Solved Re-infected, Re-directions

palljim23 · 2010/08/08

[Resolved] Re-infected, Re-directions

My PC was previously infected and deemed clean. However, there appears to be a new issue since I am being redirected to websites. The issue does seem to be intermintent since I can sometimes browse a page without any issues and other times I have to press 'Stop' on IE/Firefox before I am re-directed. I am having this issue on two PCs so i will be creating a second thread for that PC. Below are the requested logs.

The website I am being re-directed to is:

http://promo.videocop.com/landing/6/index.php?limit=50&year=2010&aff=NGMzNTkwOWY6OjA=&src=guan

Thank you in advance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 20:55:04.63 on Sun 08/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2408 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\Vid.exe" -bootmode
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [<NO NAME>]
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]

=============== Created Last 30 ================

2010-07-14 00:26:38 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-08-03 16:43:34 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-03 07:17:05 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2006-02-06 04:59:52 22 -csha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 20:55:36.60 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/2/2010 12:51:20 PM
System Uptime: 8/3/2010 3:23:43 AM (137 hours ago)

Motherboard: MSI | | AMETHYST-M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 192.233 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.139 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
Y: is NetworkDisk (FAT) - 373 GiB total, 312.574 GiB free.
Z: is NetworkDisk (FAT) - 279 GiB total, 111.651 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP73: 5/11/2010 9:48:19 AM - Software Distribution Service 3.0
RP74: 5/12/2010 3:00:20 AM - Software Distribution Service 3.0
RP75: 5/12/2010 9:48:11 AM - Software Distribution Service 3.0
RP76: 5/13/2010 9:48:11 AM - Software Distribution Service 3.0
RP77: 5/14/2010 9:48:11 AM - Software Distribution Service 3.0
RP78: 5/15/2010 9:48:11 AM - Software Distribution Service 3.0
RP79: 5/16/2010 2:12:14 AM - Software Distribution Service 3.0
RP80: 5/16/2010 9:48:13 AM - Software Distribution Service 3.0
RP81: 5/17/2010 9:47:51 AM - Software Distribution Service 3.0
RP82: 5/18/2010 9:48:10 AM - Software Distribution Service 3.0
RP83: 5/19/2010 9:48:04 AM - Software Distribution Service 3.0
RP84: 5/20/2010 9:48:05 AM - Software Distribution Service 3.0
RP85: 5/21/2010 9:48:06 AM - Software Distribution Service 3.0
RP86: 5/22/2010 9:48:06 AM - Software Distribution Service 3.0
RP87: 5/23/2010 2:12:09 AM - Software Distribution Service 3.0
RP88: 5/23/2010 9:47:59 AM - Software Distribution Service 3.0
RP89: 5/24/2010 9:48:00 AM - Software Distribution Service 3.0
RP90: 5/25/2010 9:48:03 AM - Software Distribution Service 3.0
RP91: 5/26/2010 3:00:14 AM - Software Distribution Service 3.0
RP92: 5/26/2010 9:48:01 AM - Software Distribution Service 3.0
RP93: 5/27/2010 9:47:45 AM - Software Distribution Service 3.0
RP94: 5/28/2010 9:53:28 AM - System Checkpoint
RP95: 5/28/2010 10:11:51 AM - Software Distribution Service 3.0
RP96: 5/29/2010 9:48:16 AM - Software Distribution Service 3.0
RP97: 5/30/2010 1:34:34 AM - Software Distribution Service 3.0
RP98: 5/30/2010 10:21:57 PM - Software Distribution Service 3.0
RP99: 5/31/2010 10:21:57 PM - Software Distribution Service 3.0
RP100: 6/1/2010 10:21:57 PM - Software Distribution Service 3.0
RP101: 6/2/2010 10:21:30 PM - Software Distribution Service 3.0
RP102: 6/3/2010 11:04:58 PM - System Checkpoint
RP103: 6/4/2010 3:06:56 PM - Software Distribution Service 3.0
RP104: 6/5/2010 3:06:54 PM - Software Distribution Service 3.0
RP105: 6/6/2010 1:59:46 AM - Software Distribution Service 3.0
RP106: 6/6/2010 3:07:04 PM - Software Distribution Service 3.0
RP107: 6/7/2010 3:07:04 PM - Software Distribution Service 3.0
RP108: 6/8/2010 3:06:37 PM - Software Distribution Service 3.0
RP109: 6/9/2010 3:11:44 PM - System Checkpoint
RP110: 6/10/2010 3:00:26 AM - Software Distribution Service 3.0
RP111: 6/10/2010 3:35:51 AM - Software Distribution Service 3.0
RP112: 6/11/2010 3:39:53 AM - System Checkpoint
RP113: 6/11/2010 11:20:02 AM - Software Distribution Service 3.0
RP114: 6/12/2010 3:30:39 AM - Software Distribution Service 3.0
RP115: 6/13/2010 1:40:54 AM - Software Distribution Service 3.0
RP116: 6/14/2010 2:27:40 AM - System Checkpoint
RP117: 6/14/2010 3:30:36 AM - Software Distribution Service 3.0
RP118: 6/15/2010 3:30:39 AM - Software Distribution Service 3.0
RP119: 6/16/2010 3:30:09 AM - Software Distribution Service 3.0
RP120: 6/17/2010 4:27:38 AM - System Checkpoint
RP121: 6/18/2010 3:30:38 AM - Software Distribution Service 3.0
RP122: 6/19/2010 3:30:35 AM - Software Distribution Service 3.0
RP123: 6/20/2010 1:40:48 AM - Software Distribution Service 3.0
RP124: 6/21/2010 1:54:26 AM - System Checkpoint
RP125: 6/21/2010 2:56:31 PM - Software Distribution Service 3.0
RP126: 6/22/2010 2:57:49 PM - Software Distribution Service 3.0
RP127: 6/23/2010 2:57:22 PM - Software Distribution Service 3.0
RP128: 6/24/2010 2:57:06 PM - Software Distribution Service 3.0
RP129: 6/25/2010 2:57:07 PM - Software Distribution Service 3.0
RP130: 6/26/2010 2:57:15 PM - Software Distribution Service 3.0
RP131: 6/27/2010 2:22:33 AM - Software Distribution Service 3.0
RP132: 6/27/2010 2:57:15 PM - Software Distribution Service 3.0
RP133: 6/28/2010 2:57:11 PM - Software Distribution Service 3.0
RP134: 6/29/2010 3:00:14 AM - Software Distribution Service 3.0
RP135: 6/30/2010 3:08:52 AM - Software Distribution Service 3.0
RP136: 7/1/2010 3:08:52 AM - Software Distribution Service 3.0
RP137: 7/2/2010 3:08:52 AM - Software Distribution Service 3.0
RP138: 7/2/2010 8:06:26 AM - Software Distribution Service 3.0
RP139: 7/3/2010 8:09:25 AM - System Checkpoint
RP140: 7/3/2010 9:14:50 AM - Software Distribution Service 3.0
RP141: 7/3/2010 10:03:10 AM - Software Distribution Service 3.0
RP142: 7/4/2010 2:29:06 AM - Software Distribution Service 3.0
RP143: 7/5/2010 3:04:05 AM - System Checkpoint
RP144: 7/5/2010 8:10:35 AM - Software Distribution Service 3.0
RP145: 7/6/2010 8:10:28 AM - Software Distribution Service 3.0
RP146: 7/7/2010 8:10:26 AM - Software Distribution Service 3.0
RP147: 7/7/2010 6:56:07 PM - Software Distribution Service 3.0
RP148: 7/8/2010 9:54:48 PM - Software Distribution Service 3.0
RP149: 7/9/2010 10:20:39 PM - System Checkpoint
RP150: 7/9/2010 11:23:30 PM - Software Distribution Service 3.0
RP151: 7/10/2010 5:32:35 PM - Software Distribution Service 3.0
RP152: 7/11/2010 2:29:34 AM - Software Distribution Service 3.0
RP153: 7/12/2010 2:32:12 AM - System Checkpoint
RP154: 7/12/2010 2:44:59 AM - Software Distribution Service 3.0
RP155: 7/13/2010 3:32:12 AM - System Checkpoint
RP156: 7/13/2010 8:10:35 AM - Software Distribution Service 3.0
RP157: 7/13/2010 11:23:36 PM - Removed Adobe Reader 7.0
RP158: 7/13/2010 11:23:48 PM - Installed Adobe Reader 9.3.3.
RP159: 7/14/2010 3:00:22 AM - Software Distribution Service 3.0
RP160: 7/14/2010 6:08:31 PM - Software Distribution Service 3.0
RP161: 7/15/2010 7:01:02 PM - System Checkpoint
RP162: 7/15/2010 11:32:45 PM - Software Distribution Service 3.0
RP163: 7/16/2010 11:32:50 PM - Software Distribution Service 3.0
RP164: 7/17/2010 11:32:19 PM - Software Distribution Service 3.0
RP165: 7/18/2010 1:49:26 AM - Software Distribution Service 3.0
RP166: 7/18/2010 11:32:36 PM - Software Distribution Service 3.0
RP167: 7/19/2010 7:50:00 AM - Software Distribution Service 3.0
RP168: 7/19/2010 11:32:47 PM - Software Distribution Service 3.0
RP169: 7/20/2010 11:32:49 PM - Software Distribution Service 3.0
RP170: 7/21/2010 11:32:48 PM - Software Distribution Service 3.0
RP171: 7/22/2010 11:32:34 PM - Software Distribution Service 3.0
RP172: 7/23/2010 11:32:36 PM - Software Distribution Service 3.0
RP173: 7/24/2010 11:32:48 PM - Software Distribution Service 3.0
RP174: 7/25/2010 1:48:45 AM - Software Distribution Service 3.0
RP175: 7/25/2010 11:32:49 PM - Software Distribution Service 3.0
RP176: 7/26/2010 11:32:17 PM - Software Distribution Service 3.0
RP177: 7/27/2010 11:32:34 PM - Software Distribution Service 3.0
RP178: 7/28/2010 11:32:47 PM - Software Distribution Service 3.0
RP179: 7/29/2010 11:32:46 PM - Software Distribution Service 3.0
RP180: 7/30/2010 11:32:49 PM - Software Distribution Service 3.0
RP181: 7/31/2010 11:32:15 PM - Software Distribution Service 3.0
RP182: 8/1/2010 1:49:13 AM - Software Distribution Service 3.0
RP183: 8/1/2010 3:46:52 PM - Software Distribution Service 3.0
RP184: 8/1/2010 11:32:31 PM - Software Distribution Service 3.0
RP185: 8/2/2010 11:32:55 PM - Software Distribution Service 3.0
RP186: 8/3/2010 3:00:14 AM - Software Distribution Service 3.0
RP187: 8/4/2010 3:21:03 AM - System Checkpoint
RP188: 8/4/2010 3:29:15 AM - Software Distribution Service 3.0
RP189: 8/5/2010 3:28:59 AM - Software Distribution Service 3.0
RP190: 8/6/2010 3:29:17 AM - Software Distribution Service 3.0
RP191: 8/7/2010 4:21:00 AM - System Checkpoint
RP192: 8/8/2010 1:50:11 AM - Software Distribution Service 3.0

==== Installed Programs ======================

5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
GemMaster Mystic
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
Java Auto Updater
Java(TM) 6 Update 18
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.56.1
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Mah Jong Quest from HP Media Center (remove only)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
NewCopy
NewCopy_CDA
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Skype web features
Skype™ 4.1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 14.0
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

8/7/2010 3:29:47 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.1341.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
8/3/2010 3:17:52 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll. Reference error message: The operation completed successfully. .
8/3/2010 3:17:52 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll. Reference error message: The operation completed successfully. .
8/3/2010 3:17:52 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll. Reference error message: The operation completed successfully. .
8/3/2010 12:26:12 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BIGBOY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9801734B-9F4E-45FD-A8. The master browser is stopping or an election is being forced.
8/2/2010 3:36:32 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
8/2/2010 3:36:32 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI271.tmp. Reference error message: The operation completed successfully. .
8/2/2010 3:36:32 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================

broni · 2010/08/08

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

palljim23 · 2010/08/21

I am unable to get GMER to run. I am also unable to update the Malwarebytes def files. I also got an error message with MBR:

"Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: "

I was unsure what to do. The log is below.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x02c00ffc

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7ADC000 \WINDOWS\system32\KDCOM.DLL
0xF79EC000 \WINDOWS\system32\BOOTVID.dll
0xF74AD000 ACPI.sys
0xF7ADE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF749C000 pci.sys
0xF75DC000 isapnp.sys
0xF7AE0000 intelide.sys
0xF785C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75EC000 MountMgr.sys
0xF747D000 ftdisk.sys
0xF7AE2000 dmload.sys
0xF7457000 dmio.sys
0xF7864000 PartMgr.sys
0xF75FC000 VolSnap.sys
0xF743F000 atapi.sys
0xF741C000 fasttx2k.sys
0xF7404000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF760C000 disk.sys
0xF761C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73E4000 fltmgr.sys
0xF73D2000 sr.sys
0xF786C000 PxHelp20.sys
0xF73BB000 KSecDD.sys
0xF732E000 Ntfs.sys
0xF7301000 NDIS.sys
0xF762C000 sbp2port.sys
0xF763C000 ohci1394.sys
0xF764C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72E7000 Mup.sys
0xF78AC000 \SystemRoot\system32\DRIVERS\mxofwfp.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF767C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF768C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF716D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6E8E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6E03000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6D59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF685D000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF6800000 \SystemRoot\system32\DRIVERS\hcwPP2.sys
0xF67C2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF641D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7AF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7954000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5E83000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77BC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7974000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7AFC000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7BC2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF780C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AB8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5C7E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF781C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF782C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7994000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5BB3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF784C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5A4E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF769C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5893000 \SystemRoot\system32\DRIVERS\update.sys
0xF72B3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF612B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xED407000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xED3E3000 \SystemRoot\system32\drivers\portcls.sys
0xF60EB000 \SystemRoot\system32\drivers\drmk.sys
0xF60DB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7924000 \SystemRoot\system32\DRIVERS\hidir.sys
0xF772C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF794C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF72B7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7AD0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7AD4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xECA35000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7B10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C6A000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B12000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A4000 \SystemRoot\System32\drivers\vga.sys
0xF7B14000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B18000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xECA7C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xECA02000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEC9A9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEC981000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEC95B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEC939000 \SystemRoot\System32\drivers\afd.sys
0xF783C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76AC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEC90E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEC89E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76BC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF76CC000 \SystemRoot\System32\Drivers\Fips.SYS
0xEC7DA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEC79A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B1C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5883000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79E4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BDF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04B000 \SystemRoot\System32\ati2cqag.dll
0xBF088000 \SystemRoot\System32\ati3duag.dll
0xBF2B7000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB86DC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB842B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8788000 \SystemRoot\system32\drivers\sysaudio.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB81B7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8138000 \SystemRoot\system32\DRIVERS\srv.sys
0xB82A0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB84C8000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF7B3E000 \SystemRoot\system32\drivers\MSPQM.sys
0xB79A0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB72D3000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0xB72E3000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB6554000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB6529000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
728 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
800 C:\WINDOWS\system32\services.exe
812 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\ati2evxx.exe
1008 C:\WINDOWS\system32\svchost.exe
1084 svchost.exe
1180 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1220 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1528 svchost.exe
1672 C:\WINDOWS\system32\spoolsv.exe
1976 svchost.exe
2020 C:\Program Files\LSI SoftModem\agrsmsvc.exe
2036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
132 C:\Program Files\Bonjour\mDNSResponder.exe
188 C:\WINDOWS\ehome\ehRecvr.exe
416 C:\WINDOWS\ehome\ehSched.exe
452 C:\WINDOWS\system32\svchost.exe
552 C:\Program Files\Java\jre6\bin\jqs.exe
580 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
612 C:\Program Files\Common Files\Motive\McciCMService.exe
1244 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1328 C:\WINDOWS\system32\svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1392 C:\WINDOWS\system32\PSIService.exe
1560 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1776 svchost.exe
1808 C:\WINDOWS\system32\svchost.exe
1820 wdfmgr.exe
2308 mcrdsvc.exe
2668 C:\WINDOWS\system32\ati2evxx.exe
2764 C:\WINDOWS\explorer.exe
2828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2836 C:\WINDOWS\SOUNDMAN.EXE
2856 C:\WINDOWS\ALCWZRD.EXE
2868 C:\WINDOWS\ALCMTR.EXE
2892 C:\Program Files\iTunes\iTunesHelper.exe
2912 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2928 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2944 C:\WINDOWS\system32\ctfmon.exe
3136 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
3544 C:\WINDOWS\system32\wuauclt.exe
3680 C:\WINDOWS\system32\svchost.exe
3756 C:\WINDOWS\system32\dllhost.exe
4052 C:\Program Files\iPod\bin\iPodService.exe
372 alg.exe
1452 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
172 C:\Program Files\Mozilla Firefox\firefox.exe
2772 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
1200 C:\WINDOWS\system32\rundll32.exe
3468 C:\Program Files\Messenger\msmsgs.exe
3924 C:\WINDOWS\system32\rdshost.exe
2320 C:\WINDOWS\system32\sessmgr.exe
3288 C:\WINDOWS\system32\msiexec.exe
2072 MpCmdRun.exe
144 L:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
1788 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`be32e000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\K: --> \\.\PhysicalDrive6 at offset 0x00000000`00007e00 (FAT32)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.02
PhysicalDrive6 Model Number: WD4000AAK External, Rev: 1.06
PhysicalDrive1 Model Number: MaxtorOneTouch II, Rev: 023g

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972
372 GB \\.\PhysicalDrive6 RE: Unknown MBR code
SHA1: 79D7AEC487DFDD445C6A0908CE4C984DA566FF03
279 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: AC7F2D4B4E6D4785255BA8207A7D983068D87205

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/21/2010 8:47:33 PM
mbam-log-2010-08-21 (20-47-33).txt

Scan type: Full scan (C:\|D:\|K:\|L:\|)
Objects scanned: 348949
Time elapsed: 1 hour(s), 47 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x02c00ffc

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7ADC000 \WINDOWS\system32\KDCOM.DLL
0xF79EC000 \WINDOWS\system32\BOOTVID.dll
0xF74AD000 ACPI.sys
0xF7ADE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF749C000 pci.sys
0xF75DC000 isapnp.sys
0xF7AE0000 intelide.sys
0xF785C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75EC000 MountMgr.sys
0xF747D000 ftdisk.sys
0xF7AE2000 dmload.sys
0xF7457000 dmio.sys
0xF7864000 PartMgr.sys
0xF75FC000 VolSnap.sys
0xF743F000 atapi.sys
0xF741C000 fasttx2k.sys
0xF7404000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF760C000 disk.sys
0xF761C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73E4000 fltmgr.sys
0xF73D2000 sr.sys
0xF786C000 PxHelp20.sys
0xF73BB000 KSecDD.sys
0xF732E000 Ntfs.sys
0xF7301000 NDIS.sys
0xF762C000 sbp2port.sys
0xF763C000 ohci1394.sys
0xF764C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72E7000 Mup.sys
0xF78AC000 \SystemRoot\system32\DRIVERS\mxofwfp.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF767C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF768C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF716D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6E8E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6E03000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6D59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF685D000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF6800000 \SystemRoot\system32\DRIVERS\hcwPP2.sys
0xF67C2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF641D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7AF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7954000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5E83000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77BC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7974000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7AFC000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7BC2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF780C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AB8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5C7E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF781C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF782C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7994000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5BB3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF784C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5A4E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF769C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5893000 \SystemRoot\system32\DRIVERS\update.sys
0xF72B3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF612B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xED407000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xED3E3000 \SystemRoot\system32\drivers\portcls.sys
0xF60EB000 \SystemRoot\system32\drivers\drmk.sys
0xF60DB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7924000 \SystemRoot\system32\DRIVERS\hidir.sys
0xF772C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF794C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF72B7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7AD0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7AD4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xECA35000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7B10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C6A000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B12000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A4000 \SystemRoot\System32\drivers\vga.sys
0xF7B14000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B18000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xECA7C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xECA02000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEC9A9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEC981000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEC95B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEC939000 \SystemRoot\System32\drivers\afd.sys
0xF783C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76AC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEC90E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEC89E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76BC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF76CC000 \SystemRoot\System32\Drivers\Fips.SYS
0xEC7DA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEC79A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B1C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5883000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79E4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BDF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04B000 \SystemRoot\System32\ati2cqag.dll
0xBF088000 \SystemRoot\System32\ati3duag.dll
0xBF2B7000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB86DC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB842B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8788000 \SystemRoot\system32\drivers\sysaudio.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB81B7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8138000 \SystemRoot\system32\DRIVERS\srv.sys
0xB82A0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB84C8000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF7B3E000 \SystemRoot\system32\drivers\MSPQM.sys
0xB79A0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB72D3000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0xB72E3000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB6554000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB6529000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
728 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
800 C:\WINDOWS\system32\services.exe
812 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\ati2evxx.exe
1008 C:\WINDOWS\system32\svchost.exe
1084 svchost.exe
1180 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1220 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1528 svchost.exe
1672 C:\WINDOWS\system32\spoolsv.exe
1976 svchost.exe
2020 C:\Program Files\LSI SoftModem\agrsmsvc.exe
2036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
132 C:\Program Files\Bonjour\mDNSResponder.exe
188 C:\WINDOWS\ehome\ehRecvr.exe
416 C:\WINDOWS\ehome\ehSched.exe
452 C:\WINDOWS\system32\svchost.exe
552 C:\Program Files\Java\jre6\bin\jqs.exe
580 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
612 C:\Program Files\Common Files\Motive\McciCMService.exe
1244 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1328 C:\WINDOWS\system32\svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1392 C:\WINDOWS\system32\PSIService.exe
1560 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1776 svchost.exe
1808 C:\WINDOWS\system32\svchost.exe
1820 wdfmgr.exe
2308 mcrdsvc.exe
2668 C:\WINDOWS\system32\ati2evxx.exe
2764 C:\WINDOWS\explorer.exe
2828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2836 C:\WINDOWS\SOUNDMAN.EXE
2856 C:\WINDOWS\ALCWZRD.EXE
2868 C:\WINDOWS\ALCMTR.EXE
2892 C:\Program Files\iTunes\iTunesHelper.exe
2912 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2928 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2944 C:\WINDOWS\system32\ctfmon.exe
3136 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
3544 C:\WINDOWS\system32\wuauclt.exe
3680 C:\WINDOWS\system32\svchost.exe
3756 C:\WINDOWS\system32\dllhost.exe
4052 C:\Program Files\iPod\bin\iPodService.exe
372 alg.exe
1452 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
172 C:\Program Files\Mozilla Firefox\firefox.exe
2772 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
1200 C:\WINDOWS\system32\rundll32.exe
3468 C:\Program Files\Messenger\msmsgs.exe
3924 C:\WINDOWS\system32\rdshost.exe
2320 C:\WINDOWS\system32\sessmgr.exe
3288 C:\WINDOWS\system32\msiexec.exe
2072 MpCmdRun.exe
144 L:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
1788 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`be32e000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\K: --> \\.\PhysicalDrive6 at offset 0x00000000`00007e00 (FAT32)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.02
PhysicalDrive6 Model Number: WD4000AAK External, Rev: 1.06
PhysicalDrive1 Model Number: MaxtorOneTouch II, Rev: 023g

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972
372 GB \\.\PhysicalDrive6 RE: Unknown MBR code
SHA1: 79D7AEC487DFDD445C6A0908CE4C984DA566FF03
279 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: AC7F2D4B4E6D4785255BA8207A7D983068D87205

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

broni · 2010/08/21

What are drives K and L?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

palljim23 · 2010/08/24

Those two are network drives.

FYI - I am still being re-directed.

Here is the Combofix log:

ComboFix 10-08-24.07 - HP_Administrator 08/24/2010 19:40:35.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.521 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-22 00:16 . 2010-08-22 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\RcIncidents
2010-08-21 23:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 23:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 13:34 . 2010-08-04 13:34 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6213e512-n\msvcp71.dll
2010-08-04 13:34 . 2010-08-04 13:34 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6213e512-n\jmc.dll
2010-08-04 13:34 . 2010-08-04 13:34 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6213e512-n\msvcr71.dll
2010-08-04 13:34 . 2010-08-04 13:34 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-18bf4c60-n\decora-sse.dll
2010-08-04 13:34 . 2010-08-04 13:34 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-18bf4c60-n\decora-d3d.dll
2010-08-02 19:43 . 2010-08-02 19:45 23113 ----a-w- c:\windows\hpqins15.dat
2010-08-02 00:54 . 2010-08-02 00:55 -------- d-----w- c:\program files\Coupons
2010-07-28 12:45 . 2010-07-28 12:46 -------- d-----w- c:\program files\iTunes
2010-07-28 12:40 . 2010-07-28 12:40 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 23:35 . 2010-01-25 00:37 130040 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-21 23:00 . 2010-01-01 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 19:57 . 2010-05-04 13:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2010-08-02 20:15 . 2010-01-26 03:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPAppData
2010-08-02 19:35 . 2010-02-07 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-07-28 12:45 . 2005-03-25 17:11 -------- d-----w- c:\program files\iPod
2010-07-28 12:45 . 2007-07-08 13:58 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 01:16 . 2006-03-16 17:16 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2010-07-18 21:42 . 2005-01-28 09:40 93447 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-18 21:40 . 2010-07-18 21:40 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
2010-07-18 21:40 . 2010-07-18 21:40 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
2010-07-18 21:40 . 2010-07-18 21:40 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
2010-07-18 21:40 . 2010-07-18 21:40 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
2010-07-18 21:40 . 2010-07-18 21:40 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
2010-07-18 21:40 . 2010-07-18 21:40 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
2010-07-18 21:40 . 2010-07-18 21:40 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
2010-07-18 21:40 . 2010-07-18 21:40 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper.dll
2010-07-18 21:37 . 2010-07-18 21:37 -------- d-----w- c:\program files\LSI SoftModem
2010-07-15 03:56 . 2010-07-15 03:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 01:16 . 2005-03-25 17:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 01:13 . 2005-03-25 17:44 -------- d-----w- c:\program files\InterVideo
2010-07-14 01:10 . 2010-02-07 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-14 01:08 . 2010-07-14 01:08 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a90c42d-n\msvcp71.dll
2010-07-14 01:08 . 2010-07-14 01:08 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a90c42d-n\jmc.dll
2010-07-14 01:08 . 2010-07-14 01:08 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a90c42d-n\msvcr71.dll
2010-07-14 01:08 . 2010-07-14 01:08 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4cca79cb-n\decora-d3d.dll
2010-07-14 01:08 . 2010-07-14 01:08 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4cca79cb-n\decora-sse.dll
2010-07-14 01:08 . 2010-07-14 01:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 23:41 . 2010-07-10 23:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\QuickScan
2010-07-10 00:46 . 2010-07-06 07:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 11:01 . 2010-01-29 22:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-07-02 12:07 . 2010-05-22 19:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-14 14:31 . 2004-08-10 12:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 17:37 . 2010-05-22 19:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-31 20:34 . 2010-07-10 23:38 702120 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 20:34 . 2010-07-10 23:38 868456 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2007-08-03 21:57 . 2007-08-03 21:57 251 -c--a-w- c:\program files\wt3d.ini
2007-01-06 17:14 . 2007-01-06 17:14 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-09-03 00:56 . 2007-06-28 01:32 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMan "= "SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd "= "ALCWZRD.EXE" [2005-09-21 2807808]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2005-09-21 19:32 2807808 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-04 12:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 02:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 18:42 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 19:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 12:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2004-10-25 21:17 90112 ----a-w- c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 03:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2008-09-17 01:14 2065648 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"l:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://68.239.135.123:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://68.239.135.123:100/VideoViewer.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://webcam.geovision.com.tw/cab/OCXChecker_8000.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://webcam.geovision.com.tw/cab/DownloadFile_8000.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 19:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-24 19:56:04
ComboFix-quarantined-files.txt 2010-08-24 23:56

Pre-Run: 10,007,347,200 bytes free
Post-Run: 10,392,670,208 bytes free

- - End Of File - - 844B51B361ABDC8D7DF5FEA265DD260C

broni · 2010/08/24

I don't see much there....

Which browser is getting redirected?

Those two are network drives.
Click to expand...

Can you explain more? Where are they physically located?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

palljim23 · 2010/08/24

Firefox is being redirected to only one site, at least when I am using this PC:

http://promo.videocop.com/landing/6/...jA=&src=guan

Also, when I am logging on to this site, it sometimes just hangs. I have to enter my credentials, press enter, go back to a google search page, and select the site.

Those two drives are external drives attached to this PC and available on the network.

Log 1:

OTL logfile created on: 8/24/2010 8:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 577.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 9.74 Gb Free Space | 5.43% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 312.57 Gb Free Space | 83.91% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 112.17 Gb Free Space | 40.15% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.05 Gb Free Space | 85.60% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.05 Gb Free Space | 85.60% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/17 00:18:36 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:21 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 23:13:25 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/03 18:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/08/10 08:00:00 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/11/04 00:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/03/13 13:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sports.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 15:44:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 20:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 14:20:06 | 000,000,000 | ---D | M]

[2010/04/05 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/08/24 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions
[2008/12/01 22:38:16 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/05/22 19:03:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/15 10:46:06 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\searchplugins\askcom.xml
[2010/08/24 20:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/13 21:08:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/06 13:14:48 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/07/18 16:48:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://68.239.135.123:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://68.239.135.123:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c2/v16.607/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab (DownloadFile Control)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 13:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/19 12:17:48 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.G264 - C:\WINDOWS\system32\GX264.dll (GeoVision)
Drivers32: vidc.GEOV - C:\WINDOWS\system32\GeoCodec.dll File not found
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mpg2 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg3 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 20:20:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/24 20:20:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/21 20:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\RcIncidents
[2010/08/21 19:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/21 19:00:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/01 20:55:08 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/01 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/07/28 08:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/18 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/14 23:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/10 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2010/07/09 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 20:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/05 09:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bella Recital
[2010/07/05 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fio 2
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/22 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/11 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fios
[2010/06/04 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lawn Markings New
[2007/01/06 13:14:59 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/03/25 12:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/24 20:20:17 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/24 19:56:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 19:52:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 19:35:19 | 000,130,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 17:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 14:20:06 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/22 17:59:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/22 13:46:56 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/22 13:41:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 13:41:27 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/22 10:00:10 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 20:46:08 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 20:03:28 | 000,000,832 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 08:07:59 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/08 20:04:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/08/07 22:25:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:55:34 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:47 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:45:34 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/08/01 20:55:09 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/07/28 08:46:32 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/22 07:52:16 | 000,001,104 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/19 00:07:48 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:38:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/18 17:36:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/18 17:14:05 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/18 16:58:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/18 16:58:06 | 000,525,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 16:58:06 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 16:58:06 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/18 16:48:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/13 21:54:14 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/12 07:27:52 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PaperPort.lnk
[2010/07/09 20:46:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 20:36:28 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/09 20:25:13 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/07 09:21:43 | 002,229,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/05 09:30:05 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 20:17:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/02 08:06:35 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 21:23:47 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:41:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/21 20:46:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 18:30:08 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:43:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:46 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:25 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:43:02 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/28 08:46:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/19 00:07:47 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:14:05 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/13 21:54:14 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/10 19:04:18 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 09:21:42 | 002,229,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/06 03:41:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 08:12:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/30 21:22:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:23:23 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/02/06 21:05:00 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\keyfile3.drm
[2010/02/06 20:58:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/02/06 20:43:10 | 000,009,118 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/06 20:43:10 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 06:56:47 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 20:39:47 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/28 16:13:12 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 00:10:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/02/10 00:06:07 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2009/02/10 00:06:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/01/19 19:58:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2009/01/04 16:03:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/01/04 16:03:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/06/06 12:10:56 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2007/08/03 17:57:59 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/06/27 21:32:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/27 12:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 18:34:26 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/04/22 18:34:26 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/04/22 18:34:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/22 18:33:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/04/22 18:33:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/20 15:52:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\fce32.DLL
[2006/08/27 18:35:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/08/27 18:32:42 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/08/21 19:41:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/08/19 17:23:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/15 17:35:32 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/10 23:03:08 | 000,000,819 | ---- | C] () -- C:\WINDOWS\GVComPort.INI
[2006/07/10 21:25:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 22:27:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EventLog.ini
[2006/07/06 22:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2006/07/06 22:21:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GeoMCast.ini
[2006/07/06 22:15:29 | 000,000,188 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2006/06/20 07:18:34 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/04 13:06:53 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/04/13 20:44:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\geoxcli.ini
[2006/04/13 20:44:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2005/09/07 13:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 13:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/25 13:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 13:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 13:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 13:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 13:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 13:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 13:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 13:14:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 13:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 12:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 12:45:39 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 12:35:18 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 12:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 12:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 12:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/18 16:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/06 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/06 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/04/06 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/06/22 17:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/06 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/22 13:46:56 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/03/25 13:45:56 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/07/07 13:03:10 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/02/06 21:22:21 | 004,425,482 | ---- | M] () -- C:\CF-DeQuarantine_logPC1.txt
[2010/02/09 06:58:08 | 000,000,262 | ---- | M] () -- C:\CFScript.txt
[2004/08/10 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/08/24 19:56:07 | 000,021,443 | ---- | M] () -- C:\ComboFix.txt
[2005/01/28 05:41:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/22 13:41:27 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/04 06:59:19 | 000,015,804 | ---- | M] () -- C:\hijackthisPC1.txt
[2005/03/25 12:33:46 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2005/01/28 05:41:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/03/21 13:58:45 | 000,000,299 | -H-- | M] () -- C:\IPH.PH
[2010/03/13 21:06:57 | 000,001,100 | ---- | M] () -- C:\JavaRa.log
[2010/07/10 19:02:25 | 000,001,303 | ---- | M] () -- C:\mbam-log-2010-07-10 (19-02-10).txt
[2010/07/10 19:03:08 | 000,001,387 | ---- | M] () -- C:\mbam-log-2010-07-10 (19-02-55).txt
[2005/01/28 05:41:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/01 23:26:44 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/12 12:44:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/22 13:41:25 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 22:07:11 | 000,000,409 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/09/07 13:00:48 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiCProNT.dll
[2005/09/07 13:00:48 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiMProNT.dll
[2007/03/15 16:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/27 21:28:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/27 21:28:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/27 21:28:56 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

palljim23 · 2010/08/24

Log 2:

OTL Extras logfile created on: 8/24/2010 8:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 577.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 9.74 Gb Free Space | 5.43% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 312.57 Gb Free Space | 83.91% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 112.17 Gb Free Space | 40.15% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.05 Gb Free Space | 85.60% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.05 Gb Free Space | 85.60% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"L:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe" = L:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14642498-477B-458A-8954-7566A2E7A64F}" = PaperPort Professional 11
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = WCreator2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36F514C7-E5DE-474C-8615-0180B5990AB4}" = Photo Album
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5380B111-5047-413D-A6E5-70D69391D08E}" = ebgcRes
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}" = HP Tunes
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E42E47F-DA35-47DC-9EBF-9D3AC1225504}" = ScanSoft PaperPort 11
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{94E3C3CD-C62E-4324-BF0D-438B65C38897}" = PaperPort Professional 11
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB4862FB-0396-4E75-A523-850577EBFC73}" = Security Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 0.9.08
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agatha Christie - Peril At End House" = Agatha Christie - Peril At End House (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Applian FLV Player2.0.24" = Applian FLV Player
"Arnold Palmer Course Designer 1.5 1.0" = Microsoft Arnold Palmer Course Designer 1.5
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BackWeb-309731 Uninstaller" = Updates from HP
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Family Law Software Planner 2006 " = Family Law Software Planner 2006
"Help and Support Additions" = Help and Support Additions
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"IrfanView" = IrfanView (remove only)
"Links 2003 1.0" = Microsoft Links 2003
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MVApplication1" = Memorex exPressit Label Design Studio
"Mystery Case Files Huntsville" = Mystery Case Files Huntsville (remove only)
"NHRA Drag Racing 2" = NHRA Drag Racing 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuadSucker/News_is1" = QuadSucker/News v 4.8
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.22
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"TurboTax 2005" = TurboTax 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip Self-Extractor" = WinZip Self-Extractor
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2010 8:09:58 PM | Computer Name = BIGBOY | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 8/24/2010 8:10:01 PM | Computer Name = BIGBOY | Source = Application Error | ID = 1001
Description = Fault bucket 1228143231.

Error - 8/24/2010 8:11:38 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2010 8:11:45 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1001
Description = Fault bucket 1954950771.

Error - 8/24/2010 8:16:07 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2010 8:17:08 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1001
Description = Fault bucket 1954950771.

Error - 8/24/2010 8:21:52 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2010 8:21:54 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1001
Description = Fault bucket 1954950771.

Error - 8/24/2010 8:23:08 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8324.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2010 8:23:11 PM | Computer Name = BIGBOY | Source = Application Hang | ID = 1001
Description = Fault bucket 1903979814.

[ Media Center Events ]
Error - 7/9/2010 8:17:10 PM | Computer Name = BIGBOY | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/9/2010 8:17:09 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 8/22/2010 7:08:21 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 7:08:36 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 7:08:52 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 7:09:07 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 7:09:22 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 7:38:00 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 7:38:15 AM | Computer Name = BIGBOY | Source = sbp2port | ID = 262153
Description = The device, , did not respond within the timeout period.

Error - 8/22/2010 10:02:11 AM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/22/2010 1:43:24 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/24/2010 7:37:21 PM | Computer Name = BIGBOY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

< End of report >

broni · 2010/08/24

I assume, you checked and there is no redirection in IE?

I can see, your DNS have been hijacked.
We'll attempt to fix it with OTL, but your router may be also infected.
We'll get to it after running OTL fix.

=================================================================

You're running very low on C drive free space:

Drive C: | 179.34 Gb Total Space | 9.74 Gb Free Space | 5.43% Space Free
Click to expand...

It's time to start moving some stuff out of C drive.

================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
[2010/04/15 10:46:06 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\searchplugins\askcom.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40
[2010/06/13 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

palljim23 · 2010/08/26

I will work on having the drive cleaned up a little. Here are the logs:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\Program Files\Ask.com folder moved successfully.
C:\Program Files\GLF2C.tmp\COPRGTB.TTF deleted successfully.
C:\Program Files\GLF2C.tmp folder deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 3384 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 9852389 bytes
->Temporary Internet Files folder emptied: 15987676 bytes
->Java cache emptied: 1877541 bytes
->FireFox cache emptied: 38632194 bytes
->Apple Safari cache emptied: 2051072 bytes
->Flash cache emptied: 15439 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 17800 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Non-admin Account
->Temp folder emptied: 22444 bytes
->Temporary Internet Files folder emptied: 770440 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HelpAssistant

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Non-admin Account
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08262010_201457

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_ab8.dat not found!

Registry entries deleted on Reboot...

OTL logfile created on: 8/26/2010 8:22:28 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 9.69 Gb Free Space | 5.41% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 312.57 Gb Free Space | 83.91% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 112.17 Gb Free Space | 40.15% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.06 Gb Free Space | 85.60% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.06 Gb Free Space | 85.60% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 19:55:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/26 19:55:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 23:13:25 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/11/04 00:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/03/13 13:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sports.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 15:44:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 19:55:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 19:55:46 | 000,000,000 | ---D | M]

[2010/04/05 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/08/26 20:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions
[2008/12/01 22:38:16 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/05/22 19:03:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/26 20:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/06 13:14:48 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/07/18 16:48:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://68.239.135.123:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://68.239.135.123:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c2/v16.607/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab (DownloadFile Control)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 13:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/19 12:17:48 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 20:15:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/26 20:14:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 20:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/24 20:20:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/24 20:20:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/21 20:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\RcIncidents
[2010/08/21 19:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/21 19:00:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/01 20:55:08 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/01 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/07/28 08:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/18 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/14 23:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/10 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2010/07/09 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 20:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/05 09:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bella Recital
[2010/07/05 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fio 2
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/22 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fios
[2010/06/04 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lawn Markings New
[2007/01/06 13:14:59 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/03/25 12:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 90 Days ==========

[2010/08/26 20:28:57 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/08/26 20:24:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/26 20:22:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/26 20:19:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 20:19:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 20:19:03 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 20:16:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/08/25 08:48:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/24 19:52:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 19:35:19 | 000,130,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 17:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 14:20:06 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/22 10:00:10 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 20:46:08 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 20:03:28 | 000,000,832 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 08:07:59 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/07 22:25:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:55:34 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:47 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:45:34 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/08/01 20:55:09 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/07/28 08:46:32 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/22 07:52:16 | 000,001,104 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/19 00:07:48 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:38:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/18 17:36:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/18 17:14:05 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/18 16:58:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/18 16:58:06 | 000,525,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 16:58:06 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 16:58:06 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/18 16:48:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/13 21:54:14 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/12 07:27:52 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PaperPort.lnk
[2010/07/09 20:36:28 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/09 20:25:13 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/07 09:21:43 | 002,229,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/05 09:30:05 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 20:17:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/02 08:06:35 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 21:23:47 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:41:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc

========== Files Created - No Company Name ==========

[2010/08/21 20:46:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 18:30:08 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:43:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:46 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:25 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:43:02 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/28 08:46:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/19 00:07:47 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:14:05 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/13 21:54:14 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/10 19:04:18 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 09:21:42 | 002,229,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/06 03:41:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 08:12:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/30 21:22:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:23:23 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/02/06 21:05:00 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\keyfile3.drm
[2010/02/06 20:58:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/02/06 20:43:10 | 000,009,118 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/06 20:43:10 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 06:56:47 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 20:39:47 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/28 16:13:12 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 00:10:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/02/10 00:06:07 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2009/02/10 00:06:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/01/19 19:58:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2009/01/04 16:03:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/01/04 16:03:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/06/06 12:10:56 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2007/08/03 17:57:59 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/06/27 21:32:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/27 12:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 18:34:26 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/04/22 18:34:26 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/04/22 18:34:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/22 18:33:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/04/22 18:33:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/20 15:52:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\fce32.DLL
[2006/08/27 18:35:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/08/27 18:32:42 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/08/21 19:41:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/08/19 17:23:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/15 17:35:32 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/10 23:03:08 | 000,000,819 | ---- | C] () -- C:\WINDOWS\GVComPort.INI
[2006/07/10 21:25:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 22:27:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EventLog.ini
[2006/07/06 22:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2006/07/06 22:21:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GeoMCast.ini
[2006/07/06 22:15:29 | 000,000,188 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2006/06/20 07:18:34 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/04 13:06:53 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/04/13 20:44:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\geoxcli.ini
[2006/04/13 20:44:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2005/09/07 13:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 13:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/25 13:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 13:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 13:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 13:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 13:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 13:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 13:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 13:14:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 13:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 12:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 12:45:39 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 12:35:18 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 12:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 12:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 12:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/18 16:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/06 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/06 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/04/06 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/06/22 17:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/06 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/26 20:24:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

broni · 2010/08/26

Your DNS are still wrong....

Turn the computer off.

On your router, you'll find a pinhole marked "Reset ".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and post fresh OTL "Quick scan ".

palljim23 · 2010/08/26

I reset the router and lost the wireless, the light is now off and I can not connect to it (FiOS router). Here is the log:

OTL logfile created on: 8/26/2010 8:51:38 PM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 9.76 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 312.57 Gb Free Space | 83.91% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 112.17 Gb Free Space | 40.15% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.08 Gb Free Space | 85.61% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.08 Gb Free Space | 85.61% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 19:55:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/09/16 21:14:46 | 002,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 23:13:25 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/11/04 00:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/03/13 13:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sports.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 15:44:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 19:55:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 19:55:46 | 000,000,000 | ---D | M]

[2010/04/05 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/08/26 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions
[2008/12/01 22:38:16 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/05/22 19:03:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/26 20:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/06 13:14:48 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/07/18 16:48:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://68.239.135.123:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://68.239.135.123:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c2/v16.607/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab (DownloadFile Control)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 13:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/19 12:17:48 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 20:15:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/26 20:14:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 20:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/24 20:20:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/24 20:20:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/21 20:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\RcIncidents
[2010/08/21 19:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/21 19:00:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/01 20:55:08 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/01 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/07/28 08:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/18 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/14 23:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/10 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2010/07/09 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 20:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/05 09:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bella Recital
[2010/07/05 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fio 2
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/22 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fios
[2010/06/04 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lawn Markings New
[2007/01/06 13:14:59 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/03/25 12:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 90 Days ==========

[2010/08/26 20:52:05 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/26 20:49:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/26 20:48:45 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/08/26 20:46:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 20:46:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 20:46:41 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 20:43:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/08/25 08:48:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/24 19:52:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 19:35:19 | 000,130,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 17:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 14:20:06 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/22 10:00:10 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 20:46:08 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 20:03:28 | 000,000,832 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 08:07:59 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/07 22:25:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:55:34 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:47 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:45:34 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/08/01 20:55:09 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/07/28 08:46:32 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/22 07:52:16 | 000,001,104 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/19 00:07:48 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:38:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/18 17:36:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/18 17:14:05 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/18 16:58:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/18 16:58:06 | 000,525,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 16:58:06 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 16:58:06 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/18 16:48:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/13 21:54:14 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/12 07:27:52 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PaperPort.lnk
[2010/07/09 20:36:28 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/09 20:25:13 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/07 09:21:43 | 002,229,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/05 09:30:05 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 20:17:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/02 08:06:35 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 21:23:47 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:41:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc

========== Files Created - No Company Name ==========

[2010/08/21 20:46:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 18:30:08 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:43:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:46 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:25 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:43:02 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/28 08:46:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/19 00:07:47 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:14:05 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/13 21:54:14 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/10 19:04:18 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 09:21:42 | 002,229,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/06 03:41:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 08:12:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/30 21:22:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:23:23 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/02/06 21:05:00 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\keyfile3.drm
[2010/02/06 20:58:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/02/06 20:43:10 | 000,009,118 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/06 20:43:10 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 06:56:47 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 20:39:47 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/28 16:13:12 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 00:10:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/02/10 00:06:07 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2009/02/10 00:06:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/01/19 19:58:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2009/01/04 16:03:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/01/04 16:03:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/06/06 12:10:56 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2007/08/03 17:57:59 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/06/27 21:32:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/27 12:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 18:34:26 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/04/22 18:34:26 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/04/22 18:34:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/22 18:33:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/04/22 18:33:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/20 15:52:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\fce32.DLL
[2006/08/27 18:35:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/08/27 18:32:42 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/08/21 19:41:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/08/19 17:23:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/15 17:35:32 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/10 23:03:08 | 000,000,819 | ---- | C] () -- C:\WINDOWS\GVComPort.INI
[2006/07/10 21:25:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 22:27:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EventLog.ini
[2006/07/06 22:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2006/07/06 22:21:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GeoMCast.ini
[2006/07/06 22:15:29 | 000,000,188 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2006/06/20 07:18:34 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/04 13:06:53 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/04/13 20:44:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\geoxcli.ini
[2006/04/13 20:44:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2005/09/07 13:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 13:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/25 13:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 13:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 13:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 13:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 13:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 13:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 13:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 13:14:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 13:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 12:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 12:45:39 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 12:35:18 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 12:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 12:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 12:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/18 16:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/06 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/06 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/04/06 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/06/22 17:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/06 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/26 20:52:05 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

broni · 2010/08/26

I reset the router and lost the wireless
Click to expand...

Sorry for that, but this is secondary issue at this moment, because the bad entry is still there.

Let's retry...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client "
net start "dns client "

Turn off computer.
Reset router one more time.

Restart everything and post fresh OTL log.

palljim23 · 2010/08/26

OTL logfile created on: 8/26/2010 9:13:38 PM - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 519.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 9.75 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 312.57 Gb Free Space | 83.91% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 112.17 Gb Free Space | 40.15% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.08 Gb Free Space | 85.61% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.08 Gb Free Space | 85.61% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 23:13:25 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/11/04 00:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/03/13 13:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sports.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 15:44:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 19:55:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 19:55:46 | 000,000,000 | ---D | M]

[2010/04/05 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/08/26 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions
[2008/12/01 22:38:16 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/05/22 19:03:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/26 20:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/06 13:14:48 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/07/18 16:48:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://68.239.135.123:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://68.239.135.123:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c2/v16.607/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab (DownloadFile Control)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 13:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/19 12:17:48 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 20:15:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/26 20:14:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 20:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/24 20:20:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/24 20:20:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/21 20:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\RcIncidents
[2010/08/21 19:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/21 19:00:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/01 20:55:08 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/01 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/07/28 08:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/18 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/14 23:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/10 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2010/07/09 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 20:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/05 09:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bella Recital
[2010/07/05 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fio 2
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/22 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fios
[2010/06/04 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lawn Markings New
[2007/01/06 13:14:59 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/03/25 12:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 90 Days ==========

[2010/08/26 21:17:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/26 21:14:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/26 21:11:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 21:11:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 21:11:35 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 21:09:13 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/08/26 21:09:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/08/25 08:48:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 20:19:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/24 19:52:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 19:35:19 | 000,130,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 17:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 14:20:06 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/22 10:00:10 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 20:46:08 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 20:03:28 | 000,000,832 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 08:07:59 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/07 22:25:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:55:34 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:47 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:45:34 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/08/01 20:55:09 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/07/28 08:46:32 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/22 07:52:16 | 000,001,104 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/19 00:07:48 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:38:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/18 17:36:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/18 17:14:05 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/18 16:58:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/18 16:58:06 | 000,525,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 16:58:06 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 16:58:06 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/18 16:48:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/13 21:54:14 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/12 07:27:52 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PaperPort.lnk
[2010/07/09 20:36:28 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/09 20:25:13 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/07 09:21:43 | 002,229,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/05 09:30:05 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 20:17:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/02 08:06:35 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 21:23:47 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:41:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc

========== Files Created - No Company Name ==========

[2010/08/21 20:46:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/21 19:00:05 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 18:30:08 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4E.doc
[2010/08/04 21:43:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee4G.doc
[2010/08/04 21:26:46 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Transposing Chart.doc
[2010/08/02 17:50:25 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LOVE GROWS.doc
[2010/08/02 15:43:02 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/28 08:46:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/24 12:21:36 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Walk Away Renee3.doc
[2010/07/24 12:18:29 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e2.doc
[2010/07/24 12:11:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Just Walk Away RenÃ©e.doc
[2010/07/23 07:23:07 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/22 14:24:14 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Murphy.doc
[2010/07/19 00:07:47 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/18 17:14:05 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/13 21:54:14 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to TFC.lnk
[2010/07/13 21:44:10 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.lnk
[2010/07/12 07:34:57 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/10 19:04:18 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 09:21:42 | 002,229,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/06 03:41:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 08:12:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/30 21:22:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/04 20:23:23 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/02/06 21:05:00 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\keyfile3.drm
[2010/02/06 20:58:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/02/06 20:43:10 | 000,009,118 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/06 20:43:10 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 06:56:47 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 20:39:47 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/28 16:13:12 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 00:10:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/02/10 00:06:07 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2009/02/10 00:06:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/01/19 19:58:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2009/01/04 16:03:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/01/04 16:03:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/06/06 12:10:56 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2007/08/03 17:57:59 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/06/27 21:32:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/27 12:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 18:34:26 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/04/22 18:34:26 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/04/22 18:34:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/22 18:33:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/04/22 18:33:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/20 15:52:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\fce32.DLL
[2006/08/27 18:35:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/08/27 18:32:42 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/08/21 19:41:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/08/19 17:23:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/15 17:35:32 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/10 23:03:08 | 000,000,819 | ---- | C] () -- C:\WINDOWS\GVComPort.INI
[2006/07/10 21:25:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 22:27:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EventLog.ini
[2006/07/06 22:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2006/07/06 22:21:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GeoMCast.ini
[2006/07/06 22:15:29 | 000,000,188 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2006/06/20 07:18:34 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/04 13:06:53 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/04/13 20:44:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\geoxcli.ini
[2006/04/13 20:44:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2005/09/07 13:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 13:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/25 13:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 13:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 13:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 13:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 13:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 13:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 13:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 13:14:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 13:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 12:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 12:45:39 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 12:35:18 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 12:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 12:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 12:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/18 16:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/06 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/06 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/04/06 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/06/22 17:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/06 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/26 21:17:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

broni · 2010/08/26

Good
It worked this time
Yay!

Now, tell me how is redirection.

palljim23 · 2010/08/26

It seems better from what I can tell so far. I still have no wireless though.

Update:

Maybe I spoke too soon. When I post the reply the screen does not always re-load. I have to refresh or go back a page and re-fresh the screen.

broni · 2010/08/26

It seems to be a board issue at the moment.
Having same problems.

Now, I want you to check well and I need to know, if redirections are 100% gone.
That's the most important question right now.

palljim23 · 2010/08/26

I just visited quite a few sites, including yours, and it seems good.

broni · 2010/08/26

Good
Let me go back to see, where we're at.

palljim23 · 2010/08/26

Great. I just need to get the wireless working now.

Log in or Sign up

Solved Re-infected, Re-directions

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Re-infected, Re-directions

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

broni Moderator Malware Analyst

palljim23 Inactive Thread Starter

Share This Page

Useful Searches