Active Possible BackWeb and/or Conficker Malware

[Active] Possible BackWeb and/or Conficker Malware

Computer began acting strangely a couple of weeks ago. It appears that the Symantac AV was disabled. Attempts to download and install AVG and MSE both failed. When the computer is rebooted, we get an HP splash scree that stays for over 5 minutes and then the Windows XP boot screen appears and the boot then continues as normal.

We scanned with Malwarebytes and it found BackWeb-137903 and SuperAntiSpyware found Trojan.Conficker/Variant c:\WINDOWS\SYSTEM32\EHPOWKF.DLL. We have included the DDS and Attach files. Thanks for your help.

Added Note - After submitting this post, I tried to install AVG which had been previously blocked from installing. It appeared that the install could be completed but I halted it pending your guidance. Perhaps Superantispyware removing the Conficker removed the block?

DDS.txt
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 17:17:53.64 on Sat 07/03/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.708 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YATEH3ZE\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us10.hpwis.com/
uDefault_Page_URL = hxxp://us10.hpwis.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearch Bar = hxxp://srch-us10.hpwis.com/
mDefault_Page_URL = hxxp://us10.hpwis.com/
mDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Page = hxxp://srch-us10.hpwis.com/
mStart Page = hxxp://us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = https://wwws.ameritrade.com/apps/LogIn/
uInternet Settings,ProxyOverride = localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe "
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: SpSubLSP.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 hbpspcg;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-2-16 14336]

=============== Created Last 30 ================

2010-07-03 23:25:47 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-07-03 23:04:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-03 23:04:04 9216 ------w- c:\windows\system32\proxycfg.exe
2010-07-03 23:04:04 59392 ------w- c:\windows\system32\logman.exe
2010-07-03 23:04:04 1229 ------w- c:\windows\system32\wbem\wscenter.mof
2010-07-03 22:57:12 19528 ----a-w- c:\windows\005770_.tmp
2010-07-03 22:57:02 15872 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-03 22:29:17 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-07-03 22:29:17 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-03 22:29:13 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-03 22:29:13 0 d-----w- c:\program files\Belarc
2010-07-03 22:28:30 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-03 22:07:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 22:06:59 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 22:06:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 21:35:17 0 d-sh--r- C:\cmdcons
2010-07-03 17:11:54 63488 --sha-w- c:\windows\system32\.exe
2010-07-02 21:45:06 192000 ----a-w- c:\windows\system32\iuengine.dll
2010-07-02 20:36:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-02 20:36:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-02 20:36:45 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-02 20:36:45 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-02 18:50:07 3658 --sha-r- c:\windows\system32\drivers\HP_DW230A-ABA a500n_YC_Pavi_QMXM413_E42NAheBLU4_4_IKelut_SASUSTek Computer INC._V2.02_B3.03_T040209_WXH1_L409_M960_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
2010-07-02 18:41:45 10368 ------w- c:\windows\system32\drivers\pfc.sys
2010-07-02 18:41:36 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-07-02 18:41:36 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-07-02 18:41:36 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-07-02 18:41:36 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-07-02 18:41:36 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-07-02 18:41:36 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-07-02 18:40:07 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-07-02 18:40:07 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-07-02 18:39:22 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-07-02 18:39:21 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-02 06:50:21 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-07-02 06:50:20 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-07-02 06:50:20 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-07-02 06:50:19 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-07-02 06:50:18 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2010-07-02 06:50:16 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-07-02 06:50:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-07-02 06:50:14 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-07-02 06:49:38 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-07-02 06:49:38 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-07-02 04:15:40 0 dcsh--r- c:\windows\system32\dllcache

==================== Find3M ====================

2010-07-03 03:51:24 4119 ----a-w- c:\windows\viassary-hp.reg
2009-01-08 23:00:34 196922880 ----a-w- c:\program files\dbcmhist.exe
2009-01-08 22:35:23 6798648 ----a-w- c:\program files\rw40pk.exe
2005-02-15 19:30:41 37954 -c--a-w- c:\program files\QUICKENW.QIF
2002-09-11 14:26:52 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf

============= FINISH: 17:18:27.48 ===============

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/2/2010 11:43:10 AM
System Uptime: 7/3/2010 4:50:19 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2082/167mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 48.896 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.584 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/3/2010 2:35:10 PM - System Checkpoint
RP2: 7/3/2010 3:57:15 PM - Installed Windows XP Service Pack 2.
RP3: 7/3/2010 1:41:07 PM - System Checkpoint

==== Installed Programs ======================


Adobe Flash Player 10 ActiveX
Adobe Reader 6.0
AiO_Scan
AIOMinimal
AiOSoftware
Belarc Advisor 8.1
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CameraDrivers
Copy
CreativeProjects
Director
DocProc
Easy Internet Sign-up
Excavation from Hewlett-Packard Desktops (remove only)
Fax
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Product Detection
HP PSC & OfficeJet 3.0
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
MUSICMATCH® Jukebox
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
Palm Desktop
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PocketMirror 2.0 for Outlook
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
Readme
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
SkinsHP1
SkinsHP2
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
SUPERAntiSpyware
Toolkit View(HP)
TrayApp
Unload
Updates from HP
WebFldrs XP
WebReg
Windows XP Service Pack 2
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

7/3/2010 4:52:20 PM, error: Service Control Manager [7023] - The Manager Installer service terminated with the following error: The specified module could not be found.
7/3/2010 3:16:31 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP LaserJet 1100 (MS) share name Printer2.
7/3/2010 2:45:55 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
7/3/2010 2:45:55 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgui.exe. Reference error message: The operation completed successfully. .
7/3/2010 2:45:55 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
7/3/2010 2:35:42 PM, error: Service Control Manager [7023] - The Manager Installer service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
7/3/2010 1:25:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k nv_agp SISAGP
7/2/2010 7:11:21 PM, error: DCOM [10003] - Access denied attempting to launch a DCOM Server using DefaultLaunchPermssion. The server is: {00020906-0000-0000-C000-000000000046} The user is Unavailable/Unavailable, SID=Unavailable.
7/2/2010 11:51:07 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

 

Can you please update MBA-M then run a quick scan and post the log.

Continue with the AV installation too.

 

Status of our actions:

1. MBAM updated and scan run - log attached. We ran the quick scan; should we be running the full scan?

2. AVG installed, but we haven't run a scan yet. Should we?

3. We plan to install Service Pack 3. Should we wait until the computer is stable before doing that?

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4275

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/4/2010 11:03:18 AM
mbam-log-2010-07-04 (11-03-18).txt

Scan type: Quick scan
Objects scanned: 134608
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Leave SP3 alone until PC is ok.
Update AVG then run a scan please.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Crunchie,

We ran the AVG complete scan and it found no problems. Below IS the OTL log. The EXTRAS will be in the next post.

OTL

OTL logfile created on: 7/4/2010 5:01:54 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.06 Gb Total Space | 48.67 Gb Free Space | 69.47% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.58 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.57% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-AT5QGAAC3Z
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 17:00:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/04 10:35:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/04 10:34:16 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/04 10:34:15 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/04 10:34:11 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/04 10:33:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/04 10:33:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/29 10:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/01/20 20:59:53 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2004/01/20 18:53:45 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2003/08/21 04:15:48 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/08/20 19:56:14 | 000,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/07/14 18:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2002/07/11 04:03:34 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [1999/12/16 15:10:00 | 000,282,624 | ---- | M] (Palm Computing, Inc.) -- C:\Palm\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/04 17:00:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/01/20 20:59:53 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/04 10:33:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)


========== Driver Services (SafeList) ==========

DRV - [2010/07/04 10:35:10 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/04 10:35:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/04 10:34:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/01/20 20:24:43 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/01/20 19:40:17 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/12/12 09:06:44 | 000,538,236 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/06 03:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 17:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/03 00:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 00:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "MyStart Search "
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&search= "
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost "


[2010/01/25 10:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions
[2010/01/25 10:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/12 08:53:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/25 10:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions\staged-xpis
[2009/06/08 18:52:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\searchplugins\MyStart Search.xml
[2010/04/28 10:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/29 18:31:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/28 10:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/03/29 18:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/03/29 18:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 01:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 01:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 01:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 01:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 01:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/04/12 15:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2002/08/29 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.106.7.196 65.106.1.196
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 18:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: hbpspcg - C:\WINDOWS\System32\ehpowkf.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 17:00:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/04 10:35:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 10:35:08 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/04 10:34:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/04 10:34:57 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/04 10:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/04 10:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/03 16:25:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/03 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/07/03 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/03 15:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/07/03 15:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/03 15:07:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 15:06:59 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 15:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 14:35:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/02 11:52:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/01 21:15:40 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/06/01 03:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ZIP 250 XFR
[2010/04/28 10:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/28 09:43:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/28 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/14 19:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/04/13 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\thinkTDA
[2010/04/06 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/04 17:01:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0DF12B7-6C92-4EE0-98A5-954BDC36968D}.job
[2010/07/04 17:00:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/04 16:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 15:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/04 15:18:20 | 061,649,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 12:25:34 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Outlook Express.lnk
[2010/07/04 10:40:25 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/04 10:35:12 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 10:35:12 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/04 10:35:10 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/04 10:35:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/04 10:34:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/04 10:34:57 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/03 16:53:58 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows BBS.url
[2010/07/03 16:50:50 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/03 16:50:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/03 16:50:30 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 16:50:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 16:44:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/03 16:24:51 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/03 16:18:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/03 16:04:56 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2010/07/03 15:59:07 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/03 15:59:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/03 15:29:15 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/07/03 15:29:15 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/07/03 15:28:32 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/03 15:07:03 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 15:03:13 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/03 15:03:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 13:28:37 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 13:28:37 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 13:28:37 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/03 13:25:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/02 20:51:24 | 000,004,119 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/07/02 20:31:09 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WkCalRem.LNK
[2010/07/02 20:24:09 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Works.LNK
[2010/07/02 16:37:33 | 000,246,784 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/07/02 16:37:33 | 000,000,449 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/07/02 16:36:57 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Palm Desktop.lnk
[2010/07/02 16:36:57 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2010/07/02 15:09:53 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WonderfulWorld.rtf
[2010/07/02 15:07:45 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/02 14:02:48 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2010/07/02 14:01:48 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/07/02 14:01:41 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/02 13:53:53 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/07/02 13:52:24 | 000,000,889 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/02 11:51:03 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Register with HP.url
[2010/07/02 11:50:07 | 000,003,658 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DW230A-ABA a500n_YC_Pavi_QMXM413_E42NAheBLU4_4_IKelut_SASUSTek Computer INC._V2.02_B3.03_T040209_WXH1_L409_M960_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2010/07/02 11:43:10 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/02 11:43:03 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/07/02 11:39:12 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/01 23:50:45 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/28 17:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/02 00:32:58 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Log on to TD AMERITRADE.url
[2010/06/01 21:50:50 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2010/05/25 05:41:46 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/01 13:28:23 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\thinkorswim from TD AMERITRADE.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:24 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/14 18:55:56 | 000,002,319 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2010/04/12 12:16:10 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WebEx Player.LNK
[2010/04/11 11:51:15 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PERF4490P User's Guide.lnk
[2010/04/11 11:48:33 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson PhotoCenter.url
[2010/04/11 11:44:45 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/04/09 20:47:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/05 18:32:29 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\Owner\options360.properties
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/04 12:25:34 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Outlook Express.lnk
[2010/07/04 10:35:12 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/04 10:34:57 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/04 10:34:46 | 061,649,149 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/03 16:53:57 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows BBS.url
[2010/07/03 16:03:55 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/07/03 16:03:54 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/07/03 16:03:52 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/07/03 16:03:47 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/07/03 15:29:15 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/07/03 15:29:15 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/07/03 15:29:13 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/03 15:28:32 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/03 15:07:03 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 20:31:09 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WkCalRem.LNK
[2010/07/02 20:24:09 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Works.LNK
[2010/07/02 16:37:33 | 000,246,784 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/07/02 16:30:39 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2010/07/02 15:09:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WonderfulWorld.rtf
[2010/07/02 14:01:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/07/02 13:53:53 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/07/02 11:51:03 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Register with HP.url
[2010/07/02 11:50:07 | 000,003,658 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_DW230A-ABA a500n_YC_Pavi_QMXM413_E42NAheBLU4_4_IKelut_SASUSTek Computer INC._V2.02_B3.03_T040209_WXH1_L409_M960_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2010/07/02 11:49:31 | 1006,161,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/02 11:42:06 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Best of the Web.lnk
[2010/07/02 11:42:06 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get High-Speed Internet.lnk
[2010/07/02 11:41:54 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/02 11:41:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/07/02 11:41:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/07/02 11:41:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/07/02 11:41:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/07/02 11:41:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/07/02 11:41:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/06/01 21:50:50 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2010/04/13 22:22:58 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\thinkorswim from TD AMERITRADE.lnk
[2010/04/08 21:08:28 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WebEx Player.LNK
[2009/10/08 14:06:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2009/10/08 13:58:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERF4490.ini
[2009/01/08 14:49:40 | 000,000,855 | ---- | C] () -- C:\WINDOWS\Reswiz.ini
[2008/05/22 18:51:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/03/26 08:53:21 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/07 14:00:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/07 14:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stock.INI
[2005/02/15 20:02:23 | 000,000,162 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/08/13 12:15:50 | 000,002,319 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/03 08:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/06/03 08:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/05/15 11:51:46 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2004/04/13 11:34:24 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/02/16 11:46:57 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/22 02:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 02:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 03:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 02:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/20 21:08:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/20 21:07:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/20 21:07:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/20 21:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 20:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 20:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 20:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 20:42:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 20:34:02 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 19:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 18:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 18:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 18:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 18:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 18:20:37 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 17:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/23 01:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/06 23:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/04 10:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/04 10:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/02/06 13:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/06/08 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/06/08 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2004/04/15 07:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0544
[2010/03/27 12:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/07/09 12:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/12/16 22:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/02/24 21:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/19 16:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2007/02/06 13:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2004/01/21 02:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2008/10/25 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/05/09 18:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/10/19 16:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leader Technologies
[2004/05/15 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/11/07 10:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2008/07/07 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2007/10/02 05:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2008/05/22 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2004/01/20 21:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/05/22 18:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2004/07/09 11:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/04/09 21:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2006/03/28 09:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity
[2010/07/02 14:01:48 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/07/04 17:01:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0DF12B7-6C92-4EE0-98A5-954BDC36968D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/10/29 11:21:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/07 20:23:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/07 20:23:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/10/29 11:21:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp2.cab:atapi.sys
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/07 20:23:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/07 20:23:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 05:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 05:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2002/08/29 05:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 05:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2004/01/20 10:08:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/20 10:08:08 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/20 10:08:08 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

 

Crunchie,

Here is the EXTRAS log.


OTL Extras logfile created on: 7/4/2010 5:01:54 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.06 Gb Total Space | 48.67 Gb Free Space | 69.47% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.58 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.57% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-AT5QGAAC3Z
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"8942:TCP" = 8942:TCP:*:Enabled:czgmlqs

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*isabled:BackWeb-137903 -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"BackWeb-137903 Uninstaller" = Updates from HP
"Belarc Advisor" = Belarc Advisor 8.1
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"C56C66C3-3462-4A3F-8661-9E18362A5E7C" = Excavation from Hewlett-Packard Desktops (remove only)
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DA44615A-C243-46A4-8E47-184CFF33CD38" = Five Card Frenzy from Hewlett-Packard Desktops (remove only)
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 3.5
"HPTOOLKIT" = Toolkit View(HP)
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"SpamSubtract" = SpamSubtract
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows XP Service Pack" = Windows XP Service Pack 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pilot Desktop" = Palm Desktop
"PocketMirror 2.0" = PocketMirror 2.0 for Outlook

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2010 6:16:19 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Application Error | ID = 1000
Description = Faulting application quickinstall.exe, version 1.1.2.0, faulting module
quickinstall.exe, version 1.1.2.0, fault address 0x00022e98.

Error - 7/2/2010 7:34:36 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Application Error | ID = 1000
Description = Faulting application palm.exe, version 3.1.0.0, faulting module mfc42.dll,
version 6.0.8665.0, fault address 0x00004045.

Error - 7/2/2010 7:34:58 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Application Error | ID = 1000
Description = Faulting application palm.exe, version 3.1.0.0, faulting module mfc42.dll,
version 6.0.8665.0, fault address 0x00004045.

Error - 7/2/2010 7:37:50 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Application Error | ID = 1000
Description = Faulting application emailwiz.exe, version 3.1.0.0, faulting module
user32.dll, version 5.1.2600.1255, fault address 0x0000e9b6.

Error - 7/2/2010 7:38:35 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Application Error | ID = 1000
Description = Faulting application palm.exe, version 3.1.0.0, faulting module mfc42.dll,
version 6.0.8665.0, fault address 0x00004045.

Error - 7/2/2010 10:56:06 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Application Error | ID = 1000
Description = Faulting application palm.exe, version 3.1.0.0, faulting module mfc42.dll,
version 6.0.8665.0, fault address 0x00004045.

[ System Events ]
Error - 7/3/2010 5:45:55 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgui.exe.
Reference
error message: The operation completed successfully. .

Error - 7/3/2010 6:05:30 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Service Control Manager | ID = 7023
Description = The Manager Installer service terminated with the following error:
%%1114

Error - 7/3/2010 4:25:41 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Service Control Manager | ID = 7023
Description = The Manager Installer service terminated with the following error:
%%1114

Error - 7/3/2010 4:25:41 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k nv_agp SISAGP

Error - 7/3/2010 6:07:02 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/3/2010 6:07:02 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/3/2010 6:07:02 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgui.exe.
Reference
error message: The operation completed successfully. .

Error - 7/3/2010 6:16:31 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer HP LaserJet 1100 (MS) share
name Printer2.

Error - 7/3/2010 6:18:05 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Service Control Manager | ID = 7023
Description = The Manager Installer service terminated with the following error:
%%1114

Error - 7/3/2010 7:52:20 PM | Computer Name = YOUR-AT5QGAAC3Z | Source = Service Control Manager | ID = 7023
Description = The Manager Installer service terminated with the following error:
%%126


< End of report >

 

Are you able to configure HP so that the updates are disabled? If not, you should be able to go into msconfig>Startups and disable it from starting there.

==

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
  
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 20 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

 

Crunchie,

I disabled the HP Updater through msconfig startups but when the system rebooted after OTL, I got a dialog box that I clicked OK on that might have reactivated it.

We got the JavaRa exercise done. However, I lost the log when the computer rebooted. Should I run something again to get it back. (I'll try to remember to "Save as" in the future.)

OTL Log 1

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 82523 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 11606463 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 28270950 bytes

User: Owner
->Temp folder emptied: 117709109 bytes
->Temporary Internet Files folder emptied: 187670643 bytes
->Java cache emptied: 82601993 bytes
->FireFox cache emptied: 3114515 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58625 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 200874519 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8704684 bytes

Total Files Cleaned = 612.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.1 log created on 07052010_075217

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5TGCREKZ\afr[1].php moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5TGCREKZ\iframescript[3].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5TGCREKZ\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\50DTBKWX\93852-active-possible-backweb-conficker-malware[1].html moved successfully.

Registry entries deleted on Reboot...


OTL Text - Log 2

OTL logfile created on: 7/5/2010 8:04:20 AM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 596.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.06 Gb Total Space | 48.85 Gb Free Space | 69.73% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.58 Gb Free Space | 13.12% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.57% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-AT5QGAAC3Z
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 17:00:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/04 10:35:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/04 10:34:16 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/04 10:34:15 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/04 10:34:11 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/04 10:33:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/04 10:33:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/29 10:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/21 04:15:48 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/08/20 19:56:14 | 000,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/08/19 09:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/07/14 18:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 17:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2002/07/11 04:03:34 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [1999/12/16 15:10:00 | 000,282,624 | ---- | M] (Palm Computing, Inc.) -- C:\Palm\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/04 17:00:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ehpowkf.dll -- (hbpspcg)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/04 10:33:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)


========== Driver Services (SafeList) ==========

DRV - [2010/07/04 10:35:10 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/04 10:35:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/04 10:34:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/01/20 20:24:43 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/01/20 19:40:17 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/12/12 09:06:44 | 000,538,236 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/06 03:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 17:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/03 00:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 00:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "MyStart Search "
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&search= "
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost "


[2010/01/25 10:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions
[2010/01/25 10:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/12 08:53:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/25 10:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\extensions\staged-xpis
[2009/06/08 18:52:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jnu6hbs0.default\searchplugins\MyStart Search.xml
[2010/04/28 10:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/29 18:31:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/28 10:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/03/29 18:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/03/29 18:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 01:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 01:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 01:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 01:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 01:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/04/12 15:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/05 07:54:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.106.7.196 65.106.1.196
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 18:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 07:52:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/05 07:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2010/07/04 17:00:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/04 10:35:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 10:35:08 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/04 10:34:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/04 10:34:57 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/04 10:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/04 10:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/03 16:25:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/03 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/07/03 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/03 15:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/07/03 15:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/03 15:07:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 15:06:59 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 15:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 14:35:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/02 11:52:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/01 21:15:40 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/06/01 03:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ZIP 250 XFR
[2010/04/28 10:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/28 09:43:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/28 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/14 19:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/04/13 22:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\thinkTDA
[2010/04/06 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5

========== Files - Modified Within 90 Days ==========

[2010/07/05 08:06:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0DF12B7-6C92-4EE0-98A5-954BDC36968D}.job
[2010/07/05 08:01:39 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/05 08:00:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 08:00:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 08:00:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 08:00:47 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 07:54:21 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/05 07:54:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/05 07:54:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/05 07:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 07:35:38 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2010/07/05 07:34:10 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 07:34:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/05 07:34:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/04 17:00:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/04 15:18:20 | 061,649,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 12:25:34 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Outlook Express.lnk
[2010/07/04 10:35:12 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/04 10:35:12 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/04 10:35:10 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/04 10:35:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/04 10:34:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/04 10:34:57 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/03 16:53:58 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows BBS.url
[2010/07/03 16:24:51 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/03 16:18:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/03 15:59:07 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/03 15:59:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/03 15:29:15 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/07/03 15:29:15 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/07/03 15:28:32 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/03 15:07:03 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 15:03:13 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/03 15:03:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 13:28:37 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 13:28:37 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 13:28:37 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/03 13:25:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/02 20:51:24 | 000,004,119 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/07/02 20:31:09 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WkCalRem.LNK
[2010/07/02 20:24:09 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Works.LNK
[2010/07/02 16:37:33 | 000,246,784 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/07/02 16:37:33 | 000,000,449 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/07/02 16:36:57 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Palm Desktop.lnk
[2010/07/02 16:36:57 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2010/07/02 15:09:53 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WonderfulWorld.rtf
[2010/07/02 15:07:45 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/02 14:02:48 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2010/07/02 14:01:48 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/07/02 14:01:41 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/02 13:52:24 | 000,000,889 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/02 11:51:03 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Register with HP.url
[2010/07/02 11:50:07 | 000,003,658 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DW230A-ABA a500n_YC_Pavi_QMXM413_E42NAheBLU4_4_IKelut_SASUSTek Computer INC._V2.02_B3.03_T040209_WXH1_L409_M960_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2010/07/02 11:43:10 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/02 11:43:03 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/07/02 11:39:12 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/28 17:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/02 00:32:58 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Log on to TD AMERITRADE.url
[2010/06/01 21:50:50 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2010/05/25 05:41:46 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/01 13:28:23 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\thinkorswim from TD AMERITRADE.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:24 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/14 18:55:56 | 000,002,319 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2010/04/12 12:16:10 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WebEx Player.LNK
[2010/04/11 11:51:15 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PERF4490P User's Guide.lnk
[2010/04/11 11:48:33 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson PhotoCenter.url
[2010/04/11 11:44:45 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/04/09 20:47:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/07/05 07:35:37 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2010/07/04 12:25:34 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Outlook Express.lnk
[2010/07/04 10:35:12 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/04 10:34:57 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/04 10:34:46 | 061,649,149 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/03 16:53:57 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows BBS.url
[2010/07/03 16:03:55 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/07/03 16:03:54 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/07/03 16:03:52 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/07/03 16:03:47 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/07/03 15:29:15 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/07/03 15:29:15 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/07/03 15:29:13 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/03 15:28:32 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/03 15:07:03 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 20:31:09 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WkCalRem.LNK
[2010/07/02 20:24:09 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Works.LNK
[2010/07/02 16:37:33 | 000,246,784 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/07/02 16:30:39 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2010/07/02 15:09:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WonderfulWorld.rtf
[2010/07/02 14:01:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/07/02 11:51:03 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Register with HP.url
[2010/07/02 11:50:07 | 000,003,658 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_DW230A-ABA a500n_YC_Pavi_QMXM413_E42NAheBLU4_4_IKelut_SASUSTek Computer INC._V2.02_B3.03_T040209_WXH1_L409_M960_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2010/07/02 11:49:31 | 1006,161,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/02 11:42:06 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Best of the Web.lnk
[2010/07/02 11:42:06 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get High-Speed Internet.lnk
[2010/07/02 11:41:54 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/02 11:41:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/07/02 11:41:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/07/02 11:41:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/07/02 11:41:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/07/02 11:41:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/07/02 11:41:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/06/01 21:50:50 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2010/04/13 22:22:58 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\thinkorswim from TD AMERITRADE.lnk
[2010/04/08 21:08:28 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WebEx Player.LNK
[2009/10/08 14:06:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2009/10/08 13:58:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERF4490.ini
[2009/01/08 14:49:40 | 000,000,855 | ---- | C] () -- C:\WINDOWS\Reswiz.ini
[2008/05/22 18:51:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/03/26 08:53:21 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/07 14:00:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/07 14:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stock.INI
[2005/02/15 20:02:23 | 000,000,162 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/08/13 12:15:50 | 000,002,319 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/03 08:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/06/03 08:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/05/15 11:51:46 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2004/04/13 11:34:24 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/02/16 11:46:57 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/22 02:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 02:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 03:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 02:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/20 21:08:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/20 21:07:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/20 21:07:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/20 21:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 20:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 20:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 20:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 20:42:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 20:34:02 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 19:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 18:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 18:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 18:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 18:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 18:20:37 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 17:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/23 01:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/06 23:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/04 10:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/04 10:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/02/06 13:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/06/08 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/06/08 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2004/04/15 07:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0544
[2010/03/27 12:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/07/09 12:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/12/16 22:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/02/24 21:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/19 16:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2007/02/06 13:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2004/01/21 02:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2008/10/25 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/05/09 18:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/10/19 16:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leader Technologies
[2004/05/15 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/11/07 10:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2008/07/07 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2007/10/02 05:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2008/05/22 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2004/01/20 21:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/05/22 18:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2004/07/09 11:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/04/09 21:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2006/03/28 09:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity
[2010/07/02 14:01:48 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/07/05 08:06:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0DF12B7-6C92-4EE0-98A5-954BDC36968D}.job

========== Purity Check ==========


< End of report >

 

As long as JavaRa ran ok, there shouldn't be a reason to run it again .

How are things with the pc at the moment?

 

Crunchie,

Things seem to be running pretty well right now. On reboot, I got a message, from the msconfig action that we did earlier, that I should change back to normal startup - we had disabled the HP Updater. I did change that back as suggested.

The only problem we have noted is the long time the HP splash screen stays on during boot up - a full 5 minutes. When the splash screen finally goes away, the Windows XP boot screen with the status bar comes on and boot up completes with a couple of minutes. Is this an issue we should chase in another forum? This computer stay on most of the time so the reboot delay is not a significant issue.

Other than that, all seems to be operating well. It is very responsive and crisp in opening and closing programs and features.

 

Does the HP splash come on immediately after booting? If so, you may be able to disable it in BIOS.

 

Crunchie,

We powered the computer off and let it sit for several minutes. When we turned it back on, the HP splash screen came up first, but this time it was only on for about two minutes (down from over five), and then we got a very short black screen that had two options on it but it went away so fast we couldn't read what the two options were.

It then went through the Windows XP window that has the status bar below - only took about 30 seconds for the start screen to appear. So all appears to be well in that regard.

However, a new problem has popped up. We are getting a periodic dialog box that pops up called a "Resolution Notice ". It tells us to reset the resolution to 1024 X 768 for best quality (we checked the resolution and it is set at 1024 X 768). It has two options at the bottom - 1 to Exit and 2 to disable. Keying either 1 or 2 has no effect.

We were getting this dialog box during the boot up process prior to today but it went away after the boot was complete. Now it continues to pop up about every 30 seconds, stays on for about 10 seconds, and then goes away on it's own.

 

Try going into the menu options of your monitor (using the actual monitor buttons) and see if there is an option to disable the resolution notice and set it to disabled, if there.

 

Crunchie,

Your suggestion to use the monitor controls to disable the "Resolution Warning" dialog box was on the mark. Problem solved.

However, the 5 minute long HP splash screen is back. You suggested in a previous post to disable in the Bios. Not sure how to do that. Would that be in the <F1=Setup> option on the splash screen. If so, do you get there by tapping the F1 during the boot up?

 

Generally to get into bios one would tap the delete key on the motherboard. Different manufacturers vary though.
Once in the bios there should (hopefully) be an option to disable the splash. You will have to use the keyboard to navigate through the different options. F10 will save any changes you make.

 

We were able to get into the BIOS and found a "Boot Tab ". It had the following:

Should I "Enable ". Was reluctant to try it since I am not real comfortable in BIOS and Registry areas. There was also a menu heading called "Boot Device Priority ". It appeared that it would give me some options if I clicked on it. Anything I should do with that?

 

I think it will be something like 'full screen logo' or some such that you are looking for.
Other than that, I am not real sure what else it may be .

 

Crunchie,

We will take a look for something like "full screen logo ". As I said, this machine stays on all the time so the long boot time is not a big issue so if we don't get it fixed it's not a deal breaker. If it becomes an issue later, we will pursue it in another forum.

Everything else seems fine so we are happy. Are we clean enough now to deal with XP SP3? Thanks so much for your time and attention. We really do appreciate it. And by the way - do you ever sleep?

 

Sleep? Oh yeah, I remember that .

Go ahead and install SP3 as it should all be good now.

 

Crunchie,

I think we are good to go. SP3 is in place along with 81 other security updates. Everything seems to be working Okay except for the splash screen thing but that is no big problem. I know the Malware Analyst and not the helpee is the one that decides when these threads are resolved but we are happy and if you want to go ahead and mark this one "Resolved ", please do.

Again, thanks for your time and effort.