TechSpot

Redirected from Google search and some recovered desktop icons malfuntioning

By ryaned
May 29, 2011
  1. Goodmorning.
    I am having trouble being redirected from google search.
    Also I have run the 7-step Virus/spyware/malware removal as instructed.
    Enclosed are my logs.
    Thank you. Ned


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6701

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/28/2011 9:34:26 AM
    mbam-log-2011-05-28 (09-34-26).txt

    Scan type: Quick scan
    Objects scanned: 179936
    Time elapsed: 9 minute(s), 46 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 6
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    c:\documents and settings\all users\application data\itbamgqslsqqg.exe (Trojan.FakeAlert) -> 2000 -> Unloaded process successfully.
    c:\documents and settings\all users\application data\22339364.exe (Trojan.FakeAlert.Gen) -> 248 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{BD4F7A6D-0107-4BDF-B72B-021B717B06CE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD4F7A6D-0107-4BDF-B72B-021B717B06CE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD4F7A6D-0107-4BDF-B72B-021B717B06CE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003897 (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTbaMgqSlSQqG (Trojan.FakeAlert) -> Value: iTbaMgqSlSQqG -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\itbamgqslsqqg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\drivers\19317C.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\spool\prtprocs\w32x86\48117B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\hp_administrator\local settings\Temp\tmp1390.tmp.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
    c:\documents and settings\hp_administrator\local settings\Temp\tmpa287.tmp.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
    c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\NEK7LKBV\Out_![1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
    c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\QZKR0QXN\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\22339364.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-29 00:53:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD2500JS-60NCB1 rev.10.02E02
    Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwldrpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT BA6D864E ZwCreateKey
    SSDT BA6D8644 ZwCreateThread
    SSDT BA6D8653 ZwDeleteKey
    SSDT BA6D865D ZwDeleteValueKey
    SSDT BA6D8662 ZwLoadKey
    SSDT BA6D8630 ZwOpenProcess
    SSDT BA6D8635 ZwOpenThread
    SSDT BA6D866C ZwReplaceKey
    SSDT BA6D8667 ZwRestoreKey
    SSDT BA6D8658 ZwSetValueKey

    ---- Kernel code sections - GMER 1.0.15 ----

    INITc VolSnap.sys BA0F3BD0 4 Bytes [B0, A5, 53, 80]
    INITc VolSnap.sys BA0F3BF8 4 Bytes [B8, A1, 4F, 80]
    INITc VolSnap.sys BA0F3C20 4 Bytes [B6, AE, 4F, 80]
    INITc VolSnap.sys BA0F3C48 4 Bytes [30, FF, 4F, 80]
    INITc VolSnap.sys BA0F3C70 4 Bytes [7A, A8, 4F, 80]
    INITc ...
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB91E7360, 0x20574D, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E3000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E0000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E1000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E2000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D3000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D0000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D1000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D2000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CE000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:124] 8A720E7A
    Thread System [4:128] 8A723008

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}\iexplore@Count 10061
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 395071
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore@Count 4535

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NEK7LKBV\footer_decor[1].gif 0 bytes
    File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\SFZ8W94M\tt[1].htm 0 bytes

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by HP_Administrator at 8:14:56 on 2011-05-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1118 [GMT -7:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton Internet Worm Protection *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\HPZipm12.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdMgr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\X0QAEQU6\dds[1].scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [<NO NAME>]
    mRun: [PCDrProfiler]
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    Trusted Zone: trymedia.com
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx
    DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-28 11608]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-28 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-28 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-28 61960]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-24 1174152]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-2-1 65536]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    .
    =============== Created Last 30 ================
    .
    2011-05-29 02:46:58 -------- d-----w- c:\windows\system32\NtmsData
    2011-05-29 02:46:38 -------- d-----w- c:\documents and settings\hp_administrator\application data\Avira
    2011-05-28 16:18:57 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
    2011-05-28 16:18:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-28 16:18:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-05-28 16:18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-28 16:11:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-28 16:11:47 -------- d-----w- c:\program files\Avira
    2011-05-28 16:11:47 -------- d-----w- c:\documents and settings\all users\application data\Avira
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ---h--w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ---ha-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 8:15:18.28 ===============

    RP1669: 4/14/2011 6:49:32 PM - System Checkpoint
    RP1670: 4/15/2011 8:17:37 PM - System Checkpoint
    RP1671: 4/16/2011 3:00:17 AM - Software Distribution Service 3.0
    RP1672: 4/17/2011 10:17:09 PM - System Checkpoint
    RP1673: 4/18/2011 11:02:42 PM - System Checkpoint
    RP1674: 4/20/2011 12:02:44 AM - System Checkpoint
    RP1675: 4/21/2011 12:02:48 AM - System Checkpoint
    RP1676: 4/22/2011 12:02:51 AM - System Checkpoint
    RP1677: 4/23/2011 1:02:53 AM - System Checkpoint
    RP1678: 4/24/2011 1:02:57 AM - System Checkpoint
    RP1679: 4/25/2011 2:02:59 AM - System Checkpoint
    RP1680: 4/26/2011 2:03:02 AM - System Checkpoint
    RP1681: 4/27/2011 3:00:14 AM - Software Distribution Service 3.0
    RP1682: 4/28/2011 3:03:07 AM - System Checkpoint
    RP1683: 4/29/2011 4:03:10 AM - System Checkpoint
    RP1684: 4/30/2011 5:03:10 AM - System Checkpoint
    RP1685: 5/1/2011 6:03:10 AM - System Checkpoint
    RP1686: 5/2/2011 7:03:08 AM - System Checkpoint
    RP1687: 5/3/2011 8:03:06 AM - System Checkpoint
    RP1688: 5/4/2011 9:03:03 AM - System Checkpoint
    RP1689: 5/5/2011 10:24:46 AM - System Checkpoint
    RP1690: 5/6/2011 11:01:02 AM - System Checkpoint
    RP1691: 5/7/2011 11:03:07 AM - System Checkpoint
    RP1692: 5/8/2011 11:03:13 AM - System Checkpoint
    RP1693: 5/9/2011 11:34:15 AM - System Checkpoint
    RP1694: 5/10/2011 12:03:16 PM - System Checkpoint
    RP1695: 5/11/2011 3:00:14 AM - Software Distribution Service 3.0
    RP1696: 5/12/2011 3:03:16 AM - System Checkpoint
    RP1697: 5/13/2011 4:03:18 AM - System Checkpoint
    RP1698: 5/14/2011 5:03:13 AM - System Checkpoint
    RP1699: 5/15/2011 6:03:16 AM - System Checkpoint
    RP1700: 5/16/2011 7:03:18 AM - System Checkpoint
    RP1701: 5/17/2011 7:04:24 AM - System Checkpoint
    RP1702: 5/18/2011 8:03:22 AM - System Checkpoint
    RP1703: 5/19/2011 9:03:23 AM - System Checkpoint
    RP1704: 5/20/2011 10:01:51 AM - System Checkpoint
    RP1705: 5/21/2011 10:03:28 AM - System Checkpoint
    RP1706: 5/22/2011 11:00:32 AM - System Checkpoint
    RP1707: 5/23/2011 11:03:28 AM - System Checkpoint
    RP1708: 5/24/2011 11:39:17 AM - System Checkpoint
    RP1709: 5/25/2011 12:04:21 PM - System Checkpoint
    RP1710: 5/26/2011 12:25:48 PM - System Checkpoint
    RP1711: 5/27/2011 12:42:24 PM - System Checkpoint
    RP1712: 5/28/2011 10:14:03 AM - Installed Java(TM) 6 Update 24
    .
    ==== Installed Programs ======================
    .
    Ad-Aware
    Adobe Acrobat 5.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.5
    AiO_Scan_CDA
    AiOSoftwareNPI
    ATT-PRT22
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    BufferChm
    C6100
    c6100_Help
    CCleaner (remove only)
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CueTour
    Customer Experience Enhancement
    CustomerResearchQFolder
    Data Fax SoftModem with SmartCP
    Destinations
    DISCover
    DivX
    DocProc
    DocProcQFolder
    Documents To Go
    DocumentViewer
    DocumentViewerQFolder
    Easy Internet Sign-up
    Enhanced Multimedia Keyboard Solution
    Epocrates Essentials
    eSupportQFolder
    Fax_CDA
    Full Tilt Poker
    FullDPAppQFolder
    GemMaster Mystic
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Customer Participation Program 7.0
    HP DigitalMedia Archive
    HP Document Viewer 7.0
    HP DVD Play 2.1
    HP Imaging Device Functions 7.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Product Assistant
    HP Solution Center 7.0
    HP Update
    HP Web Helper
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    InstantShareDevices
    InstantShareDevicesMFC
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 24
    LightScribe 1.4.105.1
    LiveUpdate 3.0 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Application Error Reporting
    Microsoft Away Mode
    Microsoft IntelliPoint 6.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Office Standard Edition 2003 60 days trial
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    My HP Games
    Netscape Browser (remove only)
    NewCopy_CDA
    NVIDIA Drivers
    OCR Software by I.R.I.S 7.0
    OptionalContentQFolder
    Otto
    Palm Desktop
    Palm VersaMail(tm)
    PanoStandAlone
    PC-Doctor 5 for Windows
    PhotoGallery
    Poker Tracker Version 2.16.03d
    PokerTracker 3 (remove only)
    PostgreSQL 8.3
    ProductContextNPI
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    RandMap
    Readme
    RealPlayer
    Realtek High Definition Audio Driver
    Remove WeatherBug Installer
    Rhapsody
    Rhapsody Player Engine
    Scan
    ScannerCopy
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    SlideShow
    SlideShowMusic
    SolutionCenter
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Status
    Tax Forms Helper 2008 8.5
    TaxACT 2006
    TaxACT 2007
    TaxACT 2008
    TaxACT 2008 California
    TaxACT 2009
    TaxACT 2009 California
    TaxACT California 2006
    TaxACT California 2007
    Toolbox
    TrayApp
    Unload
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP (remove only)
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinZip
    Yahoo! Detect
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/28/2011 9:45:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 IntelIde ViaIde
    5/28/2011 10:18:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    5/27/2011 8:38:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we have some work to do! Note: You may be getting 'Alerts' or messages indicating you have terrible things wrong with the system- it's important that you don't act on any of them at this point. The rogue Trojan is creating them to try and get you to buy their program to 'fix' them.
    =======================================
    This makes me wonder how good the security really is:
    You have AVG Safe Search, AntiVir Desktop AV and the DDS header shows FW: Norton Internet Worm Protection but you are running processes for the entire NIS. Except for Avira, it appears that you have bits and pieces of several security programs! Suggest you check that out.
    =====================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    re ComdiFix

    CombiFix "stalled" in the middle of the download and the only option available to me is the minimize one. Is the "stall" to be expected? What should I do?
    Thanks, Ned
     
  4. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    additional problem with ComboFix

    When I double click "ComboFix.exe" my computer shuts down and I have do a "hard restart."
    I also notice a new log on my desktop entitled catchme.log the contents I will past below:

    File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
    File list cleared
    File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
    File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
    thanks, Ned
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Ned, catchme is the rootkit/stealth malware scanner that scans for hidden processes, hidden registry keys, hidden services and hidden files. It can also delete, destroy and collect malicious files.
    It is included in Combofix: But is can also be run by itself.

    You may have inadvertently done a mouse click when running Combofix, causing the stall. And possible only the catchme in Combofix logged.

    So we are going to start this over: Please do a right click> Delete on the catchme.log.

    Regarding this file:
    Combofix would have handled this and there would have been an entry something like this at the beginning:
    "Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected"
    ============================================
    Let's do this: Uninstall ComboFix and all Backups of the files it deleted>> If Combofix isn't on the system, you will get an error message when you try to uninstall it. Either way, please go on with the following:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    ================================
    Now run the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Save the log and leave it in your next reply.
    • A reboot is required after disinfection.
    ========================================
    When you have finished with the TDSSKiller, I'd like you to start over with Combofix: Please pay attention to Note 1 below- this could have caused the stall:

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  6. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    re ComboFix

    If I run ComboFix /Uninstall I get a windowthat says: "windows cannot find Combofix.....etc"
    Yet if I search for combofix I find the following; 20+ Combofix.exe in C:\Documents ans Settings.... each followed by 5 files COMCOFIX.EXE with numbers and letters in C:\Windows Prefetch I just stopped the search and it was over 100 all downloaded at the same time.

    Thanks, NED
     
  7. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    Comcofix/TDSSKiller results

    1) TDSSKiller.zip downloads but TDSSKiller.exe will not run.

    2)When ComboFix is run the catchme.log reappears and a "dos like" window with C:\ in the upper left corner and a blank blue screen appears. No Microsoft Widows Recover Console appears.
    Thanks, Ned
     
  8. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    follow up to my redirect problem

    Bobbye,

    I downloaded TDSSKiller.exe to a "clean machine", burned to a CD and it still will not run.

    I cannot download or uninstall Combofix.

    I have attached a screen shot of what I get if I try to do either.

    Any further suggestions?

    Thanks, Ned
     

    Attached Files:

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry, I don't open .docs. It's a security risk for me. Let's back up and try this. You are going to run Malwarebytes again, but with a Full Scan instead of Quick Scam:

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan]option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
    ========================================
    The run this: Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.

    See if the icons return.
     
  10. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    MBAM log

    Hi Bobbye,
    I ran a Malwarebytes full scan and Unhide.exe. Icons returned to desktop and All Programs in the star menu.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6728

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/30/2011 9:48:56 PM
    mbam-log-2011-05-30 (21-48-56).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 307975
    Time elapsed: 1 hour(s), 13 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Google search still redirects.

    Thanks, Ned
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you save the screen shot to some other program that will allow the .jpg file extension. If not, you will need to describe what you're seeing.

    And I think if you get this handled, you will do better:
    1. Shut down Norton Worm Protection- or better, run the Norton Removal Tool:
    Norton Removal Tool

    2. Shut down AVG Safe Search

    3. Shutdown PCProfiler: this is part of PC Doctor software, sometimes pre-installed on some machines. Located in C:\Program File\Fujitsu Hardware Diagnostics Tool\

    Run this Security Check please:
    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    I've been working with another member who had so much security on the system to keep malware out, that he had virtually locked himself in and couldn't connect to the internet!
     
  12. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    antivirus uninstall

    Hi Bobbye,
    I uninstalled the Norton program and the PC Doctor as you suggested. I don't know how to disable AVG as it isn't installed although all the installation files live some where on my machine.
    Google still redirects after search.
    Here is the security check log:

    Results of screen317's Security Check version 0.99.12
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    CCleaner (remove only)
    Java(TM) 6 Update 24
    Out of date Java installed!
    Flash Player Out of Date!
    Adobe Flash Player 10.0.32.18
    Adobe Reader 7.0.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````





    Thanks, Ned
     
  13. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    screen shot

    Bobbye,
    At the time I made the screenshot I didn't have program available to sav as jpeg
    and now that I have it as a word doc I can't convert it. So here goes my effort to describe it: 3 windows

    1.A window showing the ComboFix download when it stalled and did so several times in the same place.

    2.A window that pops up when I try to run ComboFix /Uninstall that says "Windows cannot find 'ComboFix'. Make sure you typed the name correctly and try again.To search for a file click the Start button then click search". I did that and several ComboFix.exe files come up.

    3.A window titled Microsoft C++ Debug Library that says, "Debug assertion failed! etc this pops up spontaneously from time to time....

    Thanks, Ned
     
  14. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    screenshot

    Bobbye,
    Here is the screen shot.
    Thanks Ned
     

    Attached Files:

  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I warned you about this. Whatever caused the stall- whether you hit the mouse button or not- prevented it from fully installing and/or damaged the uninstaller.

    Important: Is this a typo? >>>COMCOFIX.EXE If it is, okay. But if it's not, that's why the uninstaller won't work. You can do one of two things- or maybe both:

    We need to get the aborted Combofix files off of the system. You can search and delete all things Combofix
    To Delete the PreFetch files:
    • Click on Start> Run> type in Prefetch> Enter.
    • The Folder C:\WINDOWS\Prefetch should now be open.
    • Press the keys Ctrl and A. This will highlight the entire contents of the Prefetch folder.
    • Once highlighted, release the 2 keys> Do a Right click in any area of the files> Delete. This should empty out the Prefetch folder.
    • Click the "X" in the upper right hand corner to close out the "C:\WINDOWS\Prefetch" folder

    Note: You can delete all of the prefetch content- you don't have to just choose the Combofix files.

    Now delete the combofix.exe and any other Combofix entries. If you want to followup and make sure they are all out, download and run the Windows Installer Cleanup Utility and delete any Combofix entries if any.
    ========================================
    Once you have finished the above, Please download ATF Cleaner by Atribune HERE and save to the desktop

    1. [1] Double-click ATF-Cleaner.exe to run the program.
      [2] Under Main choose: Select All
      [3] Click the Empty Selected button.

    If you use Firefox browser

    1. [1] Click Firefox at the top and choose:Select All
      [2] Click the Empty Selected button.
      [3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.
    =================================================
    When that has finished, reboot the computer
    See if you can now download and run Combofix. Caution Take care not to hit the mouse button while Combofix is running.
     
  16. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    re COMCOFIX.EXE

    COMCOFIX.EXE is a typo. I will get to the rest of your instructions tomorrow, my day off.
    Thanks for your time and patience. Ned
     
  17. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    unsuccessful ComboFix delete

    Bobbye,
    When I try to delete ComboFix.exe this window appears.
    And there is no ComboFix entries in Window Installer Cleanup Utility.

    Thanks, Ned
     

    Attached Files:

  18. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    combofix problem

    Bobbye,

    After following your recent instructions I downloaded ComboFix to my desktop and when the icon was double clicked I get the following window(see screen shot) that stalls. I have never got beyond this point.

    Thanks, Ned
     

    Attached Files:

  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please try to run the following- Doesn't appear that we can do anything with Combofix at this point:
    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  20. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    otl scan

    Bobbye,
    Here are the results of the OTL scan

    OTL logfile created on: 6/4/2011 9:22:50 AM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.44% Memory free
    3.78 Gb Paging File | 3.07 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.04 Gb Total Space | 201.51 Gb Free Space | 89.95% Space Free | Partition Type: NTFS
    Drive D: | 8.82 Gb Total Space | 0.62 Gb Free Space | 7.00% Space Free | Partition Type: FAT32

    Computer Name: RYANED | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found
    PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe (Swearware)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\32788R22FWJFW\iexplore.exe ()
    PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
    PRC - C:\WINDOWS\arservice.exe (Microsoft)
    PRC - C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"

    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2007/03/04 14:47:55 | 000,000,000 | -H-D | M]
    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/03 07:17:01 | 000,000,000 | -H-D | M]

    [2007/12/18 22:19:19 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.png
    [2007/12/18 22:19:19 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.src
    [2007/12/18 22:19:19 | 000,001,076 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.gif
    [2007/12/18 22:19:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.src
    [2007/12/18 22:19:19 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.gif
    [2007/12/18 22:19:19 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.src
    [2007/12/18 22:19:19 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.gif
    [2007/12/18 22:19:19 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.src
    [2007/12/18 22:19:19 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.gif
    [2007/12/18 22:19:19 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.src

    O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PCDrProfiler] File not found
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1306682764862 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.dmtc.com/live/AxisCamControl.ocx (CamImage Class)
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - http://www.bodoglife.com/images/template/body-bg.gif
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/24 00:17:22 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/12/29 11:10:39 | 000,000,000 | -H-- | M] () - C:\.autoreg -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - Unable to obtain root file information for disk D:\
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/04 09:18:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2011/06/03 12:15:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2011/06/03 12:15:02 | 004,111,831 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe
    [2011/06/03 11:53:59 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/06/02 13:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
    [2011/06/02 13:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
    [2011/06/02 13:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
    [2011/05/31 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
    [2011/05/29 23:23:06 | 004,296,757 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    [2011/05/29 21:26:24 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
    [2011/05/29 19:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller
    [2011/05/29 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/29 13:11:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/29 08:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
    [2011/05/28 19:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/05/28 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira
    [2011/05/28 09:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    [2011/05/28 09:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/28 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/28 09:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/05/28 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/28 09:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/05/28 09:11:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/05/28 09:11:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/05/28 09:11:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/05/28 09:11:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/05/28 09:11:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/05/28 09:07:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
    [2011/05/27 22:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows XP Recovery
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/04 09:18:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2011/06/04 08:29:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/03 13:29:00 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/03 12:15:16 | 004,111,831 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe
    [2011/06/01 10:13:30 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2011/06/01 10:12:51 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
    [2011/05/31 23:29:39 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
    [2011/05/31 19:24:12 | 000,879,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
    [2011/05/31 19:11:12 | 000,000,187 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2011/05/31 19:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/31 19:10:18 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/31 18:56:09 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
    [2011/05/31 18:39:33 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Paint.lnk
    [2011/05/30 22:01:37 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
    [2011/05/29 23:23:20 | 004,296,757 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    [2011/05/29 21:12:30 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
    [2011/05/29 19:22:02 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
    [2011/05/28 21:17:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2011/05/28 10:39:56 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/05/28 09:54:52 | 000,000,061 | -H-- | M] () -- C:\WINDOWS\TaxACT09.ini
    [2011/05/28 09:18:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/28 09:12:00 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/05/27 22:41:27 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/27 22:40:21 | 000,043,531 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/05/27 22:10:20 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
    [2011/05/27 22:10:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364
    [2011/05/27 22:09:32 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
    [2011/05/27 22:09:26 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22339364
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/02 13:59:04 | 000,002,349 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Install Clean Up.lnk
    [2011/06/01 10:12:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
    [2011/05/31 23:29:39 | 000,001,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
    [2011/05/31 19:24:02 | 000,879,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
    [2011/05/31 18:56:07 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
    [2011/05/30 22:01:28 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
    [2011/05/29 19:21:55 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
    [2011/05/28 21:17:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2011/05/28 09:18:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/28 09:12:00 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/05/27 23:22:15 | 000,000,859 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/27 22:10:20 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
    [2011/05/27 22:10:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364
    [2011/05/27 22:09:32 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
    [2011/05/27 22:09:26 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22339364
    [2010/08/05 15:48:33 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\TaxACT09.ini
    [2009/10/01 11:27:52 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\TaxACT08.ini
    [2009/07/16 19:34:59 | 000,004,924 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
    [2009/04/26 14:55:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/08/24 13:20:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\TaxACT07.ini
    [2008/05/16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2008/04/06 18:04:32 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/11/14 00:52:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2007/08/04 14:59:07 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\TaxACT06.ini
    [2007/05/27 07:59:17 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\TAXACT01.INI
    [2007/05/27 07:58:37 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\TaxAct00.ini
    [2007/04/23 13:11:26 | 000,532,480 | -H-- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
    [2007/04/17 13:03:10 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
    [2007/03/10 14:41:06 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
    [2007/03/10 14:41:05 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
    [2007/02/14 13:06:58 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
    [2006/12/29 11:24:07 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2006/12/07 11:23:40 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2006/11/01 22:49:41 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/10/23 12:14:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2006/10/21 16:48:49 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2006/10/21 15:24:00 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
    [2006/08/24 00:45:40 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/24 00:26:09 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/08/24 00:21:42 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
    [2006/08/24 00:20:57 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/08/24 00:20:51 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/08/24 00:17:40 | 000,000,219 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/08/24 00:05:54 | 000,000,157 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/08/24 00:05:15 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
    [2006/08/24 00:05:15 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/08/24 00:00:33 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
    [2006/08/23 23:59:34 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/08/23 23:56:36 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/08/23 23:56:36 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006/08/23 23:56:36 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/08/23 23:56:36 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/08/23 23:56:35 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/08/23 23:56:35 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006/08/23 23:56:35 | 000,573,440 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/08/23 23:56:35 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006/08/23 23:56:35 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006/08/23 23:56:35 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/08/23 23:56:35 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/08/23 23:55:07 | 000,000,881 | -H-- | C] () -- C:\WINDOWS\orun32.ini
    [2006/08/23 23:34:08 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/08/23 23:34:08 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/08/23 23:33:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/06/16 04:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/05/05 14:18:56 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/01/04 02:12:04 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/30 14:07:46 | 000,384,926 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/30 14:07:46 | 000,054,484 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/30 14:05:30 | 000,198,552 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/30 14:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/30 13:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/05 14:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/02 16:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
    [2004/09/16 13:24:26 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/09 21:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/09 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/09 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/09 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/09 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/09 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/09 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/09 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/07/26 00:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/08/23 01:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 01:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/10/18 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/18 18:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/18 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2006/08/24 00:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2007/09/20 10:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010/10/18 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/02/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
    [2009/07/16 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/08/24 00:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 04:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 03:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/09 14:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/09 14:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/09 14:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A

    < End of report >
    Thanks, Ned
     
  21. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    OTL scan

    Bobbye,
    Here is the Extras.txt file.

    OTL Extras logfile created on: 6/4/2011 9:22:50 AM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.44% Memory free
    3.78 Gb Paging File | 3.07 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.04 Gb Total Space | 201.51 Gb Free Space | 89.95% Space Free | Partition Type: NTFS
    Drive D: | 8.82 Gb Total Space | 0.62 Gb Free Space | 7.00% Space Free | Partition Type: FAT32

    Computer Name: RYANED | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
    "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
    "C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
    "C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS272.tmp\SymNRT.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS272.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}" = Palm Desktop
    "{4E7E8E6A-15F1-4E26-9352-26AD235131E9}" = Documents To Go
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail(tm)
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
    "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ATT-PRT22" = ATT-PRT22
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "AwayMode160" = Microsoft Away Mode
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "CCleaner" = CCleaner (remove only)
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
    "DISCover" = DISCover
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Install WeatherBug" = Remove WeatherBug Installer
    "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Money2006b" = Microsoft Money 2006
    "Netscape Browser" = Netscape Browser (remove only)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
    "Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d
    "PokerTracker3" = PokerTracker 3 (remove only)
    "Python 2.2.3" = Python 2.2.3
    "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
    "RealPlayer 6.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "Tax Forms Helper 2008_is1" = Tax Forms Helper 2008 8.5
    "TaxACT 2006" = TaxACT 2006
    "TaxACT 2007" = TaxACT 2007
    "TaxACT 2008" = TaxACT 2008
    "TaxACT 2008 California" = TaxACT 2008 California
    "TaxACT 2009" = TaxACT 2009
    "TaxACT 2009 California" = TaxACT 2009 California
    "TaxACT California 2006" = TaxACT California 2006
    "TaxACT California 2007" = TaxACT California 2007
    "WildTangent CDA" = WildTangent Web Driver
    "WildTangent hpmedia Master Uninstall" = My HP Games
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YTdetect" = Yahoo! Detect

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "InstallShield_{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail(tm)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/31/2011 10:14:26 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
    the product Sonic MyDVD Plus cannot be found. Try the installation again using
    a valid copy of the installation package 'MyDVD.MSI'.

    Error - 5/31/2011 10:19:47 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
    for the product HP DigitalMedia Archive cannot be found. Try the installation again
    using a valid copy of the installation package 'EZARC.msi'.

    Error - 5/31/2011 10:20:35 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
    the product Sonic MyDVD Plus cannot be found. Try the installation again using
    a valid copy of the installation package 'MyDVD.MSI'.

    Error - 5/31/2011 10:24:50 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
    for the product HP DigitalMedia Archive cannot be found. Try the installation again
    using a valid copy of the installation package 'EZARC.msi'.

    Error - 5/31/2011 10:30:01 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
    the product Sonic MyDVD Plus cannot be found. Try the installation again using
    a valid copy of the installation package 'MyDVD.MSI'.

    Error - 5/31/2011 10:30:19 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
    the product Sonic MyDVD Plus cannot be found. Try the installation again using
    a valid copy of the installation package 'MyDVD.MSI'.

    Error - 5/31/2011 10:34:43 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
    for the product HP DigitalMedia Archive cannot be found. Try the installation again
    using a valid copy of the installation package 'EZARC.msi'.

    Error - 5/31/2011 10:35:07 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
    the product Sonic MyDVD Plus cannot be found. Try the installation again using
    a valid copy of the installation package 'MyDVD.MSI'.

    Error - 5/31/2011 10:41:02 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
    Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
    for the product HP DigitalMedia Archive cannot be found. Try the installation again
    using a valid copy of the installation package 'EZARC.msi'.

    Error - 6/3/2011 3:19:10 PM | Computer Name = RYANED | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 5/30/2011 12:58:25 PM | Computer Name = RYANED | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 5/30/2011 11:35:22 PM | Computer Name = RYANED | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 5/30/2011 11:35:44 PM | Computer Name = RYANED | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error - 5/31/2011 12:57:16 AM | Computer Name = RYANED | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 5/31/2011 12:57:36 AM | Computer Name = RYANED | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error - 5/31/2011 10:08:07 PM | Computer Name = RYANED | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 5/31/2011 10:12:25 PM | Computer Name = RYANED | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 5/31/2011 10:12:45 PM | Computer Name = RYANED | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error - 6/1/2011 12:58:26 PM | Computer Name = RYANED | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 6/3/2011 12:58:26 PM | Computer Name = RYANED | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.


    < End of report >

    Thanks, Ned
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for delay- lots of infected systems out there!

    Please run these OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
      O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
      O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O24 - Desktop Components:0 () - http://www.bodoglife.com/images/template/body-bg.gif
      O24 - Desktop Components:1 (My Current Home Page) - About:Home
      O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O32 - Unable to obtain root file information for disk D:\
      [2011/06/03 12:15:02 | 004,111,831 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe
      [2011/06/03 11:53:59 | 000,000,000 | --SD | C] -- C:\ComboFix
      [2011/05/29 23:23:06 | 004,296,757 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
      [2011/05/29 21:26:24 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
      [2011/05/29 19:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller
      [2011/05/29 13:11:51 | 000,000,000 | ---D | C] -- C:\Qoobox
      [2011/05/29 23:23:20 | 004,296,757 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
      [2011/05/29 21:12:30 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
      [2011/05/29 19:22:02 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
      [2009/07/16 19:34:59 | 000,004,924 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ==================================================
    There were many Cobofix entries. Hopefully they will be removed.
    ==========================================
    There are some entries you will need to remove separately:
    Remove 024 Desktop entries:
    • Clock on Start> Settings> Control Panel> Display
    • Desktop tab> Customize Desktop
    • Web tab> Uncheck and delete everything here except for "My current home page"
    • Uncheck 'Lock Desktop Items' if checked
    • Clik on OK> Apply> Okay
    Close.
     
  23. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    OTL scan

    Bobbye,
    Here is the log after the the Run Fix scan.

    All processes killed
    ========== OTL ==========
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
    File http://www.bodoglife.com/images/template/body-bg.gif not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
    File About:Home not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
    File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp not found.
    File not found.
    C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe moved successfully.
    C:\ComboFix\N_ folder moved successfully.
    C:\ComboFix folder moved successfully.
    C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe moved successfully.
    C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe moved successfully.
    C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller folder moved successfully.
    C:\Qoobox\TestC folder moved successfully.
    C:\Qoobox\Test folder moved successfully.
    C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
    C:\Qoobox\Quarantine folder moved successfully.
    C:\Qoobox\LastRun folder moved successfully.
    C:\Qoobox\BackEnv folder moved successfully.
    C:\Qoobox\32788R22FWJFW folder moved successfully.
    C:\Qoobox folder moved successfully.
    File C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe not found.
    File C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe not found.
    C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip moved successfully.
    C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: HP_Administrator
    ->Temp folder emptied: 734239201 bytes
    ->Temporary Internet Files folder emptied: 92145836 bytes
    ->Java cache emptied: 203304 bytes
    ->Flash cache emptied: 2183903 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13069129 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 589464 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 732 bytes

    Total Files Cleaned = 804.00 mb

    Error: Unable to interpret <[Reboot]•Then click the Run Fix button at the top> in the current context!

    OTL by OldTimer - Version 3.2.23.0 log created on 06062011_231953

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    I will post the log after Quik Scan next.

    Thanks, Ned
     
  24. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    OTL Scan part 2

    Bobbye,
    Here is the log after running an OTL Quick Scan.

    OTL logfile created on: 6/6/2011 11:35:48 PM - Run 2
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 70.67% Memory free
    3.78 Gb Paging File | 3.24 Gb Available in Paging File | 85.67% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.04 Gb Total Space | 202.22 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive D: | 8.82 Gb Total Space | 0.62 Gb Free Space | 7.00% Space Free | Partition Type: FAT32

    Computer Name: RYANED | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
    PRC - C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
    PRC - C:\Program Files\DISC\DiscStreamHub.exe (Digital Interactive Systems Corporation, Inc.)
    PRC - C:\WINDOWS\arservice.exe (Microsoft)
    PRC - C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"

    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2007/03/04 14:47:55 | 000,000,000 | -H-D | M]
    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/03 07:17:01 | 000,000,000 | -H-D | M]

    [2007/12/18 22:19:19 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.png
    [2007/12/18 22:19:19 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.src
    [2007/12/18 22:19:19 | 000,001,076 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.gif
    [2007/12/18 22:19:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.src
    [2007/12/18 22:19:19 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.gif
    [2007/12/18 22:19:19 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.src
    [2007/12/18 22:19:19 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.gif
    [2007/12/18 22:19:19 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.src
    [2007/12/18 22:19:19 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.gif
    [2007/12/18 22:19:19 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.src

    O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PCDrProfiler] File not found
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1306682764862 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.dmtc.com/live/AxisCamControl.ocx (CamImage Class)
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/24 00:17:22 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/12/29 11:10:39 | 000,000,000 | -H-- | M] () - C:\.autoreg -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - Unable to obtain root file information for disk D:\
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/06 23:19:53 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/06/04 09:18:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2011/06/03 12:15:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2011/06/02 13:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
    [2011/06/02 13:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
    [2011/06/02 13:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
    [2011/05/31 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
    [2011/05/29 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/29 08:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
    [2011/05/28 19:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/05/28 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira
    [2011/05/28 09:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    [2011/05/28 09:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/28 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/28 09:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/05/28 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/28 09:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/05/28 09:11:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/05/28 09:11:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/05/28 09:11:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/05/28 09:11:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/05/28 09:11:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/05/28 09:07:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
    [2011/05/27 22:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows XP Recovery

    ========== Files - Modified Within 30 Days ==========

    [2011/06/06 23:29:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/06 23:25:05 | 000,000,187 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2011/06/06 23:23:55 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/06 23:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/06 23:23:19 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/04 09:18:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2011/06/01 10:13:30 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2011/06/01 10:12:51 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
    [2011/05/31 23:29:39 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
    [2011/05/31 19:24:12 | 000,879,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
    [2011/05/31 18:56:09 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
    [2011/05/31 18:39:33 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Paint.lnk
    [2011/05/30 22:01:37 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
    [2011/05/28 21:17:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2011/05/28 10:39:56 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/05/28 09:54:52 | 000,000,061 | -H-- | M] () -- C:\WINDOWS\TaxACT09.ini
    [2011/05/28 09:18:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/28 09:12:00 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/05/27 22:41:27 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/27 22:40:21 | 000,043,531 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/05/27 22:10:20 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
    [2011/05/27 22:10:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364
    [2011/05/27 22:09:32 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
    [2011/05/27 22:09:26 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22339364

    ========== Files Created - No Company Name ==========

    [2011/06/02 13:59:04 | 000,002,349 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Install Clean Up.lnk
    [2011/06/01 10:12:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
    [2011/05/31 23:29:39 | 000,001,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
    [2011/05/31 19:24:02 | 000,879,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
    [2011/05/31 18:56:07 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
    [2011/05/30 22:01:28 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
    [2011/05/28 21:17:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2011/05/28 09:18:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/28 09:12:00 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/05/27 23:22:15 | 000,000,859 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/27 22:10:20 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
    [2011/05/27 22:10:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364
    [2011/05/27 22:09:32 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
    [2011/05/27 22:09:26 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22339364
    [2010/08/05 15:48:33 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\TaxACT09.ini
    [2009/10/01 11:27:52 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\TaxACT08.ini
    [2009/04/26 14:55:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/08/24 13:20:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\TaxACT07.ini
    [2008/05/16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2008/04/06 18:04:32 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/11/14 00:52:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2007/08/04 14:59:07 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\TaxACT06.ini
    [2007/05/27 07:59:17 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\TAXACT01.INI
    [2007/05/27 07:58:37 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\TaxAct00.ini
    [2007/04/23 13:11:26 | 000,532,480 | -H-- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
    [2007/04/17 13:03:10 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
    [2007/03/10 14:41:06 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
    [2007/03/10 14:41:05 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
    [2007/02/14 13:06:58 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
    [2006/12/29 11:24:07 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2006/12/07 11:23:40 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2006/11/01 22:49:41 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/10/23 12:14:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2006/10/21 16:48:49 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2006/10/21 15:24:00 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
    [2006/08/24 00:45:40 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/24 00:26:09 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/08/24 00:21:42 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
    [2006/08/24 00:20:57 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/08/24 00:20:51 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/08/24 00:17:40 | 000,000,219 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/08/24 00:05:54 | 000,000,157 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/08/24 00:05:15 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
    [2006/08/24 00:05:15 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/08/24 00:00:33 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
    [2006/08/23 23:59:34 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/08/23 23:56:36 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/08/23 23:56:36 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006/08/23 23:56:36 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/08/23 23:56:36 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/08/23 23:56:35 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/08/23 23:56:35 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006/08/23 23:56:35 | 000,573,440 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/08/23 23:56:35 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006/08/23 23:56:35 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006/08/23 23:56:35 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/08/23 23:56:35 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/08/23 23:55:07 | 000,000,881 | -H-- | C] () -- C:\WINDOWS\orun32.ini
    [2006/08/23 23:34:08 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/08/23 23:34:08 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/08/23 23:33:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/06/16 04:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/05/05 14:18:56 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/01/04 02:12:04 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/30 14:07:46 | 000,384,926 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/30 14:07:46 | 000,054,484 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/30 14:05:30 | 000,198,552 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/30 14:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/30 13:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/05 14:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/02 16:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
    [2004/09/16 13:24:26 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/09 21:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/09 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/09 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/09 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/09 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/09 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/09 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/09 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/07/26 00:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/08/23 01:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 01:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/10/18 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/18 18:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/18 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2006/08/24 00:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2007/09/20 10:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010/10/18 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/02/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
    [2009/07/16 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/08/24 00:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

    ========== Purity Check ==========



    < End of report >

    I will procede with removing 024 Desktop entries as you directed.

    Thanks, Ned

    There were no items in the Web tab box to uncheck!? Ned
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, that looks better. And I thin all but one of the Combofix entries was removed. I just need for you to see if this is in the HP Administrator:
    C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

    IF you need help with it, see HP BladeSystem- Onboard Administrator
    ===============================================
    When finished, Please try Combofix again, starting from the download:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    Please tell me if the desktop icon problem has continued and explain what you mean by 'malfunctioning.'
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...