[A] Trojan.gen.2 & trojan.zeroaccess!

Inactive
By LABJ
Mar 29, 2012
Topic Status:
Not open for further replies.
  1. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    combofix log

    ComboFix 12-03-29.02 - Administrator 03/29/2012 23:51:19.1.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.778 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest.JAII\WINDOWS
    c:\documents and settings\Guest\WINDOWS
    c:\program files\Internet Explorer\SET10F.tmp
    c:\program files\Internet Explorer\SET114.tmp
    c:\program files\Internet Explorer\SET1B1.tmp
    c:\program files\Internet Explorer\SET1B2.tmp
    c:\program files\Internet Explorer\SET1B4.tmp
    c:\program files\Internet Explorer\SET1BC.tmp
    c:\program files\Internet Explorer\SET1BD.tmp
    c:\program files\Internet Explorer\SET1BF.tmp
    c:\program files\Internet Explorer\SET1DD.tmp
    c:\program files\Internet Explorer\SET1E2.tmp
    c:\program files\Internet Explorer\SET1E3.tmp
    c:\program files\Internet Explorer\SET1E4.tmp
    c:\program files\Internet Explorer\SET1E5.tmp
    c:\program files\Internet Explorer\SET26C.tmp
    c:\program files\Internet Explorer\SET26D.tmp
    c:\program files\Internet Explorer\SET26F.tmp
    c:\program files\Internet Explorer\SET30B.tmp
    c:\program files\Internet Explorer\SET310.tmp
    c:\program files\Internet Explorer\SETAB.tmp
    c:\program files\Internet Explorer\SETB0.tmp
    c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
    c:\windows\kb913800.exe
    c:\windows\SET6A1.tmp
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\ndassvc.dll
    c:\windows\system32\pdfcreatormessages.dll
    c:\windows\system32\ps2.bat
    c:\windows\system32\raspti.dll
    D:\Autorun.inf
    .
    Infected copy of c:\windows\system32\drivers\mqac.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-30 02:13 . 2012-03-30 02:13 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-30 01:23 . 2012-03-30 01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-30 01:23 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-29 23:10 . 2012-03-29 23:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
    2012-03-29 23:10 . 2012-03-29 23:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
    2012-03-29 04:26 . 2012-03-29 04:26 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2012-03-29 02:03 . 2012-03-29 02:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2012-03-29 02:03 . 2012-03-29 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-03-28 22:20 . 2012-03-28 22:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-03-28 22:20 . 2012-03-28 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-28 22:13 . 2012-03-28 22:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2012-03-28 22:12 . 2012-03-28 22:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2012-03-28 22:05 . 2012-03-28 22:05 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-03-28 03:22 . 2012-03-28 03:22 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-03-27 01:20 . 2012-03-27 01:20 -------- d-----w- c:\documents and settings\All Users\CrypKey
    2012-03-27 00:37 . 2012-03-27 00:37 -------- d-----w- C:\Log
    2012-03-27 00:37 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
    2012-03-27 00:37 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
    2012-03-27 00:37 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
    2012-03-27 00:37 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
    2012-03-27 00:37 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
    2012-03-27 00:37 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
    2012-03-27 00:37 . 2006-04-17 15:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
    2012-03-27 00:37 . 2004-10-17 01:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll
    2012-03-27 00:37 . 2012-03-27 02:46 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
    2012-03-26 14:31 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
    2012-03-23 00:36 . 2012-03-23 00:44 -------- d-----w- c:\documents and settings\Guest.JAII\Application Data\HPAppData
    2012-03-13 23:52 . 2012-03-13 23:52 -------- d-----w- c:\documents and settings\Guest.JAII\Local Settings\Application Data\Temp
    2012-03-13 23:52 . 2012-03-13 23:52 -------- d-----w- c:\documents and settings\Guest.JAII\Local Settings\Application Data\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-30 02:14 . 2004-08-10 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-27 00:02 . 2012-02-27 00:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-27 00:02 . 2011-05-10 01:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 09:22 . 2004-08-10 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-15 06:30 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-10 12:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]
    "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 180269]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/7/2012 6:31 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/7/2012 6:31 PM 744568]
    S0 ujpcjh;ujpcjh;c:\windows\system32\drivers\ggav.sys --> c:\windows\system32\drivers\ggav.sys [?]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/19/2012 8:53 PM 820856]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/7/2012 6:31 PM 136312]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/29/2012 9:23 PM 652360]
    S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2/7/2012 6:31 PM 130008]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 10:43 PM 106104]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSXpx86.sys [3/27/2012 10:24 PM 356280]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/29/2012 9:23 PM 20464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    acedrv05
    lxrsge10s
    vproeventmonitor
    enodpl
    se45bus
    acrsch2svc
    pensup
    tphdexlgsvc
    rasirda
    anydvd
    nimdbgk
    WINFLASH
    citrixwmiservice
    rt2500usb
    cnxtdiag
    avfilter
    portio
    SQTECH905C
    Usb20Scan
    bthmodem
    SE2Emdfl
    elaunidr
    CTSYN
    s217nd5
    Ncrc710
    PPPoEWin
    qkbfiltr
    zppinger
    mfcom
    wlankeeper
    CA561
    RSAFAL
    Blfp
    WUSB54GCSVC
    https-nassry
    riomsc
    sentinel
    w810mgmt
    rrrspy
    de_serv
    rslinxng
    sbservice
    pdlndtdl
    DfwWebAgent
    ifxtcs
    IBM_LLC2
    pdlndqll
    arrayssl_vpn_service3,0,1,9
    spbbcsvc
    procmon10
    AppnApi
    SWUMX51
    irsir
    toscosrv
    mfesmfk
    rpcnet
    mfebopk
    sqlagent$pinnaclesys
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    wscsvc
    xmlprov
    MHN
    BITS
    wuauserv
    ShellHWDetection
    helpsvc
    WmdmPmSN
    napagent
    hkmsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    Trusted Zone: trymedia.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-PCDrProfiler - (no file)
    HKLM-Run-hpqSRMon - (no file)
    HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
    SafeBoot-24836039.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-30 00:00
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1461445284-2792725786-2666702911-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,4d,27,63,c7,94,51,46,ac,68,9e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,4d,27,63,c7,94,51,46,ac,68,9e,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(472)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2012-03-30 00:01:47
    ComboFix-quarantined-files.txt 2012-03-30 04:01
    .
    Pre-Run: 163,065,720,832 bytes free
    Post-Run: 164,189,040,640 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - D9E97C3394B6BC831683831DD27C4CBA
  2. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  3. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    So Far....

    So far.. Good! I'm still running on Safe mode network.. but can't complain running smooth:grinthumb... Now I'm going to run the next
  4. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Restart in normal mode and run OTL from there.
  5. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    OTL.txt and Extras.txt

    OTL.TXT
    OTL logfile created on: 3/30/2012 12:20:41 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 560.09 Mb Available Physical Memory | 58.44% Memory free
    2.26 Gb Paging File | 2.13 Gb Available in Paging File | 94.31% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 177.80 Gb Total Space | 152.94 Gb Free Space | 86.02% Space Free | Partition Type: NTFS
    Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32

    Computer Name: JAII | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/30 00:18:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xpadminserver.dll -- (acedrv05)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
    SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
    SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ggav.sys -- (ujpcjh)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/27 22:23:30 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\navex15.sys -- (NAVEX15)
    DRV - [2012/03/27 22:23:30 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\naveng.sys -- (NAVENG)
    DRV - [2012/03/06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2012/03/02 14:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/02/03 22:43:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/02/03 22:43:59 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/16 19:36:16 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\symtdi.sys -- (SYMTDI)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\srtsp.sys -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\symefa.sys -- (SymEFA)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\symds.sys -- (SymDS)
    DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\ironx86.sys -- (SymIRON)
    DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
    DRV - [2005/08/29 18:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/08/14 01:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/07/04 03:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/06/30 04:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
    DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2004/12/15 18:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/12/15 18:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/15 18:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 18:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 08:54:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_6_3 [2012/03/27 23:08:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2012/01/13 19:51:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/01/13 19:51:31 | 000,000,000 | ---D | M]

    [2011/10/19 18:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/08 22:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/12 10:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/15 17:52:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/18 22:55:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/09 21:30:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/29 14:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2012/03/30 00:00:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
    O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1461445284-2792725786-2666702911-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1302294965281 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E78A90-4060-4034-813C-905D5F65EF2D}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/10 20:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: acedrv05 - %systemroot%\system32\xpadminserver.dll File not found
    NetSvcs: lxrsge10s - File not found
    NetSvcs: vproeventmonitor - File not found
    NetSvcs: enodpl - File not found
    NetSvcs: se45bus - File not found
    NetSvcs: acrsch2svc - File not found
    NetSvcs: pensup - File not found
    NetSvcs: tphdexlgsvc - File not found
    NetSvcs: rasirda - File not found
    NetSvcs: anydvd - File not found
    NetSvcs: nimdbgk - File not found
    NetSvcs: WINFLASH - File not found
    NetSvcs: citrixwmiservice - File not found
    NetSvcs: rt2500usb - File not found
    NetSvcs: cnxtdiag - File not found
    NetSvcs: avfilter - File not found
    NetSvcs: portio - File not found
    NetSvcs: SQTECH905C - File not found
    NetSvcs: Usb20Scan - File not found
    NetSvcs: SE2Emdfl - File not found
    NetSvcs: elaunidr - File not found
    NetSvcs: CTSYN - File not found
    NetSvcs: s217nd5 - File not found
    NetSvcs: Ncrc710 - File not found
    NetSvcs: PPPoEWin - File not found
    NetSvcs: qkbfiltr - File not found
    NetSvcs: zppinger - File not found
    NetSvcs: mfcom - File not found
    NetSvcs: wlankeeper - File not found
    NetSvcs: CA561 - File not found
    NetSvcs: RSAFAL - File not found
    NetSvcs: Blfp - File not found
    NetSvcs: WUSB54GCSVC - File not found
    NetSvcs: https-nassry - File not found
    NetSvcs: riomsc - File not found
    NetSvcs: sentinel - File not found
    NetSvcs: w810mgmt - File not found
    NetSvcs: rrrspy - File not found
    NetSvcs: de_serv - File not found
    NetSvcs: rslinxng - File not found
    NetSvcs: sbservice - File not found
    NetSvcs: pdlndtdl - File not found
    NetSvcs: DfwWebAgent - File not found
    NetSvcs: ifxtcs - File not found
    NetSvcs: IBM_LLC2 - File not found
    NetSvcs: pdlndqll - File not found
    NetSvcs: arrayssl_vpn_service3 - File not found
    NetSvcs: 0 - C:\WINDOWS\0.log ()
    NetSvcs: 1 - File not found
    NetSvcs: 9 - File not found
    NetSvcs: spbbcsvc - File not found
    NetSvcs: procmon10 - File not found
    NetSvcs: AppnApi - File not found
    NetSvcs: SWUMX51 - File not found
    NetSvcs: irsir - File not found
    NetSvcs: toscosrv - File not found
    NetSvcs: mfesmfk - File not found
    NetSvcs: rpcnet - File not found
    NetSvcs: mfebopk - File not found
    NetSvcs: sqlagent$pinnaclesys - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/30 00:18:15 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/03/30 00:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/03/29 23:44:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/03/29 23:43:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/03/29 23:43:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/03/29 23:43:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/03/29 23:43:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/03/29 23:43:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/03/29 23:43:10 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/03/29 23:42:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/29 23:41:01 | 004,448,838 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/03/29 23:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\bootkit_remover
    [2012/03/29 23:19:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2012/03/29 22:13:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/29 22:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller
    [2012/03/29 21:56:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2012/03/29 21:56:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/03/29 21:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/29 21:23:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/03/29 21:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/29 19:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2012/03/29 19:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific
    [2012/03/29 19:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
    [2012/03/29 00:26:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
    [2012/03/28 22:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2012/03/28 22:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/03/28 22:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
    [2012/03/28 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2012/03/28 18:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/03/28 18:13:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
    [2012/03/28 18:12:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
    [2012/03/28 18:12:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/03/28 18:05:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2012/03/27 23:22:19 | 000,035,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
    [2012/03/27 22:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/03/27 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/03/26 21:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CrypKey
    [2012/03/26 20:37:59 | 000,000,000 | ---D | C] -- C:\Log
    [2012/03/26 20:37:35 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
    [2012/03/26 20:37:35 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
    [2012/03/26 20:37:22 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\PhoenixDll.dll
    [2012/03/26 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellar Phoenix Windows Data Recovery
    [2012/03/26 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/30 00:18:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/03/30 00:00:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/03/29 23:50:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/29 23:44:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/03/29 23:42:28 | 004,448,838 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/03/29 23:30:24 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bootkit_remover.zip
    [2012/03/29 23:28:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2012/03/29 23:19:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2012/03/29 22:11:28 | 002,048,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
    [2012/03/29 21:56:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/03/29 21:49:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\92bfqyml.exe
    [2012/03/29 21:23:19 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/29 21:18:19 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
    [2012/03/29 21:08:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/28 18:12:24 | 000,000,566 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/03/27 23:22:19 | 000,035,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
    [2012/03/27 22:28:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/27 22:19:55 | 000,000,230 | ---- | M] () -- C:\WINDOWS\spwdr.INI
    [2012/03/27 22:10:00 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
    [2012/03/26 21:20:42 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
    [2012/03/26 21:20:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
    [2012/03/26 20:37:44 | 000,000,071 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
    [2012/03/14 08:09:49 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/13 22:49:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/03/11 15:45:32 | 000,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/11 15:45:32 | 000,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/29 23:43:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/03/29 23:43:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/03/29 23:43:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/03/29 23:43:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/03/29 23:43:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/29 23:30:12 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bootkit_remover.zip
    [2012/03/29 23:28:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2012/03/29 22:11:20 | 002,048,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
    [2012/03/29 21:49:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\92bfqyml.exe
    [2012/03/29 21:23:19 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/28 18:25:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/28 18:12:24 | 000,000,566 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/03/26 21:20:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
    [2012/03/26 21:20:22 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
    [2012/03/26 21:20:22 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
    [2012/03/26 20:37:59 | 000,000,230 | ---- | C] () -- C:\WINDOWS\spwdr.INI
    [2012/03/26 20:37:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2012/03/26 20:37:35 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
    [2012/03/26 20:37:35 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
    [2012/03/26 20:37:35 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2012/03/26 20:37:35 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
    [2012/03/26 20:37:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
    [2012/02/15 02:30:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/05/26 21:49:58 | 000,044,772 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/05/18 16:40:18 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/08 13:11:34 | 000,176,625 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
    [2011/04/08 13:11:34 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
    [2010/06/30 14:07:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2010/06/30 14:01:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
    [2010/06/30 13:43:41 | 000,176,942 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
    [2010/06/30 13:43:41 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
    [2010/06/30 12:17:45 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2010/06/30 12:17:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2010/06/30 12:16:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2010/06/22 21:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/06/22 21:26:46 | 000,011,242 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
    [2010/06/22 20:36:25 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
    [2010/06/22 20:36:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

    ========== LOP Check ==========

    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation
    [2012/03/29 19:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
    [2011/07/10 13:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2010/06/28 22:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation
    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Digital Interactive Systems Corporation
    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.JAII\Application Data\Digital Interactive Systems Corporation

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2005/11/10 20:46:21 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/04/08 12:07:15 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2012/03/29 23:44:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/03/27 22:20:58 | 000,000,244 | ---- | M] () -- C:\CKINFO.TXT
    [2004/08/10 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/03/30 00:01:47 | 000,015,760 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/31 08:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/11/10 20:48:58 | 000,000,000 | ---- | M] () -- C:\FailKeys.log
    [2005/08/31 08:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/08/31 08:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/04/23 09:12:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/03/29 23:50:23 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
    [2005/11/10 20:48:58 | 000,000,121 | ---- | M] () -- C:\PassKeys.log
    [2012/03/29 22:13:54 | 000,088,644 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_29.03.2012_22.12.12_log.txt
    [2012/03/29 22:20:54 | 000,082,794 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_29.03.2012_22.20.06_log.txt
    [2012/03/29 23:03:30 | 000,082,794 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_29.03.2012_23.02.25_log.txt
    [2012/03/29 23:05:45 | 000,082,794 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_29.03.2012_23.05.03_log.txt
    [2012/03/29 23:07:47 | 000,002,972 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_29.03.2012_23.07.33_log.txt
    [2012/03/29 23:10:13 | 000,082,794 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_29.03.2012_23.07.52_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.dll >
    [2005/05/12 10:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.ini >
    [2005/08/31 08:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/31 00:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2005/08/31 00:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005/08/31 00:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/04/23 09:18:02 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/11/10 20:08:33 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/31 08:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/29 21:49:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\92bfqyml.exe
    [2012/03/29 23:19:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2012/03/29 23:42:28 | 004,448,838 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/03/30 00:18:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/01/08 21:21:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2004/08/10 15:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/03/29 23:49:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 08:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/08/31 08:06:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/28 18:12:24 | 000,000,566 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/03/30 00:19:29 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [8 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 11:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 11:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 11:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 11:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 11:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 11:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 11:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/05/07 12:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    < End of report >
  6. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Extra

    OTL Extras logfile created on: 3/30/2012 12:20:41 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 560.09 Mb Available Physical Memory | 58.44% Memory free
    2.26 Gb Paging File | 2.13 Gb Available in Paging File | 94.31% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 177.80 Gb Total Space | 152.94 Gb Free Space | 86.02% Space Free | Partition Type: NTFS
    Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32

    Computer Name: JAII | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiSpywareOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
    "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
    "C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
    "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
    "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
    "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
    "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
    "{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
    "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
    "{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
    "{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
    "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
    "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
    "{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
    "{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
    "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
    "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
    "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
    "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
    "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
    "{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
    "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
    "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
    "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
    "{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
    "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
    "{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
    "{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
    "{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
    "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5
    "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
    "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
    "049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
    "0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
    "0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
    "0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
    "0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
    "3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
    "3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
    "413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
    "47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
    "538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
    "55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
    "581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
    "5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
    "758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
    "901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
    "90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
    "9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
    "A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
    "ATI Display Driver" = ATI Display Driver
    "AwayMode160" = Microsoft Away Mode
    "B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
    "B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
    "BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
    "D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
    "DISCover" = DISCover
    "E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
    "E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
    "E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
    "F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
    "HP Document Manager" = HP Document Manager 1.0
    "HP Document Viewer" = HP Document Viewer 5.3
    "HP Game Console" = HP Game Console and games
    "HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photo & Imaging" = HP Image Zone 5.3
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
    "IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Money2005b" = Microsoft Money 2005
    "N360" = Norton Security Suite
    "Netscape Browser" = Netscape Browser (remove only)
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "PS2" = PS2
    "Python 2.2.3" = Python 2.2.3
    "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
    "RealPlayer 6.0" = RealPlayer
    "Shop for HP Supplies" = Shop for HP Supplies
    "Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery
    "TeamViewer 7" = TeamViewer 7
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/26/2012 6:58:54 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 69125

    Error - 3/26/2012 6:58:56 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/26/2012 6:58:56 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 71156

    Error - 3/26/2012 6:58:56 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 71156

    Error - 3/26/2012 8:04:21 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/26/2012 8:04:21 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 278531

    Error - 3/26/2012 8:04:21 PM | Computer Name = JAII | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 278531

    Error - 3/27/2012 11:14:57 PM | Computer Name = JAII | Source = Application Hang | ID = 1002
    Description = Hanging application ccsvchst.exe, version 10.1.1.16, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 3/28/2012 12:14:32 AM | Computer Name = JAII | Source = Chrome | ID = 1
    Description =

    Error - 3/29/2012 11:46:31 PM | Computer Name = JAII | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    [ System Events ]
    Error - 3/29/2012 8:16:44 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 3/29/2012 8:16:47 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 3/29/2012 8:18:00 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 3/29/2012 8:18:00 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 3/29/2012 8:18:02 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 3/29/2012 9:12:46 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 3/29/2012 9:13:08 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 3/29/2012 9:15:42 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 3/29/2012 9:52:50 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 3/29/2012 9:54:06 PM | Computer Name = JAII | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


    < End of report >
  7. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    You didn't read my previous reply:
    Since you just ran OTL only one log (OTL.txt) will be created.
  8. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    ..I'm sorry.. I didn't come across that post

    I'm Sorry........
  9. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    No problem :)
  10. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    I started up on normal mode but I'm having a little issue the desktop home page only shows the hp wallpaper no icons no taskbar it's completely empty
  11. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
     
  12. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Can we...

    Broni can we resume later today I'll post when I'll arrive on the blog.. I have work in the morning... Thank you so much for having patience with me... I appreciate everything..:) goodnight
  13. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    I'm Back

    I just ran the unhide software... however it did not show up (Normal mode)
  14. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    ..and?.......
  15. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Everything loaded but I'm still having a problem with my files not running I've clicked on my norton to run but it's running in the backgrnd not on homepage samething with taskmanager
  16. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Are Norton and Task Manager only things malfunctioning?

    You still owe me OTL log from normal mode.
  17. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    I can not access the internet on normal mode it stalls and nor do my programs open they tend to run in the backgrnd. Ill try it again when I return home
  18. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    ...
  19. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    No I try to access my computer, my network, norton, internet, recycle bin, etc folder its not responding. However, a few programs do work like words, excel etc. Otl.exe file I cannot access
  20. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
  21. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    I'm trying to run on normal but its not responding
  22. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Re-read my previous reply.
  23. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    otl

    OTL logfile created on: 3/30/2012 8:26:31 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\HP_Administrator.JAII\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 709.82 Mb Available Physical Memory | 74.06% Memory free
    2.26 Gb Paging File | 2.14 Gb Available in Paging File | 94.66% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 177.80 Gb Total Space | 152.90 Gb Free Space | 86.00% Space Free | Partition Type: NTFS
    Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.12% Space Free | Partition Type: FAT32

    Computer Name: JAII | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/30 19:44:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\OTL.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xpadminserver.dll -- (acedrv05)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
    SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
    SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ggav.sys -- (ujpcjh)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/03/27 22:23:30 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120330.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/03/27 22:23:30 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120330.002\NAVENG.SYS -- (NAVENG)
    DRV - [2012/03/06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120329.002\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2012/03/02 14:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/02/03 22:43:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/02/03 22:43:59 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/07/16 19:36:16 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\symtdi.sys -- (SYMTDI)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\srtsp.sys -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\symefa.sys -- (SymEFA)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\symds.sys -- (SymDS)
    DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\ironx86.sys -- (SymIRON)
    DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
    DRV - [2005/08/29 18:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/08/14 01:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/07/04 03:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/06/30 04:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
    DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2004/12/15 18:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/12/15 18:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/15 18:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 18:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NSS&chn=retail&geo=US&ver=4
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.urbanog.com/index.html"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 08:54:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_6_3 [2012/03/30 18:54:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2012/01/13 19:51:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/01/13 19:51:31 | 000,000,000 | ---D | M]
  24. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    .....continue

    [2011/04/08 12:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\Mozilla\Extensions
    [2011/05/28 13:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\Mozilla\Firefox\Profiles\tf1thbwj.default\extensions
    [2011/10/19 18:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/08 22:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/12 10:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/15 17:52:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/18 22:55:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/09 21:30:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/29 14:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_2_3
    [2012/02/08 08:54:10 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
    [2012/02/26 20:02:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Angry Birds = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: God is Love = C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea\1_0\

    O1 HOSTS File: ([2012/03/30 00:00:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\..\Toolbar\ShellBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
    O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1461445284-2792725786-2666702911-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1302294965281 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E78A90-4060-4034-813C-905D5F65EF2D}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/10 20:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: acedrv05 - %systemroot%\system32\xpadminserver.dll File not found
    NetSvcs: lxrsge10s - File not found
    NetSvcs: vproeventmonitor - File not found
    NetSvcs: enodpl - File not found
    NetSvcs: se45bus - File not found
    NetSvcs: acrsch2svc - File not found
    NetSvcs: pensup - File not found
    NetSvcs: tphdexlgsvc - File not found
    NetSvcs: rasirda - File not found
    NetSvcs: anydvd - File not found
    NetSvcs: nimdbgk - File not found
    NetSvcs: WINFLASH - File not found
    NetSvcs: citrixwmiservice - File not found
    NetSvcs: rt2500usb - File not found
    NetSvcs: cnxtdiag - File not found
    NetSvcs: avfilter - File not found
    NetSvcs: portio - File not found
    NetSvcs: SQTECH905C - File not found
    NetSvcs: Usb20Scan - File not found
    NetSvcs: SE2Emdfl - File not found
    NetSvcs: elaunidr - File not found
    NetSvcs: CTSYN - File not found
    NetSvcs: s217nd5 - File not found
    NetSvcs: Ncrc710 - File not found
    NetSvcs: PPPoEWin - File not found
    NetSvcs: qkbfiltr - File not found
    NetSvcs: zppinger - File not found
    NetSvcs: mfcom - File not found
    NetSvcs: wlankeeper - File not found
    NetSvcs: CA561 - File not found
    NetSvcs: RSAFAL - File not found
    NetSvcs: Blfp - File not found
    NetSvcs: WUSB54GCSVC - File not found
    NetSvcs: https-nassry - File not found
    NetSvcs: riomsc - File not found
    NetSvcs: sentinel - File not found
    NetSvcs: w810mgmt - File not found
    NetSvcs: rrrspy - File not found
    NetSvcs: de_serv - File not found
    NetSvcs: rslinxng - File not found
    NetSvcs: sbservice - File not found
    NetSvcs: pdlndtdl - File not found
    NetSvcs: DfwWebAgent - File not found
    NetSvcs: ifxtcs - File not found
    NetSvcs: IBM_LLC2 - File not found
    NetSvcs: pdlndqll - File not found
    NetSvcs: arrayssl_vpn_service3 - File not found
    NetSvcs: 0 - C:\WINDOWS\0.log ()
    NetSvcs: 1 - File not found
    NetSvcs: 9 - File not found
    NetSvcs: spbbcsvc - File not found
    NetSvcs: procmon10 - File not found
    NetSvcs: AppnApi - File not found
    NetSvcs: SWUMX51 - File not found
    NetSvcs: irsir - File not found
    NetSvcs: toscosrv - File not found
    NetSvcs: mfesmfk - File not found
    NetSvcs: rpcnet - File not found
    NetSvcs: mfebopk - File not found
    NetSvcs: sqlagent$pinnaclesys - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/30 19:44:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\OTL.exe
    [2012/03/30 00:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/03/29 23:44:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/03/29 23:43:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/03/29 23:42:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/29 22:13:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/28 22:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/03/28 18:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/03/28 18:12:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/03/28 18:05:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2012/03/27 23:22:19 | 000,035,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
    [2012/03/27 23:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\Tific
    [2012/03/27 23:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\Symantec
    [2012/03/27 22:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/03/27 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/03/27 22:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\FixZeroAccess
    [2012/03/26 21:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CrypKey
    [2012/03/26 20:37:59 | 000,000,000 | ---D | C] -- C:\Log
    [2012/03/26 20:37:35 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
    [2012/03/26 20:37:35 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
    [2012/03/26 20:37:22 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\PhoenixDll.dll
    [2012/03/26 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellar Phoenix Windows Data Recovery
    [2012/03/26 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
    [2012/03/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\GetRightToGo
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\HP_Administrator.JAII\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.JAII\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/30 20:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/30 19:46:58 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
    [2012/03/30 19:44:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\OTL.exe
    [2012/03/30 17:14:13 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\Google Chrome.lnk
    [2012/03/30 17:14:13 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/03/30 00:00:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/03/29 23:44:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/03/29 21:08:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/28 18:12:24 | 000,000,566 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/03/27 23:59:16 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\Norton Installation Files.lnk
    [2012/03/27 23:22:19 | 000,035,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixZeroAccess.sys
    [2012/03/27 22:28:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/27 22:19:55 | 000,000,230 | ---- | M] () -- C:\WINDOWS\spwdr.INI
    [2012/03/27 22:10:00 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
    [2012/03/26 22:46:20 | 000,137,607 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\SPWDR Scan 26-Mar-2012_10 46 12 PM.IMG
    [2012/03/26 21:20:42 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
    [2012/03/26 21:20:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
    [2012/03/26 20:37:44 | 000,000,071 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
    [2012/03/26 20:37:25 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\Stellar Phoenix Windows Data Recovery.lnk
    [2012/03/14 08:09:49 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/13 22:49:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/03/11 15:45:32 | 000,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/11 15:45:32 | 000,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\HP_Administrator.JAII\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.JAII\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/28 18:25:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/28 18:12:24 | 000,000,566 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/03/27 23:59:14 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\Norton Installation Files.lnk
    [2012/03/26 22:46:20 | 000,137,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\SPWDR Scan 26-Mar-2012_10 46 12 PM.IMG
    [2012/03/26 21:20:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
    [2012/03/26 21:20:22 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
    [2012/03/26 21:20:22 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
    [2012/03/26 20:37:59 | 000,000,230 | ---- | C] () -- C:\WINDOWS\spwdr.INI
    [2012/03/26 20:37:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2012/03/26 20:37:35 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
    [2012/03/26 20:37:35 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
    [2012/03/26 20:37:35 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2012/03/26 20:37:35 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
    [2012/03/26 20:37:25 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\Stellar Phoenix Windows Data Recovery.lnk
    [2012/03/26 20:37:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
    [2012/02/15 02:30:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/05/26 21:49:58 | 000,044,772 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/05/18 16:45:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/18 16:40:18 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/26 10:34:41 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\wklnhst.dat
    [2011/04/10 19:10:02 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/08 16:02:51 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.JAII\Local Settings\Application Data\fusioncache.dat
    [2011/04/08 13:11:34 | 000,176,625 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
    [2011/04/08 13:11:34 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
    [2010/06/30 14:07:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2010/06/30 14:01:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
    [2010/06/30 13:43:41 | 000,176,942 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
    [2010/06/30 13:43:41 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
    [2010/06/30 12:17:45 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2010/06/30 12:17:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2010/06/30 12:16:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2010/06/22 21:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/06/22 21:26:46 | 000,011,242 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
    [2010/06/22 20:36:25 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
    [2010/06/22 20:36:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

    ========== LOP Check ==========

    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation
    [2012/03/29 19:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
    [2011/07/10 13:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2010/06/28 22:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation
    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Digital Interactive Systems Corporation
    [2005/11/10 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.JAII\Application Data\Digital Interactive Systems Corporation

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < >

    < >

    < %SYSTEMDRIVE%\*.* >
    [2005/11/10 20:46:21 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/04/08 12:07:15 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2012/03/29 23:44:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/03/27 22:20:58 | 000,000,244 | ---- | M] () -- C:\CKINFO.TXT
    [2004/08/10 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2005/08/31 08:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/11/10 20:48:58 | 000,000,000 | ---- | M] () -- C:\FailKeys.log
    [2005/08/31 08:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/08/31 08:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/04/23 09:12:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/03/30 20:06:03 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
    [2005/11/10 20:48:58 | 000,000,121 | ---- | M] () -- C:\PassKeys.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.dll >
    [2005/05/12 10:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.ini >
    [2005/08/31 08:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/31 00:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2005/08/31 00:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005/08/31 00:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/04/23 09:18:02 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/08 12:07:25 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/31 08:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/30 19:44:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.JAII\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/01/08 21:21:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2004/08/10 15:00:00 | 000,000,065 | R--- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/03/30 19:46:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/04/16 22:14:36 | 000,381,464 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\HP_Administrator.JAII\My Documents\Norton_Download_Manager.exe
    [1 C:\Documents and Settings\HP_Administrator.JAII\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.JAII\My Documents\*.tmp -> ]

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 08:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/08 12:05:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Favorites\Desktop.ini
    [2005/11/10 20:57:39 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Favorites\eBay.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/28 18:12:24 | 000,000,566 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/03/30 20:23:09 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.JAII\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [8 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 11:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 11:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 11:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 11:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 11:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 11:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 11:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/05/07 12:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    < End of report >
  25. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Please read my reply #45.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.