Solved Cannot find http://>>random letters

culpritone16 · 2010/07/08

[Resolved] Cannot find http://>>random letters

Whenever I open Internet Explorer I keep getting a pop-up that says Cannot find Http://>> and then a really really long random letters address please make sure the address is valid text box. When I exit out of this text box it opens up IE and sends me to my homepage. What have I downloaded on my computer. My computer is also extremely slow... Here is my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:55 AM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\Pronto Configurator\ProntoDashboard\ProntoDashboard.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
O1 - Hosts: ECHO is on.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe "
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} (XPanel Class) - http://65.5.212.222:881/XPanel.cab
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://72.156.121.253:100/RemoteWeb.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://72.156.121.253:100/VideoViewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264695803109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264695794406
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} (Video Server Client Component) - http://65.5.212.222:888/webcctv/Video/ActiveX/OPClient.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - http://65.5.212.222:881/XInit.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pronto Data Server (ProntoDataService) - Philips - C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 14110 bytes

Admin. · 2010/07/08

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

culpritone16 · 2010/07/08

When I tried to copy paste the DDS log it froze my computer I tried twice.

culpritone16 · 2010/07/08

Trying to paste the DDS log into a post freezes my computer. What should i do?

culpritone16 · 2010/07/08

Guys,

I really need some help with this. I would attach a picture, but it will not allow that here. I use Trend Micro for my antivirus. The DDS file looks like a foreign language and freezes my computer when I try to attach it. If someone would just tell me what else you need I really need to get this resolved.

Thanks

broni · 2010/07/08

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

culpritone16 · 2010/07/09

Thanks for your reply.

Here is the Rkill log...

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Compaq_Owner on 07/09/2010 at 9:05:49.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe
C:\Documents and Settings\Compaq_Owner\Desktop\rkill.com

Rkill completed on 07/09/2010 at 9:05:59.

Here is the exehelper log...

exeHelper by Raktor
Build 20100414
Run at 08:15:09 on 07/09/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Here is the combofix log...

ComboFix 10-07-08.02 - Compaq_Owner 07/09/2010 8:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.553 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\s
c:\windows\system32\10021.exe
c:\windows\system32\10291.exe
c:\windows\system32\10322.exe
c:\windows\system32\10383.exe
c:\windows\system32\11008.exe
c:\windows\system32\11020.exe
c:\windows\system32\11323.exe
c:\windows\system32\11337.exe
c:\windows\system32\11478.exe
c:\windows\system32\1150.exe
c:\windows\system32\11511.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12052.exe
c:\windows\system32\12287.exe
c:\windows\system32\12292.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13030.exe
c:\windows\system32\13290.exe
c:\windows\system32\13458.exe
c:\windows\system32\13931.exe
c:\windows\system32\13966.exe
c:\windows\system32\13977.exe
c:\windows\system32\1416.exe
c:\windows\system32\14309.exe
c:\windows\system32\14310.exe
c:\windows\system32\14343.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\14798.exe
c:\windows\system32\14893.exe
c:\windows\system32\14945.exe
c:\windows\system32\14989.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\15281.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15457.exe
c:\windows\system32\15573.exe
c:\windows\system32\15574.exe
c:\windows\system32\15724.exe
c:\windows\system32\1587.exe
c:\windows\system32\15890.exe
c:\windows\system32\16118.exe
c:\windows\system32\16202.exe
c:\windows\system32\16413.exe
c:\windows\system32\16512.exe
c:\windows\system32\16519.exe
c:\windows\system32\16541.exe
c:\windows\system32\1655.exe
c:\windows\system32\16827.exe
c:\windows\system32\16941.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17410.exe
c:\windows\system32\17421.exe
c:\windows\system32\17451.exe
c:\windows\system32\17673.exe
c:\windows\system32\17807.exe
c:\windows\system32\18007.exe
c:\windows\system32\18127.exe
c:\windows\system32\18190.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\18538.exe
c:\windows\system32\18588.exe
c:\windows\system32\18636.exe
c:\windows\system32\18651.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\18762.exe
c:\windows\system32\18875.exe
c:\windows\system32\18935.exe
c:\windows\system32\19072.exe
c:\windows\system32\19156.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19589.exe
c:\windows\system32\19629.exe
c:\windows\system32\19668.exe
c:\windows\system32\19718.exe
c:\windows\system32\19796.exe
c:\windows\system32\19815.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\1999.exe
c:\windows\system32\20037.exe
c:\windows\system32\20055.exe
c:\windows\system32\20142.exe
c:\windows\system32\20328.exe
c:\windows\system32\20472.exe
c:\windows\system32\20485.exe
c:\windows\system32\20537.exe
c:\windows\system32\20580.exe
c:\windows\system32\20600.exe
c:\windows\system32\20798.exe
c:\windows\system32\2082.exe
c:\windows\system32\21538.exe
c:\windows\system32\21548.exe
c:\windows\system32\21724.exe
c:\windows\system32\21726.exe
c:\windows\system32\21881.exe
c:\windows\system32\22190.exe
c:\windows\system32\22355.exe
c:\windows\system32\22386.exe
c:\windows\system32\22483.exe
c:\windows\system32\22646.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22798.exe
c:\windows\system32\22813.exe
c:\windows\system32\22888.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23199.exe
c:\windows\system32\23281.exe
c:\windows\system32\23622.exe
c:\windows\system32\23655.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\23844.exe
c:\windows\system32\23986.exe
c:\windows\system32\24021.exe
c:\windows\system32\24084.exe
c:\windows\system32\24179.exe
c:\windows\system32\2421.exe
c:\windows\system32\24221.exe
c:\windows\system32\24272.exe
c:\windows\system32\24350.exe
c:\windows\system32\24370.exe
c:\windows\system32\24389.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\24484.exe
c:\windows\system32\24626.exe
c:\windows\system32\24648.exe
c:\windows\system32\24767.exe
c:\windows\system32\24946.exe
c:\windows\system32\25200.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\2634.exe
c:\windows\system32\26362.exe
c:\windows\system32\26418.exe
c:\windows\system32\26500.exe
c:\windows\system32\26777.exe
c:\windows\system32\26924.exe
c:\windows\system32\26962.exe
c:\windows\system32\27157.exe
c:\windows\system32\27348.exe
c:\windows\system32\27350.exe
c:\windows\system32\27446.exe
c:\windows\system32\27506.exe
c:\windows\system32\27529.exe
c:\windows\system32\27595.exe
c:\windows\system32\27624.exe
c:\windows\system32\27644.exe
c:\windows\system32\27753.exe
c:\windows\system32\27892.exe
c:\windows\system32\27938.exe
c:\windows\system32\28009.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28433.exe
c:\windows\system32\28476.exe
c:\windows\system32\28703.exe
c:\windows\system32\28745.exe
c:\windows\system32\288.exe
c:\windows\system32\29168.exe
c:\windows\system32\292.exe
c:\windows\system32\29314.exe
c:\windows\system32\29358.exe
c:\windows\system32\29657.exe
c:\windows\system32\29658.exe
c:\windows\system32\29869.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30191.exe
c:\windows\system32\30303.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\30523.exe
c:\windows\system32\30836.exe
c:\windows\system32\3093.exe
c:\windows\system32\31101.exe
c:\windows\system32\31107.exe
c:\windows\system32\31115.exe
c:\windows\system32\31322.exe
c:\windows\system32\31556.exe
c:\windows\system32\31673.exe
c:\windows\system32\3195.exe
c:\windows\system32\31998.exe
c:\windows\system32\32209.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32591.exe
c:\windows\system32\32609.exe
c:\windows\system32\32662.exe
c:\windows\system32\32702.exe
c:\windows\system32\32757.exe
c:\windows\system32\3430.exe
c:\windows\system32\3548.exe
c:\windows\system32\3557.exe
c:\windows\system32\3602.exe
c:\windows\system32\3728.exe
c:\windows\system32\3788.exe
c:\windows\system32\3902.exe
c:\windows\system32\4031.exe
c:\windows\system32\4041.exe
c:\windows\system32\4596.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\467.exe
c:\windows\system32\4734.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\4886.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5021.exe
c:\windows\system32\5097.exe
c:\windows\system32\5249.exe
c:\windows\system32\53.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5537.exe
c:\windows\system32\5699.exe
c:\windows\system32\5705.exe
c:\windows\system32\5829.exe
c:\windows\system32\5844.exe
c:\windows\system32\6038.exe
c:\windows\system32\6191.exe
c:\windows\system32\6224.exe
c:\windows\system32\6270.exe
c:\windows\system32\6334.exe
c:\windows\system32\6359.exe
c:\windows\system32\6422.exe
c:\windows\system32\6483.exe
c:\windows\system32\6617.exe
c:\windows\system32\6618.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\6900.exe
c:\windows\system32\7376.exe
c:\windows\system32\7448.exe
c:\windows\system32\7616.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\7958.exe
c:\windows\system32\8281.exe
c:\windows\system32\8723.exe
c:\windows\system32\8909.exe
c:\windows\system32\8942.exe
c:\windows\system32\900.exe
c:\windows\system32\9040.exe
c:\windows\system32\9161.exe
c:\windows\system32\9374.exe
c:\windows\system32\9503.exe
c:\windows\system32\9514.exe
c:\windows\system32\9741.exe
c:\windows\system32\9758.exe
c:\windows\system32\9894.exe
c:\windows\system32\9930.exe
c:\windows\system32\9961.exe
c:\windows\xpsp1hfm.log
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 16:04 . 2010-07-08 16:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-23 20:21 . 2010-06-23 20:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-23 17:44 . 2010-06-23 19:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\dijlvteoa
2010-06-17 18:52 . 2010-06-17 18:52 -------- d-----w- C:\gnupg
2010-06-17 18:52 . 2010-06-17 18:52 -------- d-----w- c:\windows\system32\imagedefault

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 15:16 . 2010-05-18 15:18 1 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-08 13:56 . 2010-07-08 13:56 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-08 13:56 . 2010-01-27 20:18 -------- d-----w- c:\program files\Trend Micro
2010-07-07 20:07 . 2008-07-15 20:20 61660 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2010-07-06 15:27 . 2010-05-27 14:58 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-06 15:27 . 2010-05-27 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-06 15:26 . 2010-07-06 15:26 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-06 15:26 . 2010-05-27 14:52 -------- d-----w- c:\program files\DivX
2010-07-06 15:26 . 2010-07-06 15:26 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-06 15:26 . 2010-07-06 15:26 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-06 15:26 . 2010-07-06 15:26 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-06 15:25 . 2010-07-06 15:25 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-06 15:24 . 2010-07-06 15:24 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-06 15:24 . 2010-07-06 15:24 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-06 15:24 . 2010-07-06 15:24 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-06 15:20 . 2010-05-27 14:57 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-06 15:20 . 2010-05-27 14:57 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-23 20:38 . 2010-06-23 20:38 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb5D.tmp.exe
2010-05-27 14:57 . 2010-05-27 14:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2010-05-27 14:56 . 2010-05-27 14:56 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-27 14:55 . 2010-05-27 14:55 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-19 16:39 . 2010-05-19 16:39 -------- d-----w- c:\program files\UPHClean
2010-05-19 13:03 . 2008-07-15 20:19 94376 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 15:18 . 2010-05-18 15:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org
2010-05-18 15:08 . 2010-05-18 15:08 -------- d-----w- c:\program files\JRE
2010-05-18 15:08 . 2010-05-18 15:08 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-18 15:07 . 2006-05-27 03:21 -------- d-----w- c:\program files\Common Files\Java
2010-05-14 20:57 . 2010-05-14 20:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-05-14 20:57 . 2010-05-14 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 20:57 . 2010-05-14 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 20:50 . 2010-05-14 20:50 -------- d-----w- c:\program files\CCleaner
2010-04-29 20:39 . 2010-05-14 20:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-05-14 20:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe "= "c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"RTHDCPL "= "RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-3 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pronto Dashboard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pronto Dashboard.lnk
backup=c:\windows\pss\Pronto Dashboard.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=

R2 ProntoDataService;Pronto Data Server;c:\documents and settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe [12/7/2009 4:03 AM 20480]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [1/27/2010 3:14 PM 36368]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 3:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 10:58 AM 20480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/27/2010 3:14 PM 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/27/2010 3:27 PM 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/27/2010 3:28 PM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/27/2010 3:28 PM 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 4:39 PM 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [4/30/2010 1:50 PM 39704]
S3 URC_USBV7;URC USB Sync V70 USB Driver;c:\windows\system32\drivers\URC_USBV7.sys [3/31/2007 1:24 PM 16384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/25/2010 3:10 PM 11520]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:39]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: samsungportal.com
DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - hxxp://65.5.212.222:881/XPanel.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://72.156.121.253:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://72.156.121.253:100/VideoViewer.cab
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} - hxxp://65.5.212.222:888/webcctv/Video/ActiveX/OPClient.cab
DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://65.5.212.222:881/XInit.cab
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 08:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-09 09:04:23
ComboFix-quarantined-files.txt 2010-07-09 14:04

Pre-Run: 83,582,238,720 bytes free
Post-Run: 85,104,660,480 bytes free

- - End Of File - - 37CE84703D16CA857D6A69E5077AEF08

I am not certain if you would want another Hijack this log, but I want to include it just incase you do need it so there is no delay. Again, Thanks for your help, and so far no pop up.

Here is the HiJackthis log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:17:38 AM, on 7/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} (XPanel Class) - http://65.5.212.222:881/XPanel.cab
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://72.156.121.253:100/RemoteWeb.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://72.156.121.253:100/VideoViewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264695803109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264695794406
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} (Video Server Client Component) - http://65.5.212.222:888/webcctv/Video/ActiveX/OPClient.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - http://65.5.212.222:881/XInit.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pronto Data Server (ProntoDataService) - Philips - C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 11605 bytes

broni · 2010/07/09

Good news

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\dijlvteoa

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

culpritone16 · 2010/07/12

Here is the new report...

ComboFix 10-07-11.07 - Compaq_Owner 07/12/2010 11:45:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.379 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Antivirus Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\dijlvteoa

.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-09 15:12 . 2010-07-09 15:12 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5405172e-n\msvcp71.dll
2010-07-09 15:12 . 2010-07-09 15:12 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5405172e-n\jmc.dll
2010-07-09 15:12 . 2010-07-09 15:12 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5405172e-n\msvcr71.dll
2010-07-09 15:12 . 2010-07-09 15:12 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7a72b626-n\decora-sse.dll
2010-07-09 15:12 . 2010-07-09 15:12 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7a72b626-n\decora-d3d.dll
2010-07-09 15:12 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 16:04 . 2010-07-08 16:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 13:56 . 2010-07-08 13:56 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-06 15:26 . 2010-07-06 15:26 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-06 15:26 . 2010-07-06 15:26 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-06 15:26 . 2010-07-06 15:26 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-06 15:26 . 2010-07-06 15:26 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-06 15:25 . 2010-07-06 15:25 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-06 15:24 . 2010-07-06 15:24 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-06 15:24 . 2010-07-06 15:24 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-06 15:24 . 2010-07-06 15:24 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-23 20:38 . 2010-06-23 20:38 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb5D.tmp.exe
2010-06-23 20:21 . 2010-06-23 20:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-17 18:52 . 2010-06-17 18:52 -------- d-----w- C:\gnupg
2010-06-17 18:52 . 2010-06-17 18:52 -------- d-----w- c:\windows\system32\imagedefault

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 20:45 . 2008-07-15 20:20 61652 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2010-07-09 19:17 . 2010-05-27 14:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2010-07-09 15:13 . 2006-05-27 03:21 -------- d-----w- c:\program files\Common Files\Java
2010-07-09 15:12 . 2006-05-27 03:21 -------- d-----w- c:\program files\Java
2010-07-08 15:16 . 2010-05-18 15:18 1 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-08 13:56 . 2010-01-27 20:18 -------- d-----w- c:\program files\Trend Micro
2010-07-06 15:27 . 2010-05-27 14:58 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-06 15:27 . 2010-05-27 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-06 15:26 . 2010-05-27 14:52 -------- d-----w- c:\program files\DivX
2010-07-06 15:20 . 2010-05-27 14:57 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-06 15:20 . 2010-05-27 14:57 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-27 14:56 . 2010-05-27 14:56 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-27 14:56 . 2010-05-27 14:56 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-27 14:55 . 2010-05-27 14:55 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-27 14:55 . 2010-05-27 14:55 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-19 16:39 . 2010-05-19 16:39 -------- d-----w- c:\program files\UPHClean
2010-05-19 13:03 . 2008-07-15 20:19 94376 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 15:18 . 2010-05-18 15:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org
2010-05-18 15:08 . 2010-05-18 15:08 -------- d-----w- c:\program files\JRE
2010-05-18 15:08 . 2010-05-18 15:08 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-14 20:57 . 2010-05-14 20:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-05-14 20:57 . 2010-05-14 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 20:57 . 2010-05-14 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 20:50 . 2010-05-14 20:50 -------- d-----w- c:\program files\CCleaner
2010-04-29 20:39 . 2010-05-14 20:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-05-14 20:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-09_13.58.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 16:33 . 2010-07-12 16:33 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2010-07-09 15:12 . 2010-04-12 22:29 153376 c:\windows\system32\javaws.exe
+ 2010-07-09 15:12 . 2010-04-12 22:29 145184 c:\windows\system32\javaw.exe
- 2010-01-28 15:59 . 2010-01-28 15:58 145184 c:\windows\system32\javaw.exe
+ 2010-07-09 15:12 . 2010-04-12 22:29 145184 c:\windows\system32\java.exe
- 2010-01-28 15:59 . 2010-01-28 15:58 145184 c:\windows\system32\java.exe
+ 2010-07-09 15:13 . 2010-07-09 15:13 180224 c:\windows\Installer\194a6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe "= "c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"RTHDCPL "= "RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-3 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pronto Dashboard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pronto Dashboard.lnk
backup=c:\windows\pss\Pronto Dashboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=

R2 ProntoDataService;Pronto Data Server;c:\documents and settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe [12/7/2009 4:03 AM 20480]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [1/27/2010 3:14 PM 36368]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 3:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 10:58 AM 20480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/27/2010 3:14 PM 339984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 4:39 PM 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [4/30/2010 1:50 PM 39704]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/27/2010 3:27 PM 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/27/2010 3:28 PM 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/27/2010 3:28 PM 689416]
S3 URC_USBV7;URC USB Sync V70 USB Driver;c:\windows\system32\drivers\URC_USBV7.sys [3/31/2007 1:24 PM 16384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/25/2010 3:10 PM 11520]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:39]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: samsungportal.com
DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - hxxp://65.5.212.222:881/XPanel.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://72.156.121.253:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://72.156.121.253:100/VideoViewer.cab
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} - hxxp://65.5.212.222:888/webcctv/Video/ActiveX/OPClient.cab
DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://65.5.212.222:881/XInit.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 11:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1928)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-07-12 11:56:44
ComboFix-quarantined-files.txt 2010-07-12 16:56
ComboFix2.txt 2010-07-09 14:04

Pre-Run: 84,964,425,728 bytes free
Post-Run: 84,975,144,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0C6E60884F9F40D3CF2E8713967C23D2

The dialog box has stopped so far, but the computer is slowing to a stop seemingly. It was never running fast though. I think I have to many programs running in the background, but I do not know which ones I can disable.

broni · 2010/07/12

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

culpritone16 · 2010/07/13

Here they are...

OTL logfile created on: 7/13/2010 8:08:43 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.71 Gb Total Space | 82.35 Gb Free Space | 78.64% Space Free | Partition Type: NTFS
Drive D: | 7.05 Gb Total Space | 0.33 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PLAYERS1
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/13 08:07:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/12/07 04:03:32 | 000,020,480 | ---- | M] (Philips) -- C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe
PRC - [2009/10/14 15:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/18 14:03:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010/07/13 08:07:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/01/27 15:14:31 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/01/27 15:14:30 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2010/01/27 15:14:29 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/01/26 02:39:46 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/12/07 04:03:32 | 000,020,480 | ---- | M] (Philips) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe -- (ProntoDataService)
SRV - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/01/27 15:14:55 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/01/27 15:14:55 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/01/27 15:14:54 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/01/27 15:14:54 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/01/27 15:14:54 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/12/04 11:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 11:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 11:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/02 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/31 13:24:52 | 000,016,384 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\URC_USBV7.sys -- (URC_USBV7)
DRV - [2007/01/24 16:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2006/03/08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/07 23:55:34 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/25 18:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/18 20:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/28 11:02:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/09 08:57:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled [2010/07/09 08:08:05 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O15 - HKCU\..Trusted Domains: samsungportal.com ([]* in Trusted sites)
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab (ClientEXE Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} http://65.5.212.222:881/XPanel.cab (XPanel Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://72.156.121.253:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://72.156.121.253:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264695803109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264695794406 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab (ACUBETrustChecker Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} http://65.5.212.222:888/webcctv/Video/ActiveX/OPClient.cab (Video Server Client Component)
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab (Setup Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} http://65.5.212.222:881/XInit.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Zapotec.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Zapotec.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 08:07:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/07/12 11:43:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/09 09:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Antivirus Programs
[2010/07/09 08:20:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 08:08:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled
[2010/07/08 11:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/06 10:33:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/06/23 14:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/23 13:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/17 13:52:17 | 000,000,000 | ---D | C] -- C:\gnupg
[2010/06/17 13:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\imagedefault
[2010/05/27 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
[2010/05/27 09:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/27 09:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/27 09:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/19 11:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2010/05/18 10:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2010/05/18 10:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/18 10:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/18 10:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/18 10:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/05/14 15:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/05/14 15:57:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/14 15:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/14 15:57:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/14 15:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/14 15:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/30 13:50:00 | 000,039,704 | ---- | C] (Belcarra Technologies) -- C:\WINDOWS\System32\drivers\rcblan.sys
[2010/04/27 14:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Philips
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/13 08:07:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/07/13 07:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 16:17:46 | 000,381,908 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\kegandbarrelbeerfest.jpg
[2010/07/12 11:56:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 11:51:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 11:43:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/12 11:43:33 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/12 11:38:51 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ComboFix.lnk
[2010/07/12 11:35:11 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 11:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 11:33:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 11:33:39 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 11:32:45 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/07/12 11:32:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/07/12 11:16:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 15:45:26 | 000,061,652 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/07/09 08:57:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/09 08:09:04 | 002,687,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AutoRuns.arn
[2010/07/08 15:18:00 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/08 11:04:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 08:31:04 | 000,028,146 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Draper PO (1).pdf
[2010/07/06 12:21:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\TL_HDDstoragecalc.xls
[2010/07/06 10:26:50 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DivX Movies.lnk
[2010/07/06 10:26:09 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/06 10:24:56 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/02 09:44:41 | 000,250,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-27-10 Ver 1 as of 06-27-10) Core Member-NMG.XLS
[2010/06/15 11:07:51 | 000,261,632 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 3 as of 06-14-10) Core Member-NMG.XLS
[2010/06/14 14:45:29 | 000,249,344 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 1 as of 06-13-10) Core Member-NMG.XLS
[2010/06/10 13:47:03 | 000,032,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Proposal06-07-10Moto.pdf
[2010/06/02 10:12:04 | 000,124,528 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\www.bestbuy.com_site_Samsung+-+55"+Class+_+1080p+_+120.pdf
[2010/06/02 10:11:23 | 000,124,528 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\www.bestbuy.com_site_Samsung+-+55"+Class+_+1080p+_+120.pdf
[2010/05/27 15:34:06 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/20 09:15:54 | 001,411,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\9-09 Niles US Confidential Dealer Price Schedule_SEP 09.xls
[2010/05/20 09:15:54 | 001,296,442 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Yamaha 1801 Pricing 03.31.2010.pdf
[2010/05/19 13:42:02 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fast Shutdown.lnk
[2010/05/19 10:14:24 | 001,411,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\9-09 Niles US Confidential Dealer Price Schedule_SEP 09.xls
[2010/05/19 10:11:10 | 000,039,640 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speakercraft pricelist April 2010.ods
[2010/05/19 08:32:49 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\My Documents.lnk
[2010/05/19 08:03:05 | 000,094,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/19 08:02:11 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 10:10:50 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/17 10:06:41 | 000,251,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 05-16-10 Ver 2 as of 05-17-10) Core Member-NMG.XLS
[2010/05/12 09:09:11 | 000,118,921 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Officejet7400series_copy_1
[2010/04/30 13:52:10 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Harmony Remote Software 7.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 14:47:05 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProntoEdit Professional 2.lnk
[2010/04/27 14:35:47 | 237,374,543 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ProntoEdit_Professional_v2.4.18.zip
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 16:35:19 | 000,043,316 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\2009 LCD LED price roadmap (all sales) 100423.xlsx
[2010/04/22 15:05:35 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Assortment Tracker.xls
[2010/04/19 14:03:09 | 000,257,536 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-18-10 Ver 3 as of 04-19-10) Core Member-NMG.XLS
[2010/04/16 14:28:50 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-12-10 Ver 1 as of 04-12-10) Core Member-NMG.XLS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 16:17:42 | 000,381,908 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\kegandbarrelbeerfest.jpg
[2010/07/12 11:38:51 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ComboFix.lnk
[2010/07/08 15:09:14 | 002,687,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AutoRuns.arn
[2010/07/08 11:04:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 08:31:02 | 000,028,146 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Draper PO (1).pdf
[2010/07/06 12:21:49 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\TL_HDDstoragecalc.xls
[2010/07/06 10:26:09 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/30 09:38:53 | 000,250,368 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-27-10 Ver 1 as of 06-27-10) Core Member-NMG.XLS
[2010/06/23 09:09:52 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/06/15 11:07:50 | 000,261,632 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 3 as of 06-14-10) Core Member-NMG.XLS
[2010/06/14 14:45:29 | 000,249,344 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 1 as of 06-13-10) Core Member-NMG.XLS
[2010/06/10 13:47:01 | 000,032,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Proposal06-07-10Moto.pdf
[2010/06/02 10:12:03 | 000,124,528 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\www.bestbuy.com_site_Samsung+-+55"+Class+_+1080p+_+120.pdf
[2010/06/02 10:11:20 | 000,124,528 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\www.bestbuy.com_site_Samsung+-+55"+Class+_+1080p+_+120.pdf
[2010/05/27 09:57:42 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DivX Movies.lnk
[2010/05/27 09:56:10 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/20 09:15:54 | 001,411,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\9-09 Niles US Confidential Dealer Price Schedule_SEP 09.xls
[2010/05/20 09:15:54 | 001,296,442 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Yamaha 1801 Pricing 03.31.2010.pdf
[2010/05/19 13:40:55 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fast Shutdown.lnk
[2010/05/19 10:14:24 | 001,411,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\9-09 Niles US Confidential Dealer Price Schedule_SEP 09.xls
[2010/05/19 10:11:08 | 000,039,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speakercraft pricelist April 2010.ods
[2010/05/19 08:32:49 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\My Documents.lnk
[2010/05/18 10:10:50 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/17 10:06:41 | 000,251,904 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 05-16-10 Ver 2 as of 05-17-10) Core Member-NMG.XLS
[2010/04/27 14:47:05 | 000,001,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProntoEdit Professional 2.lnk
[2010/04/27 14:35:08 | 237,374,543 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ProntoEdit_Professional_v2.4.18.zip
[2010/04/23 16:35:19 | 000,043,316 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\2009 LCD LED price roadmap (all sales) 100423.xlsx
[2010/04/22 15:05:35 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Assortment Tracker.xls
[2010/04/19 14:03:08 | 000,257,536 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-18-10 Ver 3 as of 04-19-10) Core Member-NMG.XLS
[2010/04/16 14:28:49 | 000,266,240 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-12-10 Ver 1 as of 04-12-10) Core Member-NMG.XLS
[2010/02/22 10:26:38 | 000,094,777 | ---- | C] () -- C:\WINDOWS\System32\EDCodeCom.dll
[2010/02/22 10:26:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\EDCode.dll
[2010/02/22 10:26:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CryptoSeed.dll
[2010/02/22 10:26:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SftpApi.dll
[2010/02/22 10:26:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ShttpApi.dll
[2008/08/05 16:24:37 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/05 16:24:36 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/08/05 16:24:00 | 000,000,729 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/11/27 10:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/05/26 23:29:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/26 23:05:16 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/26 22:59:32 | 000,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/26 22:59:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/26 22:57:19 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/26 22:55:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/26 22:43:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/26 22:41:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/26 22:35:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/26 22:17:13 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/26 22:13:27 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/02 16:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 16:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/27 12:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/04/27 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2008/06/12 10:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pronto Configurator
[2010/01/25 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/25 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2008/06/12 10:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{299FA53D-9844-4A57-ADE7-CF7CC99D2851}
[2009/03/06 09:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/24 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
[2009/08/27 12:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Autodesk
[2009/12/15 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\E-centives
[2007/12/04 14:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\funkitron
[2007/08/09 12:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/05/18 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2008/10/20 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Research In Motion
[2008/10/24 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Stamps.com Internet Postage
[2006/10/11 10:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2009/05/28 12:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Walgreens
[2010/01/25 15:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Western Digital

========== Purity Check ==========

continued in next post....

culpritone16 · 2010/07/13

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/12/05 01:50:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/08 15:18:00 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/12 11:43:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/12 11:56:45 | 000,016,361 | ---- | M] () -- C:\ComboFix.txt
[2005/12/05 01:50:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/12 11:33:39 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 08:07:17 | 172,993,919 | ---- | M] () -- C:\hpWebHelper.log
[2005/12/05 01:50:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/05 01:50:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 13:59:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/12 11:33:32 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/07/09 09:05:59 | 000,000,483 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/19 02:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 12:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/06/29 11:12:14 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/06/29 11:12:14 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/04 17:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 17:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/12/04 17:42:42 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Zapotec.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Zapotec.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 08:07:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/07/12 11:43:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/09 10:12:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/09 10:12:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/09 10:12:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/09 10:12:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/09 09:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Antivirus Programs
[2010/07/09 08:20:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 08:08:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled
[2010/07/08 11:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/06 10:33:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/06/23 14:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/23 13:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/17 13:52:17 | 000,000,000 | ---D | C] -- C:\gnupg
[2010/06/17 13:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\imagedefault
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/13 08:07:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/07/13 07:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 16:17:46 | 000,381,908 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\kegandbarrelbeerfest.jpg
[2010/07/12 11:56:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 11:51:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 11:43:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/12 11:43:33 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/12 11:38:51 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ComboFix.lnk
[2010/07/12 11:35:11 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 11:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 11:33:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 11:33:39 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 11:32:45 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/07/12 11:32:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/07/12 11:16:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 15:45:26 | 000,061,652 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/07/09 08:57:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/09 08:09:04 | 002,687,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AutoRuns.arn
[2010/07/08 15:18:00 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/08 11:04:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 08:31:04 | 000,028,146 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Draper PO (1).pdf
[2010/07/06 12:21:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\TL_HDDstoragecalc.xls
[2010/07/06 10:26:50 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DivX Movies.lnk
[2010/07/06 10:26:09 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/06 10:24:56 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/02 09:44:41 | 000,250,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-27-10 Ver 1 as of 06-27-10) Core Member-NMG.XLS
[2010/06/15 11:07:51 | 000,261,632 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 3 as of 06-14-10) Core Member-NMG.XLS
[2010/06/14 14:45:29 | 000,249,344 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 1 as of 06-13-10) Core Member-NMG.XLS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 16:17:42 | 000,381,908 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\kegandbarrelbeerfest.jpg
[2010/07/12 11:38:51 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ComboFix.lnk
[2010/07/08 15:09:14 | 002,687,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AutoRuns.arn
[2010/07/08 11:04:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 08:31:02 | 000,028,146 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Draper PO (1).pdf
[2010/07/06 12:21:49 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\TL_HDDstoragecalc.xls
[2010/07/06 10:26:09 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/30 09:38:53 | 000,250,368 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-27-10 Ver 1 as of 06-27-10) Core Member-NMG.XLS
[2010/06/23 09:09:52 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/06/15 11:07:50 | 000,261,632 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 3 as of 06-14-10) Core Member-NMG.XLS
[2010/06/14 14:45:29 | 000,249,344 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 1 as of 06-13-10) Core Member-NMG.XLS
[2010/02/22 10:26:38 | 000,094,777 | ---- | C] () -- C:\WINDOWS\System32\EDCodeCom.dll
[2010/02/22 10:26:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\EDCode.dll
[2010/02/22 10:26:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CryptoSeed.dll
[2010/02/22 10:26:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SftpApi.dll
[2010/02/22 10:26:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ShttpApi.dll
[2008/08/05 16:24:37 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/05 16:24:36 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/08/05 16:24:00 | 000,000,729 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/11/27 10:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/05/26 23:29:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/26 23:05:16 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/26 22:59:32 | 000,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/26 22:59:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/26 22:57:19 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/26 22:55:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/26 22:43:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/26 22:41:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/26 22:35:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/26 22:17:13 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/26 22:13:27 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/02 16:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 16:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/27 12:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/04/27 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2008/06/12 10:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pronto Configurator
[2010/01/25 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/25 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2008/06/12 10:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{299FA53D-9844-4A57-ADE7-CF7CC99D2851}
[2009/03/06 09:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/24 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
[2009/08/27 12:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Autodesk
[2009/12/15 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\E-centives
[2007/12/04 14:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\funkitron
[2007/08/09 12:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/05/18 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2008/10/20 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Research In Motion
[2008/10/24 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Stamps.com Internet Postage
[2006/10/11 10:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2009/05/28 12:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Walgreens
[2010/01/25 15:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Western Digital

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/12/05 01:50:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/08 15:18:00 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/12 11:43:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/12 11:56:45 | 000,016,361 | ---- | M] () -- C:\ComboFix.txt
[2005/12/05 01:50:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/12 11:33:39 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 08:07:17 | 172,993,919 | ---- | M] () -- C:\hpWebHelper.log
[2005/12/05 01:50:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/05 01:50:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 13:59:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/12 11:33:32 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/07/09 09:05:59 | 000,000,483 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/19 02:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 12:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/06/29 11:12:14 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/06/29 11:12:14 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/04 17:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 17:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/12/04 17:42:42 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

and the other one...

OTL Extras logfile created on: 7/13/2010 8:08:43 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.71 Gb Total Space | 82.35 Gb Free Space | 78.64% Space Free | Partition Type: NTFS
Drive D: | 7.05 Gb Total Space | 0.33 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PLAYERS1
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1288424C-71D4-4EBA-94D2-9032F5CEE287}" = VC User STL71 RTL X86 ---
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B252ADE8-8F39-4CBD-89CB-5919008754FE}" = VC User CRT71 RTL X86 ---
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E707D39B-7944-4640-A29E-2B7C0B84F224}" = MX-810 ProWizard
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E6EB42-B04D-4F63-853F-8016BF71B25A}" = VC User MFC71 RTL X86 ---
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AMX Product Catalogv1.0" = AMX Product Catalog
"ATI Display Driver" = ATI Display Driver
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"B&W Group Custom Binder Literature_is1" = B&W Group Custom Binder Literature 1.0
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"doPDF 6 printer_is1" = doPDF 6.1 printer
"DWG TrueView 2010" = DWG TrueView 2010
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Rhapsody" = HP Rhapsody
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProntoEdit Professional 2" = ProntoEdit Professional 2
"RealPlayer 6.0" = RealPlayer
"Stamps.com" = Stamps.com
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2010 8:36:42 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (2760) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 8:36:42 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (340) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 8:36:42 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (968) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 8:36:43 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (3584) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 9:06:43 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (1384) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 9:06:44 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (4084) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 9:06:45 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (184) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 9:06:45 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (1596) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 9:06:46 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (3900) Database recovery/restore failed with unexpected error
-551.

Error - 7/13/2010 9:06:46 AM | Computer Name = PLAYERS1 | Source = ESENT | ID = 454
Description = wuauclt (2856) Database recovery/restore failed with unexpected error
-551.

[ System Events ]
Error - 7/9/2010 10:56:00 AM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 7/9/2010 10:59:47 AM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 7/9/2010 11:54:55 AM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PLAYERSAV using any
of the configured protocols.

Error - 7/9/2010 12:01:17 PM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PLAYERSAV using any
of the configured protocols.

Error - 7/9/2010 12:09:13 PM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PLAYERSAV using any
of the configured protocols.

Error - 7/9/2010 2:55:54 PM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PLAYERSAV using any
of the configured protocols.

Error - 7/9/2010 2:59:19 PM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PLAYERSAV using any
of the configured protocols.

Error - 7/9/2010 3:16:44 PM | Computer Name = PLAYERS1 | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 7/9/2010 4:47:46 PM | Computer Name = PLAYERS1 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 7/12/2010 12:19:22 PM | Computer Name = PLAYERS1 | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.1.1. The machine with the IP address 192.168.1.6 did not
allow the name to be claimed by this machine.

< End of report >

broni · 2010/07/13

You have some Norton's leftovers.
Please, run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

===========================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab  (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O16 - DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} http://65.5.212.222:881/XInit.cab (Reg Error: Key error.)


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

culpritone16 · 2010/07/14

I have ran the norton removal tool 3 times and given it about an hour everytime and it freezes in the same section everytime. Any suggestions?

Here is the OTL log...

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Starting removal of ActiveX control {54BE6B6F-3056-470B-97E1-BB92E051B6C4}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54BE6B6F-3056-470B-97E1-BB92E051B6C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BE6B6F-3056-470B-97E1-BB92E051B6C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{54BE6B6F-3056-470B-97E1-BB92E051B6C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{54BE6B6F-3056-470B-97E1-BB92E051B6C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BE6B6F-3056-470B-97E1-BB92E051B6C4}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {F74959B0-1779-472E-BE6E-3023E1DBEC73}
C:\WINDOWS\Downloaded Program Files\XInit.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F74959B0-1779-472E-BE6E-3023E1DBEC73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F74959B0-1779-472E-BE6E-3023E1DBEC73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F74959B0-1779-472E-BE6E-3023E1DBEC73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F74959B0-1779-472E-BE6E-3023E1DBEC73}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 13126466 bytes
->Temporary Internet Files folder emptied: 66679613 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1581649 bytes

User: Default User
->Temp folder emptied: 1363 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 8942007 bytes
->Flash cache emptied: 1443117 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 386630 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 3967 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15162 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2267 bytes

Total Files Cleaned = 88.00 mb

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07142010_092601

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/07/14

We can remove Norton's entries manually...

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
DRV - [2008/09/02 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)


:Services

:Reg

:Files
C:\Program Files\Common Files\Symantec Shared


:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

culpritone16 · 2010/07/15

Here is the run fix log...

All processes killed
========== OTL ==========
Error: No service named LiveUpdate Notice Service was found to stop!
Service\Driver key LiveUpdate Notice Service not found.
File C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe not found.
Error: No service named eeCtrl was found to stop!
Service\Driver key eeCtrl not found.
File C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 21295077 bytes
->Temporary Internet Files folder emptied: 14404028 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16474 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07152010_081110

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\ZV2PLQHD\gdyn_nba[1].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\QWZZE2M7\Cavalier-fans-want-to-pay-Dan-Gilbert-s-100-000[1].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\QWZZE2M7\facebook_share[1].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

and the quick scan log...

OTL logfile created on: 7/15/2010 8:30:34 AM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop\Antivirus Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.71 Gb Total Space | 82.10 Gb Free Space | 78.40% Space Free | Partition Type: NTFS
Drive D: | 7.05 Gb Total Space | 0.33 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PLAYERS1
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/13 08:07:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\Antivirus Programs\OTL.exe
PRC - [2009/12/07 04:03:32 | 000,020,480 | ---- | M] (Philips) -- C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe
PRC - [2009/10/14 15:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 15:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/18 14:03:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/16 00:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010/07/13 08:07:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\Antivirus Programs\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/01/27 15:14:31 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/01/27 15:14:30 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2010/01/27 15:14:29 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/01/26 02:39:46 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/12/07 04:03:32 | 000,020,480 | ---- | M] (Philips) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe -- (ProntoDataService)
SRV - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/01/27 15:14:55 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/01/27 15:14:55 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/01/27 15:14:54 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/01/27 15:14:54 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/01/27 15:14:54 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/12/04 11:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 11:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 11:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/31 13:24:52 | 000,016,384 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\URC_USBV7.sys -- (URC_USBV7)
DRV - [2007/01/24 16:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2006/03/08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/07 23:55:34 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/25 18:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/18 20:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/28 11:02:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/15 08:12:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled [2010/07/09 08:08:05 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: samsungportal.com ([]* in Trusted sites)
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab (ClientEXE Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} http://65.5.212.222:881/XPanel.cab (XPanel Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://72.156.121.253:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://72.156.121.253:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264695803109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264695794406 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab (ACUBETrustChecker Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} http://65.5.212.222:888/webcctv/Video/ActiveX/OPClient.cab (Video Server Client Component)
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab (Setup Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/14 09:26:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/14 09:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Random
[2010/07/14 08:10:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/13 10:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Jerry's proposals
[2010/07/13 09:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\UltraVNC
[2010/07/13 09:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2010/07/12 11:43:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/09 09:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Antivirus Programs
[2010/07/09 08:20:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 08:08:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\AutorunsDisabled
[2010/07/08 11:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/06 10:33:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/06/23 14:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/23 13:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/17 13:52:17 | 000,000,000 | ---D | C] -- C:\gnupg
[2010/06/17 13:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\imagedefault
[2010/05/27 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
[2010/05/27 09:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/27 09:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/27 09:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/19 11:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2010/05/18 10:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2010/05/18 10:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/18 10:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/18 10:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/14 15:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/05/14 15:57:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/14 15:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/14 15:57:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/14 15:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/14 15:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/30 13:50:00 | 000,039,704 | ---- | C] (Belcarra Technologies) -- C:\WINDOWS\System32\drivers\rcblan.sys
[2010/04/27 14:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Philips
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl

========== Files - Modified Within 90 Days ==========

[2010/07/15 08:21:05 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/15 08:15:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/15 08:15:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/15 08:15:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/15 08:15:35 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/15 08:12:47 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/07/15 08:12:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/07/15 08:12:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/15 07:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/14 12:50:14 | 000,061,724 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/07/14 10:34:53 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/14 09:15:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2010/07/12 11:51:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 11:43:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/12 11:16:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 08:09:04 | 002,687,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AutoRuns.arn
[2010/07/08 15:18:00 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/08 11:04:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/06 12:21:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\TL_HDDstoragecalc.xls
[2010/07/02 09:44:41 | 000,250,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-27-10 Ver 1 as of 06-27-10) Core Member-NMG.XLS
[2010/06/15 11:07:51 | 000,261,632 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 3 as of 06-14-10) Core Member-NMG.XLS
[2010/06/14 14:45:29 | 000,249,344 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 1 as of 06-13-10) Core Member-NMG.XLS
[2010/06/10 13:47:03 | 000,032,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Proposal06-07-10Moto.pdf
[2010/06/02 10:12:04 | 000,124,528 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\www.bestbuy.com_site_Samsung+-+55"+Class+_+1080p+_+120.pdf
[2010/05/27 15:34:06 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/20 09:15:54 | 001,411,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\9-09 Niles US Confidential Dealer Price Schedule_SEP 09.xls
[2010/05/20 09:15:54 | 001,296,442 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Yamaha 1801 Pricing 03.31.2010.pdf
[2010/05/19 13:42:02 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fast Shutdown.lnk
[2010/05/19 08:32:49 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\My Documents.lnk
[2010/05/19 08:03:05 | 000,094,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/19 08:02:11 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 10:10:50 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/17 10:06:41 | 000,251,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 05-16-10 Ver 2 as of 05-17-10) Core Member-NMG.XLS
[2010/05/12 09:09:11 | 000,118,921 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Officejet7400series_copy_1
[2010/04/30 13:52:10 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Harmony Remote Software 7.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 14:47:05 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProntoEdit Professional 2.lnk
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 16:35:19 | 000,043,316 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\2009 LCD LED price roadmap (all sales) 100423.xlsx
[2010/04/22 15:05:35 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Assortment Tracker.xls
[2010/04/19 14:03:09 | 000,257,536 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-18-10 Ver 3 as of 04-19-10) Core Member-NMG.XLS
[2010/04/16 14:28:50 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-12-10 Ver 1 as of 04-12-10) Core Member-NMG.XLS

========== Files Created - No Company Name ==========

[2010/07/14 10:20:28 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/14 09:15:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2010/07/08 15:09:14 | 002,687,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AutoRuns.arn
[2010/07/08 11:04:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/06 12:21:49 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\TL_HDDstoragecalc.xls
[2010/06/30 09:38:53 | 000,250,368 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-27-10 Ver 1 as of 06-27-10) Core Member-NMG.XLS
[2010/06/23 09:09:52 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/06/15 11:07:50 | 000,261,632 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 3 as of 06-14-10) Core Member-NMG.XLS
[2010/06/14 14:45:29 | 000,249,344 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 06-13-10 Ver 1 as of 06-13-10) Core Member-NMG.XLS
[2010/06/10 13:47:01 | 000,032,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Proposal06-07-10Moto.pdf
[2010/06/02 10:12:03 | 000,124,528 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\www.bestbuy.com_site_Samsung+-+55"+Class+_+1080p+_+120.pdf
[2010/05/20 09:15:54 | 001,411,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\9-09 Niles US Confidential Dealer Price Schedule_SEP 09.xls
[2010/05/20 09:15:54 | 001,296,442 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Yamaha 1801 Pricing 03.31.2010.pdf
[2010/05/19 13:40:55 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fast Shutdown.lnk
[2010/05/19 08:32:49 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\My Documents.lnk
[2010/05/18 10:10:50 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/17 10:06:41 | 000,251,904 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 05-16-10 Ver 2 as of 05-17-10) Core Member-NMG.XLS
[2010/04/27 14:47:05 | 000,001,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProntoEdit Professional 2.lnk
[2010/04/23 16:35:19 | 000,043,316 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\2009 LCD LED price roadmap (all sales) 100423.xlsx
[2010/04/22 15:05:35 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Assortment Tracker.xls
[2010/04/19 14:03:08 | 000,257,536 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-18-10 Ver 3 as of 04-19-10) Core Member-NMG.XLS
[2010/04/16 14:28:49 | 000,266,240 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\PriceSheet SED SAMSUNG-SAMS (Effective 04-12-10 Ver 1 as of 04-12-10) Core Member-NMG.XLS
[2010/02/22 10:26:38 | 000,094,777 | ---- | C] () -- C:\WINDOWS\System32\EDCodeCom.dll
[2010/02/22 10:26:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\EDCode.dll
[2010/02/22 10:26:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CryptoSeed.dll
[2010/02/22 10:26:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SftpApi.dll
[2010/02/22 10:26:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ShttpApi.dll
[2008/08/05 16:24:37 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/05 16:24:36 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/08/05 16:24:00 | 000,000,729 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/11/27 10:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/05/26 23:29:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/26 23:05:16 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/26 22:59:32 | 000,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/26 22:59:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/26 22:57:19 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/26 22:55:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/26 22:43:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/26 22:41:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/26 22:35:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/26 22:17:13 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/26 22:13:27 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/02 16:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 16:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/27 12:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/04/27 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2008/06/12 10:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pronto Configurator
[2010/01/25 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/25 15:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2008/06/12 10:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{299FA53D-9844-4A57-ADE7-CF7CC99D2851}
[2009/03/06 09:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/24 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
[2009/08/27 12:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Autodesk
[2009/12/15 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\E-centives
[2007/12/04 14:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\funkitron
[2007/08/09 12:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/05/18 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2008/10/20 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Research In Motion
[2008/10/24 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Stamps.com Internet Postage
[2006/10/11 10:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2009/05/28 12:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Walgreens
[2010/01/25 15:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Western Digital

========== Purity Check ==========

< End of report >

broni · 2010/07/15

Good

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

culpritone16 · 2010/07/16

I have tried running the Kaspersky website about ten times not and everytime it says java cannot be run interrupted... It will not go on with the scan.

What do I need to do?

broni · 2010/07/16

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

culpritone16 · 2010/07/16

Here is the report from the scan...

C:\Documents and Settings\Compaq_Owner\Application Data\SystemProc\lsass.exe a variant of Win32/Injector.CGU trojan cleaned by deleting - quarantined
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul Win32/Dursg.A trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP531\A0054756.exe a variant of Win32/Injector.CGU trojan cleaned by deleting - quarantined
D:\I386\APPS\APP24073\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
D:\I386\APPS\APP24073\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP532\A0054757.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP532\A0054758.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

Log in or Sign up

Solved Cannot find http://>>random letters

culpritone16 Inactive Thread Starter

Admin. Administrator Administrator Staff

culpritone16 Inactive Thread Starter

culpritone16 Inactive Thread Starter

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Cannot find http://>>random letters

culpritone16 Inactive Thread Starter

Admin. Administrator Administrator Staff

culpritone16 Inactive Thread Starter

culpritone16 Inactive Thread Starter

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

broni Moderator Malware Analyst

culpritone16 Inactive Thread Starter

Share This Page

Useful Searches