HijackThis Log - When trying to access Windows Update..."Page cannot be displayed"

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
I've been having malware issues lately, and have performed numerous scans with different programs:

MalwareBytes (removed several threats)
Avira Antivir (found nothing)
Ad-aware (bad cookies)
Safety.live.com - found items but couldn't fix it

The popups (more like new tabs, as I had the popup blocker enabled) have stopped, and it seems to be running better, but the weird thing is I can't access Windows Updates. It just says "This page cannot be displayed".

Also, the yellow shield in the system tray shows up when you first boot up, but then it goes away, as if a program/registry entry has not loaded yet when that icon first loads, but then kicks it out when it does load up.

We did some searches, and found that we should just run HiJackThis and post the log for you smart guys to analyze.

So, here it is.

Thanks!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:14:34 PM, on 6/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: FreeRIP.com Toolbar - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &FreeRIP Search - res://C:\Program Files\FreeRIP3\toolband.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0df190e34c104293abce5755dc791b7a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0df190e34c104293abce5755dc791b7a
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13657 bytes
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
Hiya and welcome to Tech Support Guy :)


Can you post the contents of the MBAM log, by opening the program and clicking on the Logs tab. Select the latest one, Open and copy/paste here.



Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.





Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Hi,

Thanks. I did what you requested, and here are the results.


MBAM log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6911

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/21/2011 1:11:41 PM
mbam-log-2011-06-21 (13-11-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 364875
Time elapsed: 44 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SUPERAntiSpyware scan Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2011 at 09:51 PM

Application Version : 4.55.1000

Core Rules Database Version : 7370
Trace Rules Database Version: 5182

Scan type : Complete Scan
Total Scan Time : 01:46:24

Memory items scanned : 800
Memory threats detected : 0
Registry items scanned : 8185
Registry threats detected : 1
File items scanned : 141927
File threats detected : 1

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:38 PM, on 7/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\docume~1\hp_adm~1\locals~1\temp\teamviewer\version6\TeamViewer_Desktop.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TeamViewer\Version6\tv_w32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: FreeRIP.com Toolbar - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14038 bytes


Thanks!
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Hi Eddie,

Thanks for replying so promptly. Not sure why, but I didn't receive email notification of your post.

In any respect, here are the logs that you requested:

OTL.txt

OTL logfile created on: 7/16/2011 4:27:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.43% Memory free
3.78 Gb Paging File | 3.00 Gb Available in Paging File | 79.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 209.34 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32

Computer Name: UR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/16 16:25:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/07/16 06:24:01 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/07/16 06:23:58 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/07/01 07:32:52 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/01 06:35:05 | 002,133,368 | ---- | M] (TeamViewer GmbH) -- c:\Documents and Settings\HP_Administrator\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/06/01 06:34:03 | 006,955,384 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/06/01 05:16:33 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TeamViewer\Version6\tv_w32.exe
PRC - [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/12/13 05:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/03/24 19:20:12 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/10/04 10:53:02 | 000,462,848 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Rhapsody\rhaphlpr.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 15:03:50 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/26 21:51:16 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006/09/26 21:51:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/06 18:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/04/06 18:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/04/06 18:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/07/16 16:25:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2011/06/01 05:16:33 | 000,050,040 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TeamViewer\Version6\tv_w32.dll
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2004/08/09 14:00:00 | 000,149,019 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crtdll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/23 15:03:50 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 06:59:51 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/07 14:55:58 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/07 14:55:34 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/07/07 14:53:48 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/06 10:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/09 15:24:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/09 15:22:53 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/04/15 14:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/02/27 15:12:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/13 16:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/02 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/10/05 13:20:42 | 000,132,320 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/11/24 20:28:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/11/21 00:13:57 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/03 08:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 08:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 04:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 04:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 08:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{03ED094E-6546-4294-96BD-7714E87DA888}: C:\Documents and Settings\HP_Administrator\Application Data\My.Freeze.com NetAssistant\ [2010/09/28 10:35:01 | 000,000,000 | ---D | M]

[2010/08/04 19:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/07/16 06:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions
[2010/08/04 20:27:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/16 06:32:44 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/03/06 17:00:01 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\[email protected]
[2010/11/03 06:13:20 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\askcom.xml
[2011/03/06 16:31:02 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\bing-zugo.xml
[2010/11/23 17:18:02 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\web-search-powered-by-google.xml
[2011/06/18 17:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/06 18:17:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2010/05/18 22:05:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 08:07:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 15:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{0bbd404b-9ed6-11dd-8b82-0018f388ed50}\Shell\AutoRun\command - "" = "J:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell - "" = AutoRun
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 16:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody
[2011/07/05 17:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/29 07:18:18 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/28 15:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/28 15:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/28 15:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/28 09:47:04 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/21 18:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TeamViewer
[2011/06/21 18:02:55 | 002,663,248 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Desktop\TeamViewerQS_en.exe
[2011/06/21 17:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/21 17:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\HiJackThis
[2011/06/20 15:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/19 08:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/18 08:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/06/18 00:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/17 22:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/17 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/17 16:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/17 16:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/16 16:23:26 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/07/16 16:23:26 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/07/16 16:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/16 15:46:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/07/16 15:45:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/16 15:45:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/16 15:45:58 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/07/16 15:45:57 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/07/16 15:45:57 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/07/16 14:27:50 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/16 14:27:49 | 025,432,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Money.mny
[2011/07/16 10:35:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011/07/16 06:29:41 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/16 06:27:55 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/16 06:27:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/16 06:23:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/16 06:23:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/16 06:23:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/07/14 17:56:46 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/14 12:00:49 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/07/14 12:00:49 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\0FAFA1
[2011/07/13 22:38:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/13 06:55:48 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 06:32:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 16:49:37 | 005,240,044 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf
[2011/07/07 17:02:09 | 406,808,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 22:26:38 | 000,014,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11
[2011/07/05 06:00:45 | 000,000,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/29 07:19:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/28 15:57:06 | 098,773,280 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa
[2011/06/28 15:52:12 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/28 15:36:24 | 098,773,280 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa
[2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/22 15:09:25 | 000,483,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/22 15:09:25 | 000,080,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/22 10:42:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 18:02:56 | 002,663,248 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Desktop\TeamViewerQS_en.exe
[2011/06/21 17:42:49 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis (2).lnk
[2011/06/21 17:42:17 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2011/06/21 15:43:38 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Internet Explorer cannot display the webpage - Microsoft Answers.url
[2011/06/19 14:04:46 | 000,103,038 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ryder.jpg
[2011/06/19 10:16:20 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Comcast Rhapsody.lnk
[2011/06/19 10:16:20 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Rhapsody.lnk
[2011/06/19 07:47:27 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/06/18 17:30:34 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/18 17:30:34 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 16:23:26 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/07/16 16:23:26 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/07/15 07:26:13 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/07/15 07:26:13 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/07/15 07:26:12 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/07/15 07:26:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/07/12 16:49:28 | 005,240,044 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf
[2011/07/07 16:56:41 | 406,808,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4
[2011/07/05 22:26:38 | 000,014,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11
[2011/07/05 17:00:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/05 05:58:30 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/28 15:54:46 | 098,773,280 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa
[2011/06/28 15:52:12 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/28 15:33:56 | 098,773,280 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa
[2011/06/22 10:26:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 17:42:49 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis (2).lnk
[2011/06/21 17:42:17 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2011/06/21 15:43:38 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Internet Explorer cannot display the webpage - Microsoft Answers.url
[2011/06/19 14:04:41 | 000,103,038 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ryder.jpg
[2011/06/19 07:47:27 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/09 15:39:13 | 006,904,040 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/05/09 15:39:13 | 000,017,851 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/04/20 06:38:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 06:38:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/21 19:26:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/15 03:12:03 | 000,182,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/10 22:24:15 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 14:44:56 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/07 14:44:30 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/07 14:44:20 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 15:18:15 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 15:17:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/05/14 15:17:54 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/05/02 15:14:47 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ANICONFIG_{733C4DEA-D1A4-455F-A96C-CDF0907D00C9}.ini
[2010/05/02 15:12:39 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/04/16 06:28:41 | 000,070,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/31 08:57:58 | 000,023,088 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/09 15:38:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/09 15:01:57 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/09 13:33:28 | 000,144,620 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2007/12/25 11:12:49 | 000,003,352 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/17 08:15:37 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/17 08:14:24 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/11/17 07:46:38 | 000,746,998 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/10/24 20:02:45 | 000,011,248 | ---- | C] () -- C:\WINDOWS\hpwscr16.dat
[2007/10/24 20:00:40 | 000,001,162 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2007/07/11 10:08:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\presets.ini
[2007/03/11 09:44:00 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/31 09:33:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/12/28 16:45:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/22 08:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/22 08:34:41 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2006/11/21 10:45:38 | 000,000,726 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/11/21 10:38:14 | 000,000,014 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/21 08:20:44 | 000,002,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/11/21 07:42:24 | 000,005,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/21 07:40:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/11/21 07:16:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2006/11/21 00:36:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/20 22:50:45 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 21:27:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/20 21:23:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/20 21:09:58 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 16:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 15:49:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/19 15:45:16 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/19 15:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 15:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 15:41:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 15:29:45 | 000,000,570 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/19 15:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 15:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 15:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 15:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 15:21:15 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/19 15:20:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/19 15:20:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/19 15:20:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/19 15:20:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/19 15:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/19 15:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 15:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/19 15:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 15:19:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/19 15:19:59 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/19 15:19:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/19 15:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 14:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 14:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 14:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 04:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/15 19:44:17 | 000,159,743 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/15 19:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 14:07:46 | 000,483,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 14:07:46 | 000,080,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 14:05:30 | 000,313,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 14:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 13:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 01:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 01:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >


-----------------------------

Extras.txt

OTL Extras logfile created on: 7/16/2011 4:27:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.43% Memory free
3.78 Gb Paging File | 3.00 Gb Available in Paging File | 79.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 209.34 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32

Computer Name: UR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"5191:TCP" = 5191:TCP:*:Enabled:The Browser Highlighter XCOM
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1164094594\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1164094594\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Common Files\AOL\1164130994\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1164130994\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1164211949\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1164211949\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\1164211949\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1164211949\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\tbh\base\bin\tbhDaemon.exe" = C:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon -- ()
"C:\Program Files\tbh\monitor\bin\tbhMonitor.exe" = C:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Comcast Rhapsody\rhapsody.exe" = C:\Program Files\Comcast Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{03ED094E-6546-4294-96BD-7714E87DA888}" = My.Freeze.com NetAssistant
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}" = CASIO USB Driver V1.2.2474.0623
"{097346E0-6A51-11D1-AD16-00A0C95E0503}" = Visual IP InSight 5.8 (SBC)
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14980FD9-5BAF-4AD1-8051-7F2E9BB13EEC}" = Canon PhotoRecord
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40FAB9CD-D1A8-44DC-9B61-38B135E26E67}_is1" = Ask Default Search
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{56B9EC21-BCF5-4B86-B908-D8A2C5F48C10}" = Camera Window
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D51C5DC-3604-4C3B-981B-309340755447}" = Pantech Handset Driver
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75852F49-2CAF-443F-B7C2-53DE5847DE56}" = OpenOffice.org 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{849089CF-4988-49ED-A2DD-110CD5D9D7E8}" = PerformanceTest
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86B32074-0F48-4CF9-BA4B-529B470FB47F}" = BlackBerry Desktop Software 5.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM Toolbar" = AIM Toolbar 5.0
"AOL Deskbar" = AOL Deskbar
"AOL Toolbar" = AOL Toolbar
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{86B32074-0F48-4CF9-BA4B-529B470FB47F}" = BlackBerry Desktop Software 5.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Comcast Rhapsody" = Comcast Rhapsody
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Directory Submitter_is1" = Directory Submitter 1.0.24
"DISCover" = DISCover
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FinalMediaPlayer_is1" = Final Media Player 2010
"GoldWave v5.58" = GoldWave v5.58
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"Hear & Play Song Learner Pro_is1" = Hear & Play Song Learner Pro
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{56B9EC21-BCF5-4B86-B908-D8A2C5F48C10}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Linksys Wireless Manager" = Linksys Wireless Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVApplication1" = Memorex exPressit Label Design Studio
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pamela" = Pamela Pro 4.7
"Picasa2" = Picasa 2
"PITCH_is1" = PITCH 1.1.2.1
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Rhapsody" = Rhapsody
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant for Firefox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/15/2011 2:59:07 PM | Computer Name = UR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application Pamela.exe, version 4.7.0.74, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2011 3:00:44 PM | Computer Name = UR-4DACD0EA75 | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/15/2011 3:00:49 PM | Computer Name = UR-4DACD0EA75 | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/15/2011 6:46:18 PM | Computer Name = UR-4DACD0EA75 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/15/2011 9:59:33 PM | Computer Name = UR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application Pamela.exe, version 4.7.0.74, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2011 9:59:36 PM | Computer Name = UR-4DACD0EA75 | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/16/2011 12:46:10 AM | Computer Name = UR-4DACD0EA75 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/16/2011 9:26:10 AM | Computer Name = UR-4DACD0EA75 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/16/2011 12:46:16 PM | Computer Name = UR-4DACD0EA75 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/16/2011 6:46:15 PM | Computer Name = UR-4DACD0EA75 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 7/13/2011 9:27:25 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/13/2011 9:56:43 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/13/2011 9:57:17 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 7/13/2011 9:57:27 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 7/14/2011 10:40:35 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/14/2011 10:41:18 PM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/14/2011 10:41:54 PM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 7/14/2011 10:42:03 PM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 7/15/2011 10:18:32 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/16/2011 9:24:10 AM | Computer Name = UR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
It happen's now and then, as I sometimes don't get them either :(


Download SREng
  • Extract it to Desktop and double click SREngLdr.EXE to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:


  • Close SREng now.


----------


After doing that, uninstall these programs because they're not needed or are outdated or are dangerous to use.

If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later :)


Viewpoint Media Player
Ask Toolbar
Ask Default Search




Then, can you do this for me:


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.order.2: "Ask.com"
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found
    [2011/03/06 17:00:01 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\[email protected]
    [2010/11/03 06:13:20 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\askcom.xml
    [2011/03/06 16:31:02 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\bing-zugo.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - No CLSID value found.
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = File not found
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]
    [2011/07/05 06:00:45 | 000,000,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/07/13 06:32:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/22 10:42:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2006/11/20 22:50:45 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    :Files
    ipconfig /flushdns /c 
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



eddie
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Hi Eddie:
For SREng, there were nor file associations with errors
Ask Default Search could not be uninstalled
Error message I get from Add/remove programs when I tried to uninstall it:


File: "C:\Program Files\AskSearch\unins000.dat" does not exist. Cannot uninstall.




New results:
OTL logfile created on: 7/19/2011 2:48:40 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.62% Memory free
3.78 Gb Paging File | 2.93 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 209.37 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32

Computer Name: UR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/19 14:39:48 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/07/19 07:52:12 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/07/16 16:25:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/07/01 07:32:52 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 04:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/12/13 05:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/03/24 19:20:12 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 15:03:50 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/09/26 21:51:16 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006/09/26 21:51:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/06 18:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/04/06 18:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/04/06 18:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/07/16 16:25:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/23 15:03:50 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 06:59:51 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/07 14:55:58 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/07 14:55:34 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/07/07 14:53:48 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/06 10:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/09 15:24:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/09 15:22:53 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/04/15 14:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/02/27 15:12:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/13 16:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/02 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/10/05 13:20:42 | 000,132,320 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/11/24 20:28:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/11/21 00:13:57 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/03 08:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 08:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 04:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 04:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 08:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{03ED094E-6546-4294-96BD-7714E87DA888}: C:\Documents and Settings\HP_Administrator\Application Data\My.Freeze.com NetAssistant\ [2010/09/28 10:35:01 | 000,000,000 | ---D | M]

[2010/08/04 19:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/07/16 06:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions
[2010/08/04 20:27:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/16 06:32:44 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/03/06 17:00:01 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\[email protected]
[2010/11/03 06:13:20 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\askcom.xml
[2011/03/06 16:31:02 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\bing-zugo.xml
[2010/11/23 17:18:02 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\web-search-powered-by-google.xml
[2011/06/18 17:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/06 18:17:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2010/05/18 22:05:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 08:07:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 15:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{0bbd404b-9ed6-11dd-8b82-0018f388ed50}\Shell\AutoRun\command - "" = "J:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell - "" = AutoRun
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 12:41:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/16 16:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody
[2011/07/05 17:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/29 07:18:18 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/28 15:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/28 15:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/28 15:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/28 09:47:04 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/21 18:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TeamViewer
[2011/06/21 18:02:55 | 002,663,248 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Desktop\TeamViewerQS_en.exe
[2011/06/21 17:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/21 17:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\HiJackThis
[2011/06/20 15:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 14:47:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/07/19 14:47:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/07/19 14:47:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/07/19 14:47:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/07/19 14:42:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/19 14:40:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/19 14:39:34 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/19 14:39:30 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011/07/19 14:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 14:39:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/19 14:39:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/07/19 14:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/19 09:46:43 | 025,477,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Money.mny
[2011/07/19 09:46:19 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/07/19 09:46:19 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\0FAFA1
[2011/07/19 09:46:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/19 09:46:00 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/18 18:16:40 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/16 16:23:26 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/07/16 16:23:26 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/07/14 17:56:46 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/13 22:38:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/13 06:55:48 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 06:32:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 16:49:37 | 005,240,044 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf
[2011/07/07 17:02:09 | 406,808,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 22:26:38 | 000,014,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11
[2011/07/05 06:00:45 | 000,000,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/28 15:57:06 | 098,773,280 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa
[2011/06/28 15:52:12 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/28 15:36:24 | 098,773,280 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa
[2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/22 15:09:25 | 000,483,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/22 15:09:25 | 000,080,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/22 10:42:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 18:02:56 | 002,663,248 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\HP_Administrator\Desktop\TeamViewerQS_en.exe
[2011/06/21 17:42:49 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis (2).lnk
[2011/06/21 17:42:17 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2011/06/21 15:43:38 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Internet Explorer cannot display the webpage - Microsoft Answers.url
[6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/19 14:45:55 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/07/19 14:45:55 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/07/19 14:45:54 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/07/19 14:45:54 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/07/16 16:23:26 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/07/16 16:23:26 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/07/12 16:49:28 | 005,240,044 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf
[2011/07/07 16:56:41 | 406,808,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4
[2011/07/05 22:26:38 | 000,014,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11
[2011/07/05 17:00:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/05 05:58:30 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/28 15:54:46 | 098,773,280 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa
[2011/06/28 15:52:12 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/28 15:33:56 | 098,773,280 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa
[2011/06/22 10:26:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 17:42:49 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis (2).lnk
[2011/06/21 17:42:17 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2011/06/21 15:43:38 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Internet Explorer cannot display the webpage - Microsoft Answers.url
[2011/06/19 07:47:27 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/09 15:39:13 | 006,904,040 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/05/09 15:39:13 | 000,017,851 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/04/20 06:38:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 06:38:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/21 19:26:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/15 03:12:03 | 000,182,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/10 22:24:15 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 14:44:56 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/07 14:44:30 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/07 14:44:20 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 15:18:15 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 15:17:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/05/14 15:17:54 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/05/02 15:14:47 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ANICONFIG_{733C4DEA-D1A4-455F-A96C-CDF0907D00C9}.ini
[2010/05/02 15:12:39 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/04/16 06:28:41 | 000,070,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/31 08:57:58 | 000,023,088 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/09 15:38:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/09 15:01:57 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/09 13:33:28 | 000,144,620 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2007/12/25 11:12:49 | 000,003,352 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/17 08:15:37 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/17 08:14:24 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/11/17 07:46:38 | 000,746,998 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/10/24 20:02:45 | 000,011,248 | ---- | C] () -- C:\WINDOWS\hpwscr16.dat
[2007/10/24 20:00:40 | 000,001,162 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2007/07/11 10:08:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\presets.ini
[2007/03/11 09:44:00 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/31 09:33:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/12/28 16:45:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/22 08:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/22 08:34:41 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2006/11/21 10:45:38 | 000,000,726 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/11/21 10:38:14 | 000,000,014 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/21 08:20:44 | 000,002,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/11/21 07:42:24 | 000,005,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/21 07:40:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/11/21 07:16:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2006/11/21 00:36:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/20 22:50:45 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 21:27:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/20 21:23:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/20 21:09:58 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 16:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 15:49:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/19 15:45:16 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/19 15:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 15:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 15:41:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 15:29:45 | 000,000,570 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/19 15:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 15:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 15:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 15:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 15:21:15 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/19 15:20:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/19 15:20:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/19 15:20:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/19 15:20:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/19 15:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/19 15:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 15:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/19 15:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 15:19:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/19 15:19:59 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/19 15:19:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/19 15:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 14:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 14:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 14:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 04:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/15 19:44:17 | 000,159,743 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/15 19:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 14:07:46 | 000,483,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 14:07:46 | 000,080,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 14:05:30 | 000,313,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 14:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 13:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 01:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 01:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/15 17:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2007/11/26 10:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
[2006/08/19 15:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/05/31 19:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/05/14 15:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/08/04 19:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/07/05 06:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/19 12:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/20 21:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2006/08/19 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/02 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/10 19:48:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/02/09 19:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/19 14:47:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/07/19 14:47:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/07/19 14:47:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/07/19 14:47:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/07/19 14:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/07/19 14:39:30 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job

========== Purity Check ==========



< End of report >
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
Thanks for letting me know about the problem uninstalling Ask :)

Also, it looks like the OTL fix didn't remove much, so lets try it this way instead :)

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Thanks Eddie. Also the times before the OTS did freeze a couple of times but completed this time. Here's the log:
Code:
OTS logfile created on: 7/21/2011 9:53:47 PM - Run 1
OTS by OldTimer - Version 3.1.44.0     Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 209.00 Gb Free Space | 72.26% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: UR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2011/07/21 21:53:24 | 000,645,120 | ---- | M] (OldTimer Tools)
tbhsystray.exe -> C:\Program Files\tbh\base\bin\tbhSystray.exe -> [2011/07/21 06:16:42 | 000,492,840 | ---- | M] (eBay)
tbhdaemon.exe -> c:\Program Files\tbh\base\bin\tbhDaemon.exe -> [2011/07/21 06:16:40 | 000,070,952 | ---- | M] ()
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2011/07/01 07:32:52 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com)
avwebgrd.exe -> C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -> [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH)
avmailc.exe -> C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -> [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/06/28 04:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited)
rhaphlpr.exe -> C:\Program Files\Comcast Rhapsody\rhaphlpr.exe -> [2011/05/10 17:49:34 | 000,729,088 | ---- | M] (Rhapsody International Inc.)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH)
audibledownloadhelper.exe -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe -> [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.)
v cast backup scheduler.exe -> C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe -> [2010/12/13 05:49:44 | 005,247,624 | ---- | M] ()
motoconnectservice.exe -> C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -> [2010/06/24 14:34:52 | 000,091,456 | ---- | M] ()
motoconnect.exe -> C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe -> [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola)
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.)
avshadow.exe -> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe -> [2010/03/24 19:20:12 | 000,076,968 | ---- | M] (Avira GmbH)
jucheck.exe -> C:\Program Files\Common Files\Java\Java Update\jucheck.exe -> [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.)
tbhmonitor.exe -> C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -> [2009/10/22 14:57:44 | 000,070,952 | ---- | M] ()
setpoint.exe -> C:\Program Files\Logitech\SetPoint\SetPoint.exe -> [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.)
khalmnpr.exe -> C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe -> [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.)
nmsrvc.exe -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
nmctxth.exe -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
googleupdater.exe -> C:\Program Files\Google\Google Updater\GoogleUpdater.exe -> [2008/10/08 14:56:56 | 000,161,264 | ---- | M] (Google)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
symlcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 15:03:50 | 001,251,720 | ---- | M] ()
apdproxy.exe -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated)
soffice.bin -> C:\Program Files\OpenOffice.org 2.0\program\soffice.bin -> [2006/09/26 21:51:16 | 002,486,272 | ---- | M] (OpenOffice.org)
soffice.exe -> C:\Program Files\OpenOffice.org 2.0\program\soffice.exe -> [2006/09/26 21:51:14 | 002,334,720 | ---- | M] (OpenOffice.org)
dmascheduler.exe -> C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe -> [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions)
discover.exe -> C:\Program Files\DISC\DISCover.exe -> [2006/04/06 18:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation)
discupdmgr.exe -> C:\Program Files\DISC\DISCUpdMgr.exe -> [2006/04/06 18:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
discstreamhub.exe -> C:\Program Files\DISC\DiscStreamHub.exe -> [2006/04/06 18:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
arpwrmsg.exe -> C:\WINDOWS\arpwrmsg.exe -> [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft)
arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2011/07/21 21:53:24 | 000,645,120 | ---- | M] (OldTimer Tools)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll -> [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
lgscroll.dll -> C:\Program Files\Logitech\SetPoint\lgscroll.dll -> [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.)
 
[Win32 Services - Safe List]
(AntiVirWebService) Avira AntiVir WebGuard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -> [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH)
(AntiVirMailService) Avira AntiVir MailGuard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -> [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH)
(MotoConnect Service) MotoConnect Service [Auto | Running] -> C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -> [2010/06/24 14:34:52 | 000,091,456 | ---- | M] ()
(LVPrcSrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -> [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.)
(tbhMonitor.exe) The Browser Highlighter Monitor [Auto | Running] -> C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -> [2009/10/22 14:57:44 | 000,070,952 | ---- | M] ()
(LBTServ) Logitech Bluetooth Service [On_Demand | Stopped] -> C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -> [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.)
(nmservice) Pure Networks Platform Service [Auto | Running] -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(Symantec Core LC) Symantec Core LC [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 15:03:50 | 001,251,720 | ---- | M] ()
(ARSVC) ARSVC [Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft)
 
[Driver Services - Safe List]
(SBRE) SBRE [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\SBREDrv.sys -> [2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software)
(sbapifs) sbapifs [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\sbapifs.sys -> [2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software)
(sbaphd) sbaphd [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\sbaphd.sys -> [2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH)
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -> [2011/04/14 06:59:51 | 000,015,232 | ---- | M] ()
(FilterService) UVCFilterService [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvcflt.sys -> [2010/07/07 14:55:58 | 000,023,904 | ---- | M] (Logitech Inc.)
(LVUVC) Logitech Webcam Pro 9000(UVC) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\lvuvc.sys -> [2010/07/07 14:55:34 | 006,842,464 | ---- | M] (Logitech Inc.)
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvrs.sys -> [2010/07/07 14:53:48 | 000,282,336 | ---- | M] (Logitech Inc.)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2010/07/06 10:28:45 | 000,064,288 | ---- | M] (Lavasoft AB)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(LVPr2Mon) LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2010/05/07 18:43:30 | 000,025,824 | ---- | M] ()
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/02/09 15:24:34 | 000,028,520 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2010/02/09 15:22:53 | 000,011,608 | ---- | M] (Avira GmbH)
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LMouKE.Sys -> [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.)
(LBeepKE) LBeepKE [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\LBeepKE.sys -> [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\L8042mou.Sys -> [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L8042Kbd.sys -> [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.)
(rt2870) D-Link 802.11n USB Wireless LAN Card Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2870.sys -> [2009/04/15 14:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.)
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -> [2009/02/27 15:12:36 | 000,049,904 | R--- | M] (Avanquest Software)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.)
(RT80x86) Linksys WPC600N/WMP600N Wireless-N Card Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2860.sys -> [2009/01/13 16:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.)
(purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\purendis.sys -> [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.)
(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\pnarp.sys -> [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/09/02 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\irbus.sys -> [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
(symsnap) Symantec Volume Snap Shot Driver [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symsnap.sys -> [2007/10/05 13:20:42 | 000,132,320 | ---- | M] (StorageCraft)
(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hcwPP2.sys -> [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.)
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\mcstrm.sys -> [2006/11/24 20:28:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2006/11/21 00:13:57 | 000,010,344 | ---- | M] (Symantec Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/03/03 08:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/03/03 08:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSXHWBS2.sys -> [2005/12/06 04:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_DP.sys -> [2005/12/06 04:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [IAOLTBSearch Class] -> [2008/11/05 15:18:30 | 001,275,176 | ---- | M] (AOL LLC)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.aol.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\tr1u0ijy.default\prefs.js -> 
browser.search.defaultengine -> "Ask.com" ->
browser.search.defaultenginename -> "Ask.com" ->
browser.search.order.1 -> "Ask.com" ->
browser.search.order.2 -> "Ask.com" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.aol.com/" ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 ->
extensions.enabledItems -> [email protected]:1.2 ->
keyword.URL -> "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\tr1u0ijy.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 5.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/06/21 08:07:29 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/04/16 14:58:37 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions -> [2010/08/04 19:00:04 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions -> [2011/07/16 06:32:31 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/08/04 20:27:25 | 000,000,000 | ---D | M]
"AOL Toolbar"   -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} -> [2011/07/16 06:32:44 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\[email protected] -> [2011/03/06 17:00:01 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 askcom.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\askcom.xml -> [2010/11/03 06:13:20 | 000,002,571 | ---- | M] ()
 bing-zugo.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\bing-zugo.xml -> [2011/03/06 16:31:02 | 000,001,919 | ---- | M] ()
 web-search-powered-by-google.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\web-search-powered-by-google.xml -> [2010/11/23 17:18:02 | 000,001,489 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/06/18 17:30:29 | 000,000,000 | ---D | M]
Skype extension   -> C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} -> [2011/06/06 18:17:12 | 000,000,000 | ---D | M]
No name found ->  -> File not found
Java Quick Starter -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF -> [2010/05/18 22:05:40 | 000,000,000 | ---D | M]
< HOSTS File > ([2004/08/09 21:00:00 | 000,000,734 | R--- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [AOL Toolbar Loader] -> [2008/11/05 15:18:30 | 001,275,176 | ---- | M] (AOL LLC)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2006/08/19 15:48:47 | 000,208,896 | ---- | M] (Hewlett-Packard)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> C:\Program Files\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> [2007/10/19 12:20:48 | 000,546,320 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{081230F8-EA50-42A9-983C-D22ABC2EED3B}" [HKLM] -> C:\Program Files\FreeRIP3\toolband.dll [FreeRIP.com Toolbar] -> [2010/05/01 05:25:26 | 000,286,720 | ---- | M] ()
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" [HKLM] -> C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [2003/04/28 10:37:16 | 000,360,448 | ---- | M] ()
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/10/19 12:20:48 | 000,546,320 | ---- | M] (Microsoft Corporation)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [AOL Toolbar] -> [2008/11/05 15:18:30 | 001,275,176 | ---- | M] (AOL LLC)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{081230F8-EA50-42A9-983C-D22ABC2EED3B}" [HKLM] -> C:\Program Files\FreeRIP3\toolband.dll [FreeRIP.com Toolbar] -> [2010/05/01 05:25:26 | 000,286,720 | ---- | M] ()
WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007/10/19 12:20:48 | 000,546,320 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [AOL Toolbar] -> [2008/11/05 15:18:30 | 001,275,176 | ---- | M] (AOL LLC)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 08:20:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft)
"DMAScheduler" -> c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 15:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company)
"Kernel and Hardware Abstraction Layer" -> C:\WINDOWS\KHALMNPR.Exe [KHALMNPR.EXE] -> [2009/06/17 09:55:10 | 000,055,824 | ---- | M] (Logitech, Inc.)
"nmctxth" -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe ["C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"] -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/05/09 08:50:00 | 007,311,360 | ---- | M] (NVIDIA Corporation)
"Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 15:14:00 | 000,237,568 | ---- | M] ()
"tbhSystray" -> C:\Program Files\tbh\base\bin\tbhSystray.exe [C:\Program Files\tbh\base\bin\tbhSystray.exe] -> [2011/07/21 06:16:42 | 000,492,840 | ---- | M] (eBay)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HLBackupScheduler" -> C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe] -> [2010/12/13 05:49:44 | 005,247,624 | ---- | M] ()
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/07/01 07:32:52 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe -> [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe -> [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk -> C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe -> [2006/07/14 22:26:34 | 000,393,216 | ---- | M] ()
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Media Monitor.lnk ->  -> File not found
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/09 19:39:00 | 001,347,728 | ---- | M] (Microsoft)
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/27 18:03:28 | 000,001,293 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5E638779-1818-4754-A595-EF1C63B87A56}:Exec [HKLM] ->  [Button: Express Cleanup] -> File not found
{5E638779-1818-4754-A595-EF1C63B87A56}:Exec [HKLM] ->  [Menu: Express Cleanup] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] ->  [Button: Internet Connection Help] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] ->  [Menu: Internet Connection Help] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
objects_aol.com 
[*] -> Out of zone range - ( 5 ) -> 
turbotax.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 10.0.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{86222D55-B837-4AD1-AFE3-51718751ECBC}\\DhcpNameServer -> 10.0.0.1   (NVIDIA nForce Networking Controller) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/03 15:21:41 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
LBTWlgn -> c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll -> [2009/07/20 12:28:42 | 000,072,208 | ---- | M] (Logitech, Inc.)
TPSvc ->  -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/12/11 00:29:24 | 000,075,352 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2007/01/02 23:46:54 | 000,280,152 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2007/01/02 23:46:54 | 000,200,704 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2007/01/02 23:46:54 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/12/11 00:29:24 | 000,108,120 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2006/12/12 00:45:44 | 000,217,088 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2006/12/12 00:45:44 | 000,865,880 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2007/01/02 23:46:54 | 000,472,664 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/10/22 05:29:58 | 000,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" ->  [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" -> C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe [C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007] -> [2010/07/09 08:31:22 | 006,310,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/08/19 15:45:19 | 000,036,903 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\livecall.exe" ->  [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" ->  [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\AIM6\aim6.exe" ->  [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found
"C:\Program Files\America Online 9.0\waol.exe" ->  [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\America Online 9.0a\waol.exe" ->  [C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\AOL 9.0\waol.exe" ->  [C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\AOL 9.0a\waol.exe" ->  [C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\AOL 9.1\waol.exe" ->  [C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\1164094594\EE\AOLServiceHost.exe" ->  [C:\Program Files\Common Files\AOL\1164094594\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\1164130994\EE\AOLServiceHost.exe" ->  [C:\Program Files\Common Files\AOL\1164130994\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\1164211949\EE\AOLServiceHost.exe" ->  [C:\Program Files\Common Files\AOL\1164211949\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\1164211949\EE\aolsoftware.exe" ->  [C:\Program Files\Common Files\AOL\1164211949\EE\aolsoftware.exe:*:Enabled:AOL Shared Components] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" ->  [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ->  [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" ->  [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" ->  [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" ->  [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" ->  [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" ->  [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ->  [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" ->  [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed] -> File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 17:34:06 | 000,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" -> C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit] -> [2011/06/24 22:56:24 | 000,014,184 | ---- | M] (Apple Inc.)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/04/06 18:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/04/06 18:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/04/06 18:50:16 | 000,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" ->  [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe" -> C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker] -> [2010/09/22 11:25:44 | 001,570,456 | ---- | M] (Bitberry Software)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/12/11 00:29:24 | 000,075,352 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2007/01/02 23:46:54 | 000,280,152 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2007/01/02 23:46:54 | 000,200,704 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2007/01/02 23:46:54 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/12/11 00:29:24 | 000,108,120 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2006/12/12 00:45:44 | 000,217,088 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2006/12/12 00:45:44 | 000,865,880 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2007/01/02 23:46:54 | 000,472,664 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/10/22 05:29:58 | 000,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" ->  [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" ->  [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" -> C:\Program Files\Logitech\Logitech Vid\Vid.exe [C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD] -> [2010/05/11 16:43:48 | 006,061,400 | ---- | M] (Logitech Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" -> C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe [C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007] -> [2010/07/09 08:31:22 | 006,310,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2011/06/21 08:07:15 | 000,924,632 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Rhapsody\rhapsody.exe" -> C:\Program Files\Rhapsody\rhapsody.exe [C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player] -> [2009/10/04 11:35:58 | 010,944,512 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" ->  [C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager] -> File not found
"C:\Program Files\tbh\base\bin\tbhDaemon.exe" -> C:\Program Files\tbh\base\bin\tbhDaemon.exe [C:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon] -> [2011/07/21 06:16:40 | 000,070,952 | ---- | M] ()
"C:\Program Files\tbh\monitor\bin\tbhMonitor.exe" -> C:\Program Files\tbh\monitor\bin\tbhMonitor.exe [C:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor] -> [2009/10/22 14:57:44 | 000,070,952 | ---- | M] ()
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" -> C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe [C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2007/03/08 01:25:56 | 009,950,760 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe [C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/04/05 09:45:04 | 003,679,784 | ---- | M] (Intuit, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/08/19 15:45:19 | 000,036,903 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" ->  [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player ] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" ->  [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" ->  [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/07/16 15:17:38 | 004,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/07/16 15:17:40 | 000,091,376 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/08/19 15:40:56 | 000,000,100 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] ()
Unable to obtain root file information for disk D:\
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0bbd404b-9ed6-11dd-8b82-0018f388ed50}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bbd404b-9ed6-11dd-8b82-0018f388ed50}\Shell\AutoRun\command
\{0bbd404b-9ed6-11dd-8b82-0018f388ed50}\Shell\AutoRun\command\\"" ->  ["J:\Install FreeAgent Tools.exe" /run] -> File not found
\{27c0aa36-b04d-11df-859e-0018f388ed50}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell
\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun
\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun\command
\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun\command\\"" ->  [J:\setup.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 iTunes -> C:\Documents and Settings\All Users\Start Menu\Programs\iTunes -> [2011/07/20 23:03:41 | 000,000,000 | ---D | C]
 iPod -> C:\Program Files\iPod -> [2011/07/20 23:02:41 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2011/07/20 23:02:37 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files\Bonjour -> [2011/07/20 22:59:12 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2011/07/19 12:41:23 | 000,000,000 | ---D | C]
 Rhapsody -> C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody -> [2011/07/16 16:23:22 | 000,000,000 | ---D | C]
 dns-sd.exe -> C:\WINDOWS\System32\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.)
 dnssd.dll -> C:\WINDOWS\System32\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.)
 Skype -> C:\Documents and Settings\All Users\Start Menu\Programs\Skype -> [2011/07/05 17:00:06 | 000,000,000 | ---D | C]
 sbaphd.sys -> C:\WINDOWS\System32\drivers\sbaphd.sys -> [2011/06/29 07:18:18 | 000,021,592 | ---- | C] (Sunbelt Software)
 sbapifs.sys -> C:\WINDOWS\System32\drivers\sbapifs.sys -> [2011/06/28 09:47:04 | 000,074,968 | ---- | C] (Sunbelt Software)
 RandFont.dll -> C:\WINDOWS\Fonts\RandFont.dll -> [2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.)
 6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 Check Updates for Windows Live Toolbar.job -> C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job -> [2011/07/21 22:03:00 | 000,000,256 | ---- | M] ()
 My Money.mny -> C:\Documents and Settings\HP_Administrator\My Documents\My Money.mny -> [2011/07/21 21:49:18 | 025,477,120 | ---- | M] ()
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2011/07/21 10:59:32 | 000,002,265 | ---- | M] ()
 Final Media Player Update Checker.job -> C:\WINDOWS\tasks\Final Media Player Update Checker.job -> [2011/07/21 10:35:00 | 000,000,408 | ---- | M] ()
 mcs.rma -> C:\WINDOWS\System32\mcs.rma -> [2011/07/21 08:15:08 | 000,870,128 | ---- | M] ()
 0FAFA1 -> C:\WINDOWS\System32\0FAFA1 -> [2011/07/21 08:15:08 | 000,000,004 | ---- | M] ()
 hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2011/07/21 06:22:22 | 000,000,188 | ---- | M] ()
 nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2011/07/21 06:20:28 | 000,043,531 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/07/21 06:19:16 | 000,001,158 | ---- | M] ()
 rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2011/07/21 06:18:51 | 000,000,064 | ---- | M] ()
 rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2011/07/21 06:18:51 | 000,000,044 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/07/21 06:16:20 | 000,002,048 | --S- | M] ()
 lvuvc.hs -> C:\WINDOWS\System32\drivers\lvuvc.hs -> [2011/07/21 06:16:11 | 000,000,000 | ---- | M] ()
 logiflt.iad -> C:\WINDOWS\System32\drivers\logiflt.iad -> [2011/07/21 06:16:08 | 000,000,000 | ---- | M] ()
 Safari.lnk -> C:\Documents and Settings\All Users\Desktop\Safari.lnk -> [2011/07/20 23:07:36 | 000,001,854 | ---- | M] ()
 Apple Safari.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/07/20 23:07:36 | 000,001,854 | ---- | M] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2011/07/20 23:03:41 | 000,001,553 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2011/07/20 22:38:01 | 000,000,284 | ---- | M] ()
 Rhapsody.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk -> [2011/07/16 16:23:26 | 000,000,659 | ---- | M] ()
 Rhapsody.lnk -> C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk -> [2011/07/16 16:23:26 | 000,000,641 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/07/14 17:56:46 | 000,000,813 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/07/13 06:55:48 | 000,313,968 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/07/13 06:32:03 | 000,001,374 | ---- | M] ()
 JointVentureBookSummer2011.pdf -> C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf -> [2011/07/12 16:49:37 | 005,240,044 | ---- | M] ()
 dns-sd.exe -> C:\WINDOWS\System32\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.)
 dnssd.dll -> C:\WINDOWS\System32\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.)
 TopToRockBottom_scene2.mp4 -> C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4 -> [2011/07/07 17:02:09 | 406,808,928 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
 hijackthis 7.5.11 -> C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11 -> [2011/07/05 22:26:38 | 000,014,040 | ---- | M] ()
 kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2011/07/05 06:00:45 | 000,000,560 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/06/29 07:19:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
 NoExcusesUnabridged_mp332_alanrog.aa -> C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa -> [2011/06/28 15:57:06 | 098,773,280 | ---- | M] ()
 NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa -> C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa -> [2011/06/28 15:36:24 | 098,773,280 | ---- | M] ()
 SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software)
 sbapifs.sys -> C:\WINDOWS\System32\drivers\sbapifs.sys -> [2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software)
 sbaphd.sys -> C:\WINDOWS\System32\drivers\sbaphd.sys -> [2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software)
 avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH)
 avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH)
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/06/22 15:09:25 | 000,483,342 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/06/22 15:09:25 | 000,080,620 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/06/22 10:42:16 | 000,000,664 | ---- | M] ()
 6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> 
 116 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
 116 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
 
[Files - No Company Name]
 Ad-Aware Update (Daily 4).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job -> [2011/07/21 19:30:32 | 000,000,486 | ---- | C] ()
 Ad-Aware Update (Daily 3).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job -> [2011/07/21 19:30:31 | 000,000,486 | ---- | C] ()
 Ad-Aware Update (Daily 2).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job -> [2011/07/21 19:30:31 | 000,000,486 | ---- | C] ()
 Ad-Aware Update (Daily 1).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job -> [2011/07/21 19:30:31 | 000,000,486 | ---- | C] ()
 Safari.lnk -> C:\Documents and Settings\All Users\Desktop\Safari.lnk -> [2011/07/20 23:07:36 | 000,001,854 | ---- | C] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2011/07/20 23:03:41 | 000,001,553 | ---- | C] ()
 Rhapsody.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk -> [2011/07/16 16:23:26 | 000,000,659 | ---- | C] ()
 Rhapsody.lnk -> C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk -> [2011/07/16 16:23:26 | 000,000,641 | ---- | C] ()
 JointVentureBookSummer2011.pdf -> C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf -> [2011/07/12 16:49:28 | 005,240,044 | ---- | C] ()
 TopToRockBottom_scene2.mp4 -> C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4 -> [2011/07/07 16:56:41 | 406,808,928 | ---- | C] ()
 hijackthis 7.5.11 -> C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11 -> [2011/07/05 22:26:38 | 000,014,040 | ---- | C] ()
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2011/07/05 17:00:06 | 000,002,265 | ---- | C] ()
 kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2011/07/05 05:58:30 | 000,000,560 | ---- | C] ()
 NoExcusesUnabridged_mp332_alanrog.aa -> C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa -> [2011/06/28 15:54:46 | 098,773,280 | ---- | C] ()
 NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa -> C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa -> [2011/06/28 15:33:56 | 098,773,280 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/06/22 10:26:14 | 000,000,664 | ---- | C] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2011/06/19 07:47:27 | 000,000,127 | ---- | C] ()
 SpoonUninstall.exe -> C:\WINDOWS\System32\SpoonUninstall.exe -> [2011/05/09 15:39:13 | 006,904,040 | ---- | C] ()
 SpoonUninstall-dBpoweramp Music Converter.dat -> C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat -> [2011/05/09 15:39:13 | 000,017,851 | ---- | C] ()
 rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2011/04/20 06:38:11 | 000,000,064 | ---- | C] ()
 rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2011/04/20 06:38:11 | 000,000,044 | ---- | C] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2011/02/21 19:26:35 | 000,057,344 | ---- | C] ()
 FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2011/02/15 03:12:03 | 000,182,040 | ---- | C] ()
 lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2010/08/10 22:24:15 | 000,015,880 | ---- | C] ()
 LogiDPPApp.exe -> C:\WINDOWS\System32\LogiDPPApp.exe -> [2010/07/07 14:44:56 | 000,102,744 | ---- | C] ()
 LogiDPP.dll -> C:\WINDOWS\System32\LogiDPP.dll -> [2010/07/07 14:44:30 | 010,829,656 | ---- | C] ()
 DevManagerCore.dll -> C:\WINDOWS\System32\DevManagerCore.dll -> [2010/07/07 14:44:20 | 000,290,648 | ---- | C] ()
 ss.ini -> C:\Documents and Settings\All Users\Application Data\ss.ini -> [2010/05/14 15:18:15 | 000,001,264 | ---- | C] ()
 {081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini -> C:\Documents and Settings\HP_Administrator\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini -> [2010/05/14 15:17:56 | 000,000,034 | ---- | C] ()
 {081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini -> C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini -> [2010/05/14 15:17:54 | 000,000,033 | ---- | C] ()
 iKeyLFT2.dll -> C:\WINDOWS\System32\drivers\iKeyLFT2.dll -> [2010/05/07 18:46:36 | 000,014,168 | ---- | C] ()
 LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2010/05/07 18:43:30 | 000,025,824 | ---- | C] ()
 ANICONFIG_{733C4DEA-D1A4-455F-A96C-CDF0907D00C9}.ini -> C:\Documents and Settings\HP_Administrator\Application Data\ANICONFIG_{733C4DEA-D1A4-455F-A96C-CDF0907D00C9}.ini -> [2010/05/02 15:14:47 | 000,000,258 | ---- | C] ()
 RaCoInst.dat -> C:\WINDOWS\System32\RaCoInst.dat -> [2010/05/02 15:12:39 | 000,015,312 | R--- | C] ()
 mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2010/04/16 06:28:41 | 000,070,000 | -H-- | C] ()
 hpqins15.dat -> C:\WINDOWS\hpqins15.dat -> [2010/03/31 08:57:58 | 000,023,088 | ---- | C] ()
 ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2010/02/09 15:38:30 | 000,000,056 | -H-- | C] ()
 lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2010/02/09 15:01:57 | 000,090,071 | ---- | C] ()
 hpwins16.dat -> C:\WINDOWS\hpwins16.dat -> [2010/02/09 13:33:28 | 000,144,620 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2007/12/25 11:12:49 | 000,003,352 | ---- | C] ()
 patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2007/11/17 08:15:37 | 000,215,144 | R--- | C] ()
 pw32a.dll -> C:\WINDOWS\pw32a.dll -> [2007/11/17 08:14:24 | 000,215,144 | R--- | C] ()
 LUUnInstall.LiveUpdate -> C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate -> [2007/11/17 07:46:38 | 000,746,998 | ---- | C] ()
 hpwscr16.dat -> C:\WINDOWS\hpwscr16.dat -> [2007/10/24 20:02:45 | 000,011,248 | ---- | C] ()
 hpwmdl16.dat -> C:\WINDOWS\hpwmdl16.dat -> [2007/10/24 20:00:40 | 000,001,162 | ---- | C] ()
 presets.ini -> C:\WINDOWS\System32\presets.ini -> [2007/07/11 10:08:43 | 000,000,023 | ---- | C] ()
 QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/03/11 09:44:00 | 000,001,337 | ---- | C] ()
 uccspecb.sys -> C:\WINDOWS\uccspecb.sys -> [2007/01/31 09:33:52 | 000,000,004 | -H-- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/12/28 16:45:29 | 000,000,376 | ---- | C] ()
 OpPrintServer.INI -> C:\WINDOWS\OpPrintServer.INI -> [2006/11/22 08:40:56 | 000,000,000 | ---- | C] ()
 CNMVS56.DLL -> C:\WINDOWS\System32\CNMVS56.DLL -> [2006/11/22 08:34:41 | 000,006,656 | ---- | C] ()
 aolback.exe.lnk -> C:\WINDOWS\aolback.exe.lnk -> [2006/11/21 10:45:38 | 000,000,726 | ---- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/21 10:38:14 | 000,000,014 | ---- | C] ()
 wklnhst.dat -> C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat -> [2006/11/21 08:20:44 | 000,002,446 | ---- | C] ()
 mozver.dat -> C:\WINDOWS\mozver.dat -> [2006/11/21 07:42:24 | 000,005,291 | ---- | C] ()
 gbsaver.ini -> C:\WINDOWS\gbsaver.ini -> [2006/11/21 07:40:55 | 000,000,083 | ---- | C] ()
 Acroread.ini -> C:\WINDOWS\Acroread.ini -> [2006/11/21 07:16:24 | 000,000,037 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2006/11/21 00:36:05 | 000,000,335 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/11/20 22:50:45 | 000,038,912 | ---- | C] ()
 YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/11/20 21:27:02 | 000,065,536 | ---- | C] ()
 jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2006/11/20 21:23:30 | 000,006,550 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat -> [2006/11/20 21:09:58 | 000,000,139 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/08/19 16:08:53 | 000,000,061 | ---- | C] ()
 USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2006/08/19 15:49:34 | 000,028,848 | ---- | C] ()
 HPCPCUninstaller-6.3.2.116-9972322.exe -> C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe -> [2006/08/19 15:45:16 | 000,118,842 | R--- | C] ()
 CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2006/08/19 15:44:32 | 000,014,317 | ---- | C] ()
 hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2006/08/19 15:44:26 | 000,045,056 | ---- | C] ()
 QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2006/08/19 15:41:13 | 000,000,031 | ---- | C] ()
 WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/08/19 15:29:45 | 000,000,570 | ---- | C] ()
 NSSetDefaultBrowser.EXE -> C:\WINDOWS\NSSetDefaultBrowser.EXE -> [2006/08/19 15:29:06 | 000,045,929 | ---- | C] ()
 NSSetDefaultBrowser.ini -> C:\WINDOWS\NSSetDefaultBrowser.ini -> [2006/08/19 15:29:06 | 000,000,698 | ---- | C] ()
 hpqins69.dat -> C:\WINDOWS\hpqins69.dat -> [2006/08/19 15:24:22 | 000,095,822 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/08/19 15:23:25 | 000,001,793 | ---- | C] ()
 hcwXDS.dll -> C:\WINDOWS\System32\hcwXDS.dll -> [2006/08/19 15:21:15 | 000,066,048 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/08/19 15:20:00 | 001,662,976 | ---- | C] ()
 nwiz.exe -> C:\WINDOWS\System32\nwiz.exe -> [2006/08/19 15:20:00 | 001,519,616 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/08/19 15:20:00 | 001,466,368 | ---- | C] ()
 nvdspsch.exe -> C:\WINDOWS\System32\nvdspsch.exe -> [2006/08/19 15:20:00 | 001,339,392 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/08/19 15:20:00 | 001,019,904 | ---- | C] ()
 nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/08/19 15:20:00 | 000,573,440 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/08/19 15:20:00 | 000,466,944 | ---- | C] ()
 nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/08/19 15:20:00 | 000,286,720 | ---- | C] ()
 nvappbar.exe -> C:\WINDOWS\System32\nvappbar.exe -> [2006/08/19 15:19:59 | 000,442,368 | ---- | C] ()
 keystone.exe -> C:\WINDOWS\System32\keystone.exe -> [2006/08/19 15:19:59 | 000,425,984 | ---- | C] ()
 nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2006/08/19 15:19:59 | 000,106,496 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/08/19 15:18:35 | 000,000,791 | ---- | C] ()
 pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2006/08/19 14:57:40 | 000,323,584 | ---- | C] ()
 pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2006/08/19 14:57:40 | 000,094,208 | ---- | C] ()
 bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2006/08/19 14:57:21 | 000,016,896 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2006/06/16 04:58:18 | 000,000,000 | ---- | C] ()
 Google Pack Screensaver Uninstaller.exe -> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe -> [2005/12/15 19:44:17 | 000,159,743 | ---- | C] ()
 Cleanup.exe -> C:\WINDOWS\System32\Cleanup.exe -> [2005/12/15 19:33:25 | 000,081,920 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2005/08/30 14:17:40 | 000,002,048 | --S- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2005/08/30 14:07:46 | 000,483,342 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2005/08/30 14:07:46 | 000,080,620 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2005/08/30 14:05:30 | 000,313,968 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/08/30 14:01:42 | 000,004,161 | ---- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2005/08/30 13:58:02 | 000,021,640 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 14:01:54 | 000,235,008 | ---- | C] ()
 armcex.dll -> C:\WINDOWS\armcex.dll -> [2005/08/02 16:19:16 | 000,050,176 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/09 21:00:00 | 000,004,569 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/09 14:00:00 | 000,673,088 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/09 14:00:00 | 000,272,128 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/09 14:00:00 | 000,218,003 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/09 14:00:00 | 000,046,258 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/09 14:00:00 | 000,028,626 | ---- | C] ()
 dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/09 14:00:00 | 000,001,804 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/09 14:00:00 | 000,000,741 | ---- | C] ()
 oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/07/26 00:51:38 | 000,000,560 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 16:05:08 | 000,002,695 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2001/08/23 01:12:28 | 013,107,200 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2001/08/23 01:11:02 | 000,004,490 | ---- | C] ()
< End of report >
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code:
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\tr1u0ijy.default\prefs.js
YN -> browser.search.defaultengine -> "Ask.com"
YN -> browser.search.defaultenginename -> "Ask.com"
YN -> browser.search.order.1 -> "Ask.com"
YN -> browser.search.order.2 -> "Ask.com"
YN -> keyword.URL -> "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="
< FireFox SearchPlugins [User Folders] > -> 
YN ->  askcom.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\askcom.xml
YN ->  bing-zugo.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\bing-zugo.xml
< FireFox Extensions [Program Folders] > -> 
YN -> No name found -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> TPSvc -> 
[Files/Folders - Modified Within 30 Days]
NY ->  kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg
NY ->  6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp
NY ->  116 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp
[Files - No Company Name]
NY ->  d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Thanks Eddie
Below is the log:
[Registry - Safe List]
File C:\Documents and Settings\HP_Administrator\Application not found.
File C:\Documents and Settings\HP_Administrator\Application not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
[Reg Error: Key error.]
Registry key \ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}\ not found.
[Reg Error: Key error.]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\InternetWebBrowser not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\InternetWebBrowser not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\InternetWebBrowser not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\InternetWebBrowser not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\Microsoft XML Parser for Java\ not found.
[Reg Error: Key error.]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\\TPSvc not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bbd404b-9ed6-11dd-8b82-0018f388ed50}\Shell\AutoRun\command\\ deleted successfully.
[Files/Folders - Created Within 30 Days]
File not found!
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\System32\drivers\kgpcpy.cfg moved successfully.
File not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO265.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO277.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO5AA.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO68A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO73B.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO77F.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO7DB.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO7DF.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO89A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO8EB.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DIO9D.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR11.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR12.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR13.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR14.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR15.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR16.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR17.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR18.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR19.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1B.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1D.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR1F.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR20.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR21.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR22.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR23.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR24.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR25.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR26.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR27.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR28.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR29.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2B.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2D.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR2F.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR30.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR31.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR32.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR33.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR34.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR35.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR36.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR37.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR38.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3B.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3D.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR3F.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR40.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR41.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR42.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR43.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR53.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MAR54.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS23.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS27.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS33.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS34.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS35.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS36.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS3A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS3C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS41.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS42.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS46.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS47.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS48.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS49.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS4A.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS4B.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS4C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS4D.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS4E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS50.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS51.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS52.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS53.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS58.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS59.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\STS67.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\sveid.tmp folder deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1442.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF19B0.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1DD1.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF28C8.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF2FF2.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3330.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3A30.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3CC0.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3D51.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3F03.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF4164.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF4709.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF48A4.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF490F.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF5AC2.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF5B54.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF5D1.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF5D7E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6066.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6096.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6290.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF669E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF717B.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF78FD.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF8424.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF86B7.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF8E36.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF900.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFA015.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFA242.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFACFF.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB125.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB1A5.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB254.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB278.tmp deleted successfully.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB2D3.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB424.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB70F.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB77C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB86C.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFBAA4.tmp deleted successfully.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFD662.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFDBA3.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFDEF3.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFE298.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFE6B8.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFE6C6.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFE929.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFEE1D.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFEE56.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFEF0E.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFF3E8.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFFCDA.tmp deleted successfully.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB2D3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFD662.tmp scheduled to be deleted on reboot.
[Files - No Company Name]
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
File Quote--- not found!
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07262011_224101

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB2D3.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFD662.tmp moved successfully.

Registry entries deleted on Reboot...
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
That looks like its removed them, so to check, can you delete the copy of OTL you have, download a fresh one from here and run the scan. Only one log will be produced this time ;)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Thanks so much. Below is the log:
OTL logfile created on: 7/27/2011 11:04:44 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 65.69% Memory free
3.78 Gb Paging File | 3.02 Gb Available in Paging File | 79.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 208.66 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.63 Gb Free Space | 7.09% Space Free | Partition Type: FAT32

Computer Name: UR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 23:04:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL(1).exe
PRC - [2011/07/27 06:34:46 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/07/27 06:34:44 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/07/01 07:32:52 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/10 17:49:34 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files\Comcast Rhapsody\rhaphlpr.exe
PRC - [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/12/13 05:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/03/24 19:20:12 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/08 14:56:56 | 000,161,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Updater\GoogleUpdater.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 15:03:50 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/09/26 21:51:16 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006/09/26 21:51:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/06 18:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/04/06 18:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/04/06 18:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 23:04:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL(1).exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 06:11:36 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 06:11:36 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 06:11:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 06:51:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/23 15:03:50 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 06:59:51 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/07 14:55:58 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/07 14:55:34 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/07/07 14:53:48 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/06 10:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/09 15:24:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/09 15:22:53 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/04/15 14:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/02/27 15:12:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/13 16:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/02 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/10/05 13:20:42 | 000,132,320 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/11/24 20:28:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/11/21 00:13:57 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/03 08:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 08:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 04:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 04:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 08:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 14:58:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/31 08:58:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{03ED094E-6546-4294-96BD-7714E87DA888}: C:\Documents and Settings\HP_Administrator\Application Data\My.Freeze.com NetAssistant\ [2010/09/28 10:35:01 | 000,000,000 | ---D | M]

[2010/08/04 19:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/07/16 06:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions
[2010/08/04 20:27:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/16 06:32:44 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/03/06 17:00:01 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\extensions\[email protected]
[2010/11/03 06:13:20 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\askcom.xml
[2011/03/06 16:31:02 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\bing-zugo.xml
[2010/11/23 17:18:02 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\searchplugins\web-search-powered-by-google.xml
[2011/06/18 17:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/06 18:17:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2010/05/18 22:05:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 08:07:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 15:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell - "" = AutoRun
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27c0aa36-b04d-11df-859e-0018f388ed50}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 22:41:01 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/07/20 23:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/20 23:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/20 23:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/20 22:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/19 12:41:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/16 16:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody
[2011/07/05 17:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/29 07:18:18 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/28 09:47:04 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 23:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/27 23:00:13 | 025,759,744 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Money.mny
[2011/07/27 22:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 21:46:26 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/07/27 21:46:11 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/27 21:46:11 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/27 21:46:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/07/27 21:46:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/07/27 21:46:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/07/27 12:01:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/27 10:35:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011/07/27 09:03:19 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/07/27 09:03:19 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\0FAFA1
[2011/07/27 06:39:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/27 06:38:21 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/27 06:36:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 06:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 06:34:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/27 06:34:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/07/26 22:44:50 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis (2).lnk
[2011/07/20 23:07:36 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/07/20 23:07:36 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/20 23:03:41 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 16:23:26 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/07/16 16:23:26 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/07/14 17:56:46 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/13 06:55:48 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 06:32:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 16:49:37 | 005,240,044 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf
[2011/07/07 17:02:09 | 406,808,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 22:26:38 | 000,014,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11
[2011/06/28 15:57:06 | 098,773,280 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa
[2011/06/28 15:36:24 | 098,773,280 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa
[2011/06/28 09:46:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/28 09:46:18 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/28 09:46:18 | 000,021,592 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/28 06:11:37 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 06:11:37 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[6 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 00:48:40 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/07/27 00:48:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/07/27 00:48:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/07/27 00:48:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/07/20 23:07:36 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/07/20 23:03:41 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 16:23:26 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/07/16 16:23:26 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/07/12 16:49:28 | 005,240,044 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JointVentureBookSummer2011.pdf
[2011/07/07 16:56:41 | 406,808,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TopToRockBottom_scene2.mp4
[2011/07/05 22:26:38 | 000,014,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\hijackthis 7.5.11
[2011/07/05 17:00:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/28 15:54:46 | 098,773,280 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesUnabridged_mp332_alanrog.aa
[2011/06/28 15:33:56 | 098,773,280 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NoExcusesThePowerofSelf-DisciplineforSuccessinYourLife_MP332_alanrog.aa
[2011/06/19 07:47:27 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/09 15:39:13 | 006,904,040 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/05/09 15:39:13 | 000,017,851 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/04/20 06:38:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 06:38:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/21 19:26:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/15 03:12:03 | 000,182,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/10 22:24:15 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 14:44:56 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/07 14:44:30 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/07 14:44:20 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 15:18:15 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 15:17:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/05/14 15:17:54 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/05/02 15:14:47 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ANICONFIG_{733C4DEA-D1A4-455F-A96C-CDF0907D00C9}.ini
[2010/05/02 15:12:39 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/04/16 06:28:41 | 000,070,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/31 08:57:58 | 000,023,088 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/09 15:38:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/09 15:01:57 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/09 13:33:28 | 000,144,620 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2007/12/25 11:12:49 | 000,003,352 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/17 08:15:37 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/17 08:14:24 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/11/17 07:46:38 | 000,746,998 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/10/24 20:02:45 | 000,011,248 | ---- | C] () -- C:\WINDOWS\hpwscr16.dat
[2007/10/24 20:00:40 | 000,001,162 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2007/07/11 10:08:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\presets.ini
[2007/03/11 09:44:00 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/31 09:33:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/12/28 16:45:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/22 08:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/22 08:34:41 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2006/11/21 10:45:38 | 000,000,726 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/11/21 10:38:14 | 000,000,014 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/21 08:20:44 | 000,002,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/11/21 07:42:24 | 000,005,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/21 07:40:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/11/21 07:16:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2006/11/21 00:36:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/20 22:50:45 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 21:27:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/20 21:23:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/20 21:09:58 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 16:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 15:49:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/19 15:45:16 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/19 15:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 15:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 15:41:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 15:29:45 | 000,000,570 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/19 15:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 15:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 15:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 15:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 15:21:15 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/19 15:20:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/19 15:20:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/19 15:20:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/19 15:20:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/19 15:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/19 15:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 15:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/19 15:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 15:19:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/19 15:19:59 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/19 15:19:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/19 15:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 14:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 14:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 14:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 04:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/15 19:44:17 | 000,159,743 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/15 19:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe
[2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 14:07:46 | 000,483,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 14:07:46 | 000,080,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 14:05:30 | 000,313,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 14:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 13:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 01:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 01:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/15 17:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2007/11/26 10:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
[2006/08/19 15:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/05/31 19:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/05/14 15:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/08/04 19:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/07/05 06:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/19 12:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/20 21:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2006/08/19 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/02 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/10 19:48:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/02/09 19:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/27 21:46:26 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/07/27 21:46:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/07/27 21:46:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/07/27 21:46:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/07/27 23:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/07/27 10:35:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job

========== Purity Check ==========



< End of report >
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,263
Okay, lets see if anything is showing up here as well :)


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
 

alanrog

Thread Starter
Joined
Jun 21, 2011
Messages
9
Thanks so much. Here is the log:
ComboFix 11-07-28.07 - HP_Administrator 07/28/2011 21:07:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.892 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\User123.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
c:\documents and settings\HP_Administrator\My Documents\~of1B7.tmp
c:\documents and settings\HP_Administrator\My Documents\~of21C.tmp
c:\documents and settings\HP_Administrator\My Documents\~of252.tmp
c:\documents and settings\HP_Administrator\My Documents\~of58E.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL1954.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL2013.tmp
c:\documents and settings\HP_Administrator\WINDOWS
C:\install.exe
c:\windows\Google Pack Screensaver Uninstaller.exe
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-27 05:41 . 2011-07-27 05:41 -------- d-----w- C:\_OTS
2011-07-21 06:02 . 2011-07-21 06:02 -------- d-----w- c:\program files\iPod
2011-07-21 06:02 . 2011-07-21 06:03 -------- d-----w- c:\program files\iTunes
2011-07-21 05:59 . 2011-07-21 05:59 -------- d-----w- c:\program files\Bonjour
2011-07-19 19:41 . 2011-07-19 19:41 -------- d-----w- C:\_OTL
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2010-08-04 21:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-08-04 21:35 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 14:19 . 2011-05-14 05:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 16:46 . 2010-08-11 04:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-28 13:11 . 2010-02-09 22:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 13:11 . 2010-02-09 22:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-22 00:42 . 2011-06-22 00:42 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 14:02 . 2004-08-09 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 15:06 . 2010-06-18 19:30 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06 . 2010-06-18 19:30 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-09 22:38 . 2011-05-09 22:39 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-05-02 15:31 . 2004-08-09 21:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-21 15:07 . 2011-04-16 21:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{081230F8-EA50-42A9-983C-D22ABC2EED3B}"= "c:\program files\FreeRIP3\toolband.dll" [2010-05-01 286720]
.
[HKEY_CLASSES_ROOT\clsid\{081230f8-ea50-42a9-983c-d22abc2eed3b}]
[HKEY_CLASSES_ROOT\TypeLib\{0097E905-1DFB-4A9C-9871-A4F95FD58945}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{081230F8-EA50-42A9-983C-D22ABC2EED3B}"= "c:\program files\FreeRIP3\toolband.dll" [2010-05-01 286720]
.
[HKEY_CLASSES_ROOT\clsid\{081230f8-ea50-42a9-983c-d22abc2eed3b}]
[HKEY_CLASSES_ROOT\TypeLib\{0097E905-1DFB-4A9C-9871-A4F95FD58945}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-13 5247624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-07-28 492840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-20 813584]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/10/2010 9:45 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/10/2010 9:45 PM 101720]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2/9/2010 3:26 PM 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/9/2010 3:26 PM 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2/9/2010 3:26 PM 428200]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/20/2010 6:54 PM 10384]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/25/2010 4:22 PM 91456]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
R4 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [5/12/2010 9:00 PM 712704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-07-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2011-07-28 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-09-28 18:25]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tr1u0ijy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-Google Pack Screensaver - c:\windows\Google Pack Screensaver Uninstaller.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 21:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2011-07-28 21:14:30
ComboFix-quarantined-files.txt 2011-07-29 04:14
.
Pre-Run: 224,731,516,928 bytes free
Post-Run: 225,279,225,856 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7B9F7A525D5EA9A08E4FBE895033F7D5
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top