798 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\0000007d[0x89dc1a00]
11:57:32.798 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89dde030]
11:57:32.813 Scan finished successfully
11:57:47.516 Disk 0 MBR has been saved successfully to "F:\Things to do before posting to GP\MBR.dat"
11:57:47.751 The log file has been saved successfully to "F:\Things to do before posting to GP\aswMBR.txt"

************************************************************

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

McAfee Security Scan Plus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
Hi there becca21669!

I love your avatar Smile...

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
C:\WINDOWS\ixohehafiley.dll
C:\Documents and Settings\All Users\Application Data\defender.exe
C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\System Restore.lnk
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf

:otl
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ERCmYTJhduBEH.exe] C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Fgupuxujabowixa] C:\WINDOWS\ixohehafiley.dll ()


:commands
[resethosts]
[reboot]

  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================
Please download GooredFix by jpshortstuff from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (WIN XP), or right-click and select Run As Administrator (Vista/WIN7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe not found.
File\Folder C:\WINDOWS\ixohehafiley.dll not found.
File\Folder C:\Documents and Settings\All Users\Application Data\defender.exe not found.
C:\Documents and Settings\samuellanderos.PC219851897729\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Documents and Settings\samuellanderos.PC219851897729\Desktop\System Restore.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\bw52mhcyw1t2ljbudg4qdjf moved successfully.
File\Folder :otl not found.
File\Folder O4 - HKLM..\Run: [] File not found not found.
File\Folder O4 - HKLM..\Run: [ERCmYTJhduBEH.exe] C:\Documents and Settings\All Users\Application Data\ERCmYTJhduBEH.exe (Sun Microsystems, Inc.) not found.
File\Folder O4 - HKLM..\Run: [Fgupuxujabowixa] C:\WINDOWS\ixohehafiley.dll () not found.
File\Folder :commands not found.
File\Folder [resethosts] not found.
File\Folder [reboot] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 11132011_091721

**********************************************************
GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:19 on 13/11/2011 (samuellanderos)
Firefox version 7.0.1 (en-US)

========== GooredScan ==========

Removing Orphan:
"{FC88FB4D-73A9-4ABB-91C7-0C6C174B3013}"="C:\Documents and Settings\SAMUEL L\Local Settings\Application Data\{FC88FB4D-73A9-4ABB-91C7-0C6C174B3013}" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C8220996-5223-4ACD-B446-49BEBE1D7AD8} -> Success!
Deleting C:\Documents and Settings\albino landeros.PC219851897729\Local Settings\Application Data\{C8220996-5223-4ACD-B446-49BEBE1D7AD8} -> Success!
Removing Orphan:
"{68083949-B3E6-46DA-B0AC-1A9E46778242}"="C:\Documents and Settings\SAMUEL L.PC219851897729\Local Settings\Application Data\{68083949-B3E6-46DA-B0AC-1A9E46778242}" -> Success!
Removing Orphan:
"{F9D99D17-B8EF-48F1-B8C9-FD90FBE58639}"="C:\Documents and Settings\SAMUEL L.PC219851897729\Local Settings\Application Data\{F9D99D17-B8EF-48F1-B8C9-FD90FBE58639}" -> Success!
Removing Orphan:
"{C25B3CE6-1D3E-464E-9793-B384685B3F3F}"="C:\Documents and Settings\SAMLP\Local Settings\Application Data\{C25B3CE6-1D3E-464E-9793-B384685B3F3F}" -> Success!
Removing Orphan:
"{77E2552D-2AC3-43C2-BB41-EB8E14AD7291}"="C:\Documents and Settings\Landeros\Local Settings\Application Data\{77E2552D-2AC3-43C2-BB41-EB8E14AD7291}" -> Success!
Removing Orphan:
"{D5982A55-729E-4A54-B815-08FA29B60526}"="C:\Documents and Settings\samuel.PC219851897729\Local Settings\Application Data\{D5982A55-729E-4A54-B815-08FA29B60526}" -> Success!
Removing Orphan:
"{54BA8C2A-07B7-4FBC-AC28-9677A739F9F0}"="C:\Documents and Settings\SAMLP\Local Settings\Application Data\{54BA8C2A-07B7-4FBC-AC28-9677A739F9F0}" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1E34B300-AF0F-4893-ABDF-4DC46D7ED3D0} -> Success!
Deleting C:\Documents and Settings\SAMUELLP\Local Settings\Application Data\{1E34B300-AF0F-4893-ABDF-4DC46D7ED3D0} -> Success!
Removing Orphan:
"{3EE624C3-4910-4A4F-97E4-335E449FA90C}"="C:\Documents and Settings\Samuell\Local Settings\Application Data\{3EE624C3-4910-4A4F-97E4-335E449FA90C}" -> Success!
Removing Orphan:
"{5F80F9CF-5CF0-467E-929E-E31937B1E674}"="C:\Documents and Settings\SamuelL\Local Settings\Application Data\{5F80F9CF-5CF0-467E-929E-E31937B1E674}" -> Success!
Removing Orphan:
"{8ACCCE9F-5E2F-42F9-A376-1A37D14874F9}"="C:\Documents and Settings\SamuelLanderos.PC219851897729\Local Settings\Application Data\{8ACCCE9F-5E2F-42F9-A376-1A37D14874F9}" -> Success!
Removing Orphan:
"{0C2153B5-3CDA-4FAB-8188-2E9AAD8B2091}"="C:\Documents and Settings\SAMUELLANDEROSPEREZ\Local Settings\Application Data\{0C2153B5-3CDA-4FAB-8188-2E9AAD8B2091}" -> Success!
Removing Orphan:
"{342EFFFE-B80B-4643-860E-9F1464F6CD0B}"="C:\Documents and Settings\sam\Local Settings\Application Data\{342EFFFE-B80B-4643-860E-9F1464F6CD0B}" -> Success!
Removing Orphan:
"{086AAF6F-F601-45AE-97D4-63BEA0068448}"="C:\Documents and Settings\samuel.PC219851897729\Local Settings\Application Data\{086AAF6F-F601-45AE-97D4-63BEA0068448}\" -> Success!
Removing Orphan:
"{BE9D2A13-D79F-4DDC-A2D2-4B3D77786914}"="C:\Documents and Settings\samuel.PC219851897729\Local Settings\Application Data\{BE9D2A13-D79F-4DDC-A2D2-4B3D77786914}" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{32D2A443-FC6E-4506-B08F-EA9C23061C7B} -> Success!
Deleting C:\Documents and Settings\samuellanderos\Local Settings\Application Data\{32D2A443-FC6E-4506-B08F-EA9C23061C7B} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{E2327739-C61D-45D8-B4C0-638EB8DC0B5F} -> Success!
Deleting C:\Documents and Settings\samuellanderos.PC219851897729\Local Settings\Application Data\{E2327739-C61D-45D8-B4C0-638EB8DC0B5F} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:25 16/10/2011]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [02:53 11/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [19:58 18/10/2011]
"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" [20:10 18/10/2011]

-=E.O.F=-

************************************************************

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8153

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/13/2011 10:01:13 AM
mbam-log-2011-11-13 (10-01-13).txt

Scan type: Quick scan
Objects scanned: 390279
Time elapsed: 13 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\SAMLP\Local Settings\Application Data\emp.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\801E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\WINDOWS\srvntfsboot.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\albino landeros\Desktop\windows antivirus 2008.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\albino landeros\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\albino landeros\my documents\my documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\albino landeros\my documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\albino landeros\my documents\my pictures\my pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\albino landeros\my documents\my videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
Well, that should have improved things a bit.

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
ComboFix 11-11-13.03 - samuellanderos 11/13/2011 20:07:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1438 [GMT -8:00]
Running from: F:\ComboFix.exe
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\511A.tmp
c:\documents and settings\All Users\Application Data\87E6.tmp
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\samuellanderos.PC219851897729\Start Menu\Programs\System Restore
c:\documents and settings\samuellanderos.PC219851897729\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\samuellanderos.PC219851897729\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\documents and settings\samuellanderos\Start Menu\Programs\System Restore
c:\documents and settings\samuellanderos\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\samuellanderos\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\program files\Shared
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\kb913800.exe
c:\windows\system32\Cache
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-13 17:44 . 2011-11-13 17:44 -------- d-----w- c:\program files\Malwarebytes
2011-11-13 17:21 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 22:16 . 2011-10-18 22:16 -------- d-----w- c:\program files\Defraggler
2011-10-18 20:02 . 2011-10-18 20:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-18 19:58 . 2011-11-14 04:01 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-18 19:56 . 2011-11-14 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-17 18:26 . 2011-10-17 18:26 -------- d--h--w- c:\program files\Yontoo Layers Runtime
2011-10-17 18:05 . 2011-10-17 18:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-10-17 18:05 . 2011-10-17 18:05 -------- d--h--w- c:\program files\McAfee Security Scan
2011-10-17 17:46 . 2011-10-17 17:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\McAfee
2011-10-17 08:19 . 2011-10-17 08:19 -------- d--h--w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-10-17 08:19 . 2011-10-17 18:43 -------- d--h--w- c:\documents and settings\samuellanderos
2011-10-16 22:06 . 2011-10-16 22:06 -------- d--h--w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-16 19:25 . 2011-09-29 06:53 134104 ---ha-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-16 19:19 . 2011-10-16 19:18 5356304 ---ha-w- c:\windows\uninst.exe
2011-10-16 19:19 . 2011-10-16 19:21 -------- d--h--w- c:\program files\PC Cleaners
2011-10-16 19:19 . 2011-10-16 19:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 06:05 . 2011-08-31 06:05 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ---ha-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ---ha-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ---ha-w- c:\windows\system32\dnssdX.dll
2011-09-29 06:53 . 2011-10-16 19:25 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ---ha-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes\mbamgui.exe" [2011-09-01 449608]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\PerezLanderos\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\SAMMLANDEROS\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\samuellanderos\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\SAMUELLANDEROSP\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\SAMUELLL\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\SAMUELLP\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\SANTY\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-8-17 114688]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\dianalanderos\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\LanderosSam\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\samuellanderos.PC219851897729\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes\mbamservice.exe [11/13/2011 9:44 AM 366152]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 12:39 PM 61952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 9:21 AM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\samuellanderos.PC219851897729\Application Data\Mozilla\Firefox\Profiles\vb3viaag.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 20:16
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
Completion time: 2011-11-13 20:20:26
ComboFix-quarantined-files.txt 2011-11-14 04:20
.
Pre-Run: 6,953,357,312 bytes free
Post-Run: 7,219,326,976 bytes free
.
- - End Of File - - 1ADC94EE8344A628A06E46B81E3A7D90

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
And we cleaned up some more!


You need to get rid of Vongo. This is software you do not want on your computer, it has a very bad name (see for example, the Webs of Trust report).

Please go to Start >> Control Panel >> Add or Remove Programs and proceed to uninstall it.

Let me know if that went well.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
Went great I was able to remove it and I also installed Web Of Trust plugin for Chrome and FireFox.

Do I need to run anything again to make sure the computer is all clean?
Any suggestions for a firewall and antivirus?

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
also I deleted a lot pf programs and I only have 2GB out of 100GB free. Theres no music or pictures on it either. What would be taking up all that space?

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
We haven´t finished yet with your computer - there are still a number of things wrong with it. Lets first address the space problem.

Please download PureRa by RaProducts from here

  • First, unzip the program, e.g. to your desktop.
  • Double click PureRa.exe to run it.
  • When it opens, click the "Next" button to open up a menu of options.
  • Tick the box that says "Check All"
  • If you want detailed information about what got deleted, check the "Create Log" option.
  • Then press the "Clean" button to start the cleaning process.
  • It may look like nothing is happening, but let it run.
  • When the tool finishes, It will show you how much data it cleaned.
  • If you choose to create a log, it will open this log (C:\PureRa.txt, you can delete it afterwards)

====================

This should have cleaned up quite a bit.

I suggest you download WinDirStat from here:
http://windirstat.info/download.html

And analyze what´s taken up the disk space. You will need quite some disk space, because it is very important for you to upgrade your Windows XP to Service Pack 3 and you will need to download and install loads of stuff.

====================

Also I would like you to run GMER:

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK to quit GMER.
  • Please post the contents of gmer.txt into your next reply.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-15 08:22:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 rev.
Running: k6dyz56q.exe; Driver: C:\DOCUME~1\SAMUEL~1.PC2\LOCALS~1\Temp\pgdyikog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF609E360, 0x2255BD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PeerBlock\peerblock.exe[800] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004314E0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
It looks as if you have an infection in your MBR (Master Boot Record).

Do you have the original Windows XP install CD that came with the computer?

If you do not, please let me know. If you do, proceed with the following:

====================

  • Put the Windows XP setup disk in the disk drive, restart the computer and boot from the disk.
  • In the Welcome to Setup screen, hit R to start the Recovery Console
  • Select the installation that you want to repair (typically there will be only one)
  • You will have to enter the Administrator password when prompted (hit Enter if the admin account does not have a password)
  • At the command prompt type FixMbr and hit Enter.
  • Type exit and hit Enter to reboot your computer normally (remove the Windows XP setup disk).

NOTE: if you don´t know how to make your computer boot from a disk, check out this page.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
No I do not but I have access to a hp win xp pro sp2 disc. I used that and I got to the welcome screen and hit R. After that a screen came up saying "setup did not find any hard disk drives installed in your computer......
setup cannot continue..."

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
OK, lets try through the recovery console, then. Combofix should have installed it.

We are going to use the Recovery Console.
  • Please reboot your computer
  • During startup, a boot menu will appear for about 2 seconds
  • Choose the option Microsoft Windows Recovery Console by hitting the down arrow key
  • You will have to enter the Administrator password when prompted (if you don´t have such a password, just hit [ENTER].


In the recovery console, type fixmbr and hit [ENTER]
After that type exit and hit [ENTER] and allow your computer to reboot normally.

run aswMBR and post the log back here.

descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
I ran it and when it was finished I got a blue screen then it rebooted. Ran it again.....

# Double click aswMBR.exe to run it
# Click the Scan button to start the scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


* Once the scan finishes click Save log to save the log to your Desktop

post your OTL.txt/Extras.txt/aswMBR.txt logs in a new topic with the title of the virus/spyware/trojan or malware you are infected with.aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-17 07:24:16
-----------------------------
07:24:16.421 OS Version: Windows 5.1.2600 Service Pack 2
07:24:16.421 Number of processors: 2 586 0xF06
07:24:16.421 ComputerName: PC219851897729 UserName: samuellanderos
07:24:16.921 Initialize success
07:24:28.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:24:28.015 Disk 0 Vendor: Size: 0MB BusType: 0
07:24:28.031 Disk 0 MBR read successfully
07:24:28.031 Disk 0 MBR scan
07:24:28.031 Disk 0 Windows XP default MBR code
07:24:28.046 Disk 0 MBR hidden
07:24:28.062 Disk 0 scanning C:\WINDOWS\system32\drivers
07:24:34.718 Service scanning
07:24:36.484 Modules scanning
07:24:45.812 Disk 0 trace - called modules:
07:24:45.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
07:24:45.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df5ab8]
07:24:45.859 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\00000081[0x89daf9a0]
07:24:45.859 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89e09030]
07:24:45.859 Scan finished successfully
07:24:54.515 Disk 0 MBR has been saved successfully to "G:\Things to do before posting to GP\aswMBR\MBR.dat"
07:24:54.531 The log file has been saved successfully to "G:\Things to do before posting to GP\aswMBR\aswMBR.txt"


descriptionhp laptop OS cant detect free HD space EmptyRe: hp laptop OS cant detect free HD space

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum