Solved Help with malware

[Broni]

Good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Marcus CS]

My computer seems to be doing fine.

OTL logfile created on: 12/28/2010 4:45:28 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\HP_Owner.SEVILLA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 103.70 Gb Free Space | 57.83% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.64 Gb Free Space | 9.13% Space Free | Partition Type: FAT32

Computer Name: SEVILLA | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 16:43:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\OTL.exe
PRC - [2010/12/22 18:05:56 | 000,020,480 | ---- | M] (Webfetti) -- C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/07 12:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/09/02 08:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/02/14 06:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2004/10/13 19:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 17:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/24 14:08:44 | 000,156,784 | -H-- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0a\aoltray.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/01/04 11:18:56 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2002/01/04 11:16:56 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2002/01/04 11:07:51 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/01/04 10:45:58 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 16:43:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\OTL.exe
MOD - [2010/12/22 18:05:56 | 000,024,576 | ---- | M] (Webfetti) -- C:\Program Files\WebfettiIE\bar\1.bin\ybbrstub.dll
MOD - [2010/09/02 08:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2004/08/04 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2002/01/04 11:18:56 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/22 18:05:56 | 000,028,766 | ---- | M] (Webfetti) [Auto | Stopped] -- C:\Program Files\WebfettiIE\bar\1.bin\ybbarsvc.exe -- (WebfettiIEService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/09/02 08:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 11:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 11:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 11:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 11:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 11:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 11:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/02 08:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/13 20:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/27 02:31:14 | 000,135,168 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 12:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 10:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...YYus&ptb=A13D36CA-DC04-4386-8E88-0C69BED3B858
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d664042c-ca70-48b6-afc9-24a4212d5e43} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll (Webfetti)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/12/05 13:15:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 06:59:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 06:59:52 | 000,000,000 | ---D | M]

[2010/11/21 04:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Mozilla\Extensions
[2010/12/24 18:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\extensions
[2010/11/25 14:47:20 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/12/05 12:54:41 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/11/21 21:18:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/16 15:49:17 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\searchplugins\bing.xml
[2010/12/24 18:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 00:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 15:53:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/05/15 02:29:53 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2009/09/19 13:01:38 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/09/19 13:01:41 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/12/24 19:11:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shop to Win 9) - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files\Shop to Win 9\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Search Assistant BHO) - {a504d73b-32d5-4b53-9dfc-0891be7653f0} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll (Webfetti)
O2 - BHO: (Toolbar BHO) - {d826715f-a629-4613-a641-5ca18e8b2f7a} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Webfetti) - {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Webfetti) - {94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Webfetti] C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
O4 - HKLM..\Run: [WebfettiIE Browser Plugin Loader] C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe (Webfetti)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Owner.SEVILLA\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/04 11:48:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65315805348233216)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 16:43:54 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\OTL.exe
[2010/12/22 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\WebfettiIE
[2010/12/22 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\WebfettiEI
[2010/12/20 12:17:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/20 12:17:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/20 12:17:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/20 12:17:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/20 12:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/20 12:13:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/19 00:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\Help
[2010/12/19 00:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Help
[2010/12/18 14:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Malwarebytes
[2010/12/18 14:35:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/18 14:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/18 14:35:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 14:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 03:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\My Scans
[2010/12/10 02:11:07 | 000,398,744 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/12/07 09:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\HP
[2010/12/07 09:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\HPAppData
[2010/12/05 13:18:38 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/05 13:18:37 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/05 13:18:35 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/05 13:18:34 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/05 13:18:32 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/05 13:18:32 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/05 13:18:31 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/05 13:18:16 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/05 13:18:16 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/05 12:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\ForceField Shared Files
[2010/12/05 12:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\CheckPoint
[2010/12/05 12:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/05 12:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\Conduit
[2010/12/05 12:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\ZoneAlarm_Security
[2010/12/05 12:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010/12/05 12:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/12/05 12:54:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/12/05 12:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\BitTorrent
[2010/12/03 20:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\Google
[2010/12/03 20:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/02 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\np_corp.cgi_files
[2010/12/01 22:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\HP
[2006/12/04 21:31:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2010/12/28 16:43:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\OTL.exe
[2010/12/28 16:36:44 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/12/28 16:35:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 16:34:57 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/12/28 16:34:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/28 16:34:33 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 16:34:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/24 19:28:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3336513925-2205304878-719255350-1009UA.job
[2010/12/24 19:18:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/24 19:11:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/24 18:45:06 | 003,998,064 | R--- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\ComboFix.exe
[2010/12/24 18:28:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3336513925-2205304878-719255350-1009Core1cac6718a1f0bd8.job
[2010/12/22 11:50:43 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\MBRCheck.exe
[2010/12/21 23:58:09 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Lista De Las Femenina.doc
[2010/12/21 11:06:57 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/12/19 00:10:49 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Amazing Spectacle.doc
[2010/12/18 16:40:21 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Baptizm Classes.doc
[2010/12/18 14:56:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\1lq0zxh5.exe
[2010/12/18 14:35:14 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/18 12:34:34 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\WeeklyDonationList.xls
[2010/12/16 15:49:50 | 007,279,616 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/12/16 15:49:49 | 006,158,336 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/12/15 21:20:21 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/15 21:20:21 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/13 00:14:48 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/12/11 02:49:07 | 000,768,862 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\scan0003.jpg
[2010/12/10 02:11:07 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/12/10 00:44:04 | 000,716,288 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Media Sign Network.doc
[2010/12/08 06:58:33 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Christmas Songs.doc
[2010/12/07 11:11:09 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Church Letter.doc
[2010/12/07 09:11:19 | 000,176,651 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2010/12/07 09:00:08 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2010/12/07 08:58:58 | 000,002,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/12/07 08:56:24 | 000,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2010/12/07 08:52:28 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/12/07 08:45:33 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/12/05 13:18:38 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/05 13:18:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/05 12:56:19 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/12/05 12:54:15 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/12/05 12:54:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\ZoneAlarm Security.lnk
[2010/12/03 20:05:31 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/02 19:06:48 | 000,116,906 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Certificate.pdf
[2010/12/02 18:51:59 | 000,005,162 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\pay2.cgi.htm
[2010/12/02 18:41:12 | 000,007,478 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\np_corp.cgi.htm
[2010/12/01 22:34:11 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/01 22:34:11 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/01 22:02:05 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\fusioncache.dat
[2010/12/01 18:52:23 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Church Logo.doc
[2010/11/29 18:42:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

 

[Marcus CS]

========== Files Created - No Company Name ==========

[2010/12/22 11:50:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\MBRCheck.exe
[2010/12/21 11:06:57 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/12/20 12:17:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/20 12:17:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/20 12:17:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/20 12:17:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/20 12:17:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/20 12:06:19 | 003,998,064 | R--- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\ComboFix.exe
[2010/12/19 00:10:48 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Amazing Spectacle.doc
[2010/12/18 14:56:33 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\1lq0zxh5.exe
[2010/12/18 14:35:14 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/14 22:53:00 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Lista De Las Femenina.doc
[2010/12/12 01:33:08 | 000,115,712 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Baptizm Classes.doc
[2010/12/11 03:31:55 | 000,768,862 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\scan0003.jpg
[2010/12/10 04:22:04 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\WeeklyDonationList.xls
[2010/12/08 06:58:33 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Christmas Songs.doc
[2010/12/07 09:00:08 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2010/12/07 08:58:58 | 000,002,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2010/12/07 08:56:24 | 000,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2010/12/07 08:52:28 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/12/07 08:31:21 | 000,176,651 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/12/07 08:31:21 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2010/12/05 13:18:38 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/05 12:54:15 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/12/05 12:54:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\ZoneAlarm Security.lnk
[2010/12/05 12:53:58 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/12/04 23:46:24 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Church Letter.doc
[2010/12/04 20:05:43 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\ResumeARS.doc
[2010/12/03 20:12:47 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/03 20:12:47 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/03 20:08:06 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/03 20:08:06 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 19:06:48 | 000,116,906 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Certificate.pdf
[2010/12/02 18:51:56 | 000,005,162 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\pay2.cgi.htm
[2010/12/02 18:41:06 | 000,007,478 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\np_corp.cgi.htm
[2010/12/01 18:56:11 | 000,716,288 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Media Sign Network.doc
[2010/12/01 18:52:23 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\My Documents\Church Logo.doc
[2010/11/21 18:44:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\wklnhst.dat
[2010/11/21 04:32:43 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Application Data\fusioncache.dat
[2009/08/12 12:20:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/12 12:51:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/11 23:27:40 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/12/28 20:40:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/09/26 16:20:18 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/09/26 16:20:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/03/05 18:22:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2006/12/20 22:13:07 | 000,001,652 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/04 20:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/08/19 15:44:43 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/08/16 10:41:24 | 000,000,063 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/23 11:49:17 | 001,777,478 | ---- | C] () -- C:\Program Files\Guide Eng.pdf
[2006/05/05 16:43:33 | 000,007,776 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/15 19:39:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/31 10:25:28 | 000,000,465 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/05 23:26:25 | 000,045,843 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2005/11/05 18:48:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GBKEEJL.ini
[2005/10/24 06:01:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/10/21 20:10:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Owner.ini
[2005/09/17 14:32:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PS_setup.ini
[2005/09/16 14:19:48 | 000,000,799 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/09/16 13:25:57 | 000,000,175 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/10/15 06:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2002/01/04 11:49:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/01/04 11:46:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/01/04 11:46:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/01/04 11:46:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/01/04 11:46:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/01/04 11:46:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/01/04 11:46:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2002/01/04 11:17:25 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2002/01/04 11:17:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/01/04 11:16:58 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2002/01/04 11:14:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/01/04 10:56:31 | 000,003,041 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2002/01/04 10:51:34 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2002/01/04 10:42:19 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/01/04 10:41:11 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2002/01/04 10:41:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2002/01/04 10:40:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

========== LOP Check ==========

[2010/05/11 03:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2007/08/03 22:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2010/12/03 20:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/09/18 00:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/08/12 12:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/09/17 16:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/04/21 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExamForce
[2009/07/07 11:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/03/28 16:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/03/12 10:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/02/12 17:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/04/02 21:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/05/20 15:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/11/05 18:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hello Kitty Snap n Share
[2010/11/05 18:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hello Kitty Snap n' Share
[2010/11/07 13:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HelloKittyTarget
[2009/08/25 17:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/11/09 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/09/20 21:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/11/06 19:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2005/09/17 14:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/06/27 20:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2009/07/24 10:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/04/15 21:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/08/15 23:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2005/12/22 17:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/08/10 22:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/03/30 11:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/08/12 12:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/01/12 09:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/01/11 23:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/07 13:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sukoku
[2010/05/06 06:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/02 15:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/08/12 20:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/06 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/11/02 22:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/11 23:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/11/25 00:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/11/21 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/21 09:28:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6378633A-55E6-4BF6-A4DE-93B56169BD0A}
[2009/09/18 19:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 21:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/12/21 11:06:57 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/12/28 16:34:57 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/12/06 09:41:10 | 000,000,000 | ---- | M] () -- C:\195401806
[2009/10/20 14:34:39 | 000,462,120 | ---- | M] () -- C:\AnalysisLog.sr0
[2002/01/04 11:48:10 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/21 04:29:29 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/11/21 18:37:34 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/04 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/24 19:23:52 | 000,023,164 | ---- | M] () -- C:\ComboFix.txt
[2004/10/15 06:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/16 20:08:18 | 000,177,735 | ---- | M] () -- C:\DTLog.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/12/28 16:34:33 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2002/01/04 10:40:49 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/10/15 06:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/15 03:07:25 | 000,001,095 | -H-- | M] () -- C:\IPH.PH
[2008/06/22 13:48:40 | 000,007,250 | ---- | M] () -- C:\iPod_log.txt
[2004/10/15 06:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/12/28 16:34:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/06/07 09:12:02 | 000,108,854 | ---- | M] () -- C:\playground.log
[2009/05/05 12:47:44 | 001,606,839 | ---- | M] () -- C:\scan0001.jpg
[2010/11/21 21:05:37 | 000,002,848 | ---- | M] () -- C:\scramble.log
[2010/11/15 14:58:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/16 14:14:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/16 23:35:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/17 09:34:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/17 12:43:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/11/18 11:07:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/11/18 17:57:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/11/18 23:36:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/19 13:23:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/20 13:08:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/20 00:08:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/11/20 16:20:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/11/09 11:32:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/11/09 11:58:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/11/09 19:39:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/11/10 12:43:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/11/11 12:49:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/11/12 10:43:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/11/13 12:52:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/11/14 21:44:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/11/15 14:58:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/16 14:14:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/16 23:35:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/17 09:34:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/17 12:43:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/11/18 11:07:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/11/18 17:57:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/11/18 23:36:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/19 13:23:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/20 13:08:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/20 00:08:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/11/20 16:20:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/11/09 11:32:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/11/09 11:58:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/11/09 19:39:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/11/10 12:43:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/11/11 12:49:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/11/12 10:43:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/11/13 12:52:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/11/14 21:44:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/05/17 20:29:31 | 000,001,216 | ---- | M] () -- C:\sti.log
[2009/02/06 20:01:07 | 000,001,020 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2007/10/16 19:39:49 | 000,046,209 | ---- | M] () -- C:\VETlog.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/10/15 06:37:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2003/06/19 04:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 12:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2006/08/19 15:44:51 | 000,194,560 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\Olay Ribbons Screensaver.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2006/12/04 16:12:50 | 002,169,048 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\DSC01207.JPG

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2002/12/03 11:20:02 | 001,777,478 | ---- | M] () -- C:\Program Files\Guide Eng.pdf
[2006/12/04 21:30:54 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/10/14 23:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/14 23:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/14 23:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2006/10/23 21:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\bak
[2006/10/23 21:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\AOL\1147752597\ee\bak
[2006/10/23 21:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\AOL\1147752597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\bak
[2006/10/23 21:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\AOL\1147752597\ee\services\sscFirewallPlugin\ver1_10_3_1\bak
[2006/10/23 21:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Real\Update_OB\bak
[2006/10/23 21:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak
[2006/10/23 21:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java\j2re1.4.2_03\bin\bak
[2006/10/23 21:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\mcafee.com\personal firewall\bak
[2006/10/23 21:33:20 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint\Viewpoint Manager\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/10/15 06:38:26 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/21 04:33:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/15 06:41:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/18 14:56:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\1lq0zxh5.exe
[2010/12/24 18:45:06 | 003,998,064 | R--- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\ComboFix.exe
[2010/12/22 11:50:43 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\MBRCheck.exe
[2010/12/28 16:43:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/21 04:33:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/28 16:40:40 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\HP_Owner.SEVILLA\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 12:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 07:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 10:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 10:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 10:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 10:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 10:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 10:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 10:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2006/03/07 22:09:55 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2004/08/04 10:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 10:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 12:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2542A415
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10151AE6
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC9A41B
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE6A1342
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8CE6E9B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C20507F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D09A3F7
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF6F459
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23144F52
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E8B5D7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

 

[Marcus CS]

OTL Extras logfile created on: 12/28/2010 4:45:28 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\HP_Owner.SEVILLA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 103.70 Gb Free Space | 57.83% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.64 Gb Free Space | 9.13% Space Free | Partition Type: FAT32

Computer Name: SEVILLA | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B98685A-4E21-4A4F-A2D6-DC557042BADA}" = HPIZplus450
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.3
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62" = Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"6B60434A-ABE1-48FF-906B-0EA67087AB25" = Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"avast5" = avast! Free Antivirus
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1" = Polar Golfer from Hewlett-Packard Desktops (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Google Chrome" = Google Chrome
"Help and Support Additions" = Help and Support Additions
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.5.3
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PS2" = PS2
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Shop to Win 9" = Shop to Win 9
"SpySubtract" = SpySubtract
"VLC media player" = VLC media player 1.1.5
"WebfettiIEbar Uninstall" = Webfetti
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2010 7:32:57 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CLR' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CA' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CRT' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework PreXP' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr.
Watson' could not be installed. Error code 1603. Additional information is available
in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 1' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 2' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

Error - 12/24/2010 7:32:59 PM | Computer Name = SEVILLA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup408E.txt.

[ System Events ]
Error - 12/23/2010 10:49:58 AM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 12/23/2010 10:51:19 AM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/23/2010 12:14:27 PM | Computer Name = SEVILLA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 12/24/2010 6:14:57 PM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 12/24/2010 6:16:18 PM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/24/2010 7:12:41 PM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 12/24/2010 7:14:08 PM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/24/2010 7:33:20 PM | Computer Name = SEVILLA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 12/28/2010 4:35:02 PM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 12/28/2010 4:36:23 PM | Computer Name = SEVILLA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

 

[Broni]

Good news

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2010/12/22 18:05:56 | 000,020,480 | ---- | M] (Webfetti) -- C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
  MOD - [2010/12/22 18:05:56 | 000,024,576 | ---- | M] (Webfetti) -- C:\Program Files\WebfettiIE\bar\1.bin\ybbrstub.dll
  SRV - [2010/12/22 18:05:56 | 000,028,766 | ---- | M] (Webfetti) [Auto | Stopped] -- C:\Program Files\WebfettiIE\bar\1.bin\ybbarsvc.exe -- (WebfettiIEService)
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...8-0C69BED3B858
  IE - HKCU\..\URLSearchHook: {d664042c-ca70-48b6-afc9-24a4212d5e43} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll (Webfetti)
  [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
  O2 - BHO: (Search Assistant BHO) - {a504d73b-32d5-4b53-9dfc-0891be7653f0} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll (Webfetti)
  O2 - BHO: (Toolbar BHO) - {d826715f-a629-4613-a641-5ca18e8b2f7a} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
  O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Webfetti) - {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
  O3 - HKCU\..\Toolbar\WebBrowser: (Webfetti) - {94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
  O4 - HKLM..\Run: [Webfetti] C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll (Webfetti)
  O4 - HKLM..\Run: [WebfettiIE Browser Plugin Loader] C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe (Webfetti)
  O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
  [2010/12/22 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\WebfettiIE
  [2010/12/22 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\WebfettiEI
  [2008/08/12 20:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
  @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2542A415
  @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
  @Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
  @Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
  @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
  @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10151AE6
  @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
  @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC9A41B
  @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE6A1342
  @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321
  @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8CE6E9B
  @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
  @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
  @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8
  @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F
  @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
  @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
  @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C20507F
  @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
  @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D09A3F7
  @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF6F459
  @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23144F52
  @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E8B5D7
  @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
  "DisableMonitoring" =-
  
  
  :Files
  C:\Program Files\WebfettiIE
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Marcus CS]

I believe I installed the new java and removed the old version correctly. The thing is that I believe I might have a problem with the OTL. I copied the code(even the top :OTL) and pasted it under Custom Scans/Fixes box. Then clicked run fix. After that it took out the start menu like usual and just kept the background. The only reason I'm concerned is that says at the bottom of the program "Killing process. DO NOT Interrupt" for about two hours. The Custom Scans/Fixes box hasn't even been scrolling down like it did last time. The previous scans sometimes took a while, but after at least 45 mins they would show signs of progress. Should I just wait it out or what?
Update: I had to shutdown my computer, but when I restarted it seemed fine.

 

[Broni]

You did fine.

Re-run OTL fix.
Disable your AV program and if it doesn't help, run the fix from Safe Mode.

 

[Marcus CS]

should i disable my firewall as well?

 

[Broni]

No..............

 

[Marcus CS]

All processes killed
========== OTL ==========
No active process named ybbrmon.exe was found!
Service WebfettiIEService stopped successfully!
Service WebfettiIEService deleted successfully!
C:\Program Files\WebfettiIE\bar\1.bin\ybbarsvc.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d664042c-ca70-48b6-afc9-24a4212d5e43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d664042c-ca70-48b6-afc9-24a4212d5e43}\ deleted successfully.
C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a504d73b-32d5-4b53-9dfc-0891be7653f0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a504d73b-32d5-4b53-9dfc-0891be7653f0}\ deleted successfully.
File C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d826715f-a629-4613-a641-5ca18e8b2f7a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d826715f-a629-4613-a641-5ca18e8b2f7a}\ deleted successfully.
C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc}\ deleted successfully.
File C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC}\ not found.
File C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Webfetti deleted successfully.
File C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WebfettiIE Browser Plugin Loader deleted successfully.
C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\WebfettiIE\Shared\Cache folder moved successfully.
C:\Program Files\WebfettiIE\Shared folder moved successfully.
C:\Program Files\WebfettiIE\bar\Settings folder moved successfully.
C:\Program Files\WebfettiIE\bar\Message folder moved successfully.
C:\Program Files\WebfettiIE\bar\History folder moved successfully.
C:\Program Files\WebfettiIE\bar\Cache folder moved successfully.
C:\Program Files\WebfettiIE\bar\1.bin\chrome folder moved successfully.
C:\Program Files\WebfettiIE\bar\1.bin folder moved successfully.
C:\Program Files\WebfettiIE\bar folder moved successfully.
C:\Program Files\WebfettiIE folder moved successfully.
C:\Program Files\WebfettiEI\Installr\1.bin\chrome folder moved successfully.
C:\Program Files\WebfettiEI\Installr\1.bin folder moved successfully.
C:\Program Files\WebfettiEI\Installr folder moved successfully.
C:\Program Files\WebfettiEI folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2542A415 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A823589 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:20240A47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10151AE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FC9A41B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FE6A1342 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8CE6E9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:522EA216 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C20507F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8D09A3F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6AF6F459 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:23144F52 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8E8B5D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\WebfettiIE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Aracely
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLA
->Temp folder emptied: 13412670 bytes
->Temporary Internet Files folder emptied: 159755687 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 53283614 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2462 bytes

User: HP_Owner.SEVILLAFAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAHOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_OWN~2~SEV

User: LocalService
->Temp folder emptied: 1053304 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1975144 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TomTom HOME 2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52633008 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 269.00 mb


[EMPTYFLASH]

User: All Users

User: Aracely
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: HP_Owner
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLA
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAFAMILY
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAHOME
->Flash cache emptied: 0 bytes

User: HP_OWN~2~SEV

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: TomTom HOME 2

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12312010_191651

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\IadHide5.dll moved successfully.
C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\~DFDA68.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\ZLT051f6.TMP not found!

Registry entries deleted on Reboot...

 

[Marcus CS]

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm
ZoneAlarm Toolbar
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
America Online 9.0a aoltray.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

 

[Broni]

Out of date service pack!!

We'll have to take care of it, but I want to see Eset scan log first.

Update Internet Explorer to at least version 7.
Version 6 is obsolete and thus dangerous.

Uninstall Java 2 Runtime Environment, SE v1.4.2_03

 

[Marcus CS]

ESETSCAN

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\RegistryFix7\RegistryFix.exe a variant of Win32/Adware.ErrorClean application
C:\Program Files\RegistryFix7\UninstlDll.dll Win32/Adware.ErrorClean application
C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir probably a variant of Win32/Adware.Agent.MZMYWMC application
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP93\A0019118.exe multiple threats
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP93\A0019126.dll Win32/Adware.HotBar.E application
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP93\A0019135.dll a variant of Win32/Adware.OneStep.M application
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP93\A0019136.exe a variant of Win32/Adware.OneStep.L application
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP93\A0019584.exe multiple threats
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP93\A0019609.exe Win32/Adware.DoubleD.AB application
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0020504.dll a variant of Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\12312010_191651\C_Program Files\WebfettiIE\bar\1.bin\ybdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\_OTL\MovedFiles\12312010_191651\C_Program Files\WebfettiIE\bar\1.bin\ybhtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\_OTL\MovedFiles\12312010_191651\C_Program Files\WebfettiIE\bar\1.bin\ybhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL 
  C:\Program Files\MSN Messenger\msimg32.dll 
  C:\Program Files\RegistryFix7\RegistryFix.exe 
  C:\Program Files\RegistryFix7\UninstlDll.dll
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[Marcus CS]

I'm having problems removing the java 2 Runtime Environment. When I try to remove the program it says "The feature you are trying to use is on a network resource that is unavailable." It then says "enter in a path containing the installation package". I couldn't find through the browser that was attached to the window right below so i searched my files. I found files that were went by the same name. I then went back to the original browser to go to the folder that i found in the search, but it wasn't there so I decided to just to remove the files in that folder. Even though i did this the program is still on the add/remove list.

 

[Broni]

Leave Java alone and proceed with other steps.

 

[Marcus CS]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL moved successfully.
C:\Program Files\MSN Messenger\msimg32.dll moved successfully.
C:\Program Files\RegistryFix7\RegistryFix.exe moved successfully.
C:\Program Files\RegistryFix7\UninstlDll.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Aracely
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLA
->Temp folder emptied: 5704909 bytes
->Temporary Internet Files folder emptied: 121369830 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48998143 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7841 bytes

User: HP_Owner.SEVILLAFAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAHOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_OWN~2~SEV

User: LocalService
->Temp folder emptied: 1053288 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1977240 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TomTom HOME 2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122121423 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 287.00 mb


[EMPTYFLASH]

User: All Users

User: Aracely
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: HP_Owner
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLA
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAFAMILY
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAHOME
->Flash cache emptied: 0 bytes

User: HP_OWN~2~SEV

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: TomTom HOME 2

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 01072011_175145

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\IadHide5.dll moved successfully.
C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\~DFD134.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\ZLT046bb.TMP not found!

Registry entries deleted on Reboot...

 

[Broni]

12. Please, let me know, how your computer is doing.

Whenever ready....

 

[Marcus CS]

My computer seems to be doing fine, but I always was meant to ask whether it was okay that a pop for a anti virus trend micro to appear on my screen every time I start up my computer.


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Aracely
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLA
->Temp folder emptied: 4009011 bytes
->Temporary Internet Files folder emptied: 119472410 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74947012 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8749 bytes

User: HP_Owner.SEVILLAFAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAHOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_OWN~2~SEV

User: LocalService
->Temp folder emptied: 2039448 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1972408 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TomTom HOME 2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80720411 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 270.00 mb


[EMPTYFLASH]

User: All Users

User: Aracely
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: HP_Owner
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLA
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAFAMILY
->Flash cache emptied: 0 bytes

User: HP_Owner.SEVILLAHOME
->Flash cache emptied: 0 bytes

User: HP_OWN~2~SEV

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: TomTom HOME 2

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.18.0 log created on 01112011_183856

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\IadHide5.dll moved successfully.
C:\Documents and Settings\HP_Owner.SEVILLA\Local Settings\Temp\~DF5C6F.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\ZLT047b3.TMP not found!

Registry entries deleted on Reboot...

 

[Broni]

whether it was okay that a pop for a anti virus trend micro to appear on my screen every time I start up my computer.

It shouldn't. I don't see it running on your computer.
You sure, it's TrendMicro?

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

 

[Marcus CS]

It doesn't look like a program pop up, but more like an advertisement asking me to buy trend micro.
Startup List report created on 1/12/2011 by Startup Manager


Name: SunJavaUpdateSched
Path: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: hpsysdrv
Path: c:\windows\system\hpsysdrv.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: High Definition Audio Property Page Shortcut
Path: HDAudPropShortcut.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HotKeysCmds
Path: C:\WINDOWS\system32\hkcmd.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: AGRSMMSG
Path: AGRSMMSG.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HPHUPD06
Path: c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HPHmon06
Path: C:\WINDOWS\system32\hphmon06.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: KBD
Path: C:\HP\KBD\KBD.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: TkBellExe
Path: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Recguard
Path: C:\WINDOWS\SMINST\RECGUARD.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: PS2
Path: C:\WINDOWS\system32\ps2.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SoundMan
Path: SOUNDMAN.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: AlcWzrd
Path: ALCWZRD.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: QuickTime Task
Path: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: iTunesHelper
Path: "C:\Program Files\iTunes\iTunesHelper.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe Reader Speed Launcher
Path: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe ARM
Path: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ZoneAlarm Client
Path: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ISW
Path: "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: avast5
Path: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: hpqSRMon
Path: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ctfmon.exe
Path: C:\WINDOWS\system32\ctfmon.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: America Online 9.0 Tray Icon
Path: C:\PROGRA~1\AMERIC~1.0A\aoltray.exe -check
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Auto Detect
Path: C:\PROGRA~1\ICONCE~1\MEAUTO~1.EXE -startup
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Digital Imaging Monitor
Path: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Microsoft Office
Path: C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: SpySubtract
Path: C:\PROGRA~1\INTERM~1\SPYSUB~1\sslaunch.exe -autostart
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Updates from HP
Path: C:\PROGRA~1\UPDATE~1\309731\Program\UPDATE~1.EXE -startup
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: OpenOffice.org 3.1
Path: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
Location: C:\Documents and Settings\HP_Owner.SEVILLA\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------
Total 29 Items

 

[Broni]

Maybe SpySubtract, which is Trend product does it.
Re-run QuickStartup, UN-check SpySubtract, restart computer and see what happens.

 

[Marcus CS]

It looks like that was it

 

[Broni]

Cool

Good luck!

 

[Marcus CS]

I forgot to say thank you...... You were a life saver