Inactive Redirected from Google search and some recovered desktop icons malfuntioning

ryaned · May 29, 2011

Goodmorning.
I am having trouble being redirected from google search.
Also I have run the 7-step Virus/spyware/malware removal as instructed.
Enclosed are my logs.
Thank you. Ned

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6701

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/28/2011 9:34:26 AM
mbam-log-2011-05-28 (09-34-26).txt

Scan type: Quick scan
Objects scanned: 179936
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\documents and settings\all users\application data\itbamgqslsqqg.exe (Trojan.FakeAlert) -> 2000 -> Unloaded process successfully.
c:\documents and settings\all users\application data\22339364.exe (Trojan.FakeAlert.Gen) -> 248 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{BD4F7A6D-0107-4BDF-B72B-021B717B06CE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD4F7A6D-0107-4BDF-B72B-021B717B06CE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD4F7A6D-0107-4BDF-B72B-021B717B06CE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003897 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTbaMgqSlSQqG (Trojan.FakeAlert) -> Value: iTbaMgqSlSQqG -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\itbamgqslsqqg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\19317C.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\48117B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\Temp\tmp1390.tmp.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\Temp\tmpa287.tmp.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\NEK7LKBV\Out_![1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\QZKR0QXN\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\22339364.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-29 00:53:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD2500JS-60NCB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwldrpob.sys

---- System - GMER 1.0.15 ----

SSDT BA6D864E ZwCreateKey
SSDT BA6D8644 ZwCreateThread
SSDT BA6D8653 ZwDeleteKey
SSDT BA6D865D ZwDeleteValueKey
SSDT BA6D8662 ZwLoadKey
SSDT BA6D8630 ZwOpenProcess
SSDT BA6D8635 ZwOpenThread
SSDT BA6D866C ZwReplaceKey
SSDT BA6D8667 ZwRestoreKey
SSDT BA6D8658 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys BA0F3BD0 4 Bytes [B0, A5, 53, 80]
INITc VolSnap.sys BA0F3BF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys BA0F3C20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys BA0F3C48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys BA0F3C70 4 Bytes [7A, A8, 4F, 80]
INITc ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB91E7360, 0x20574D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CE000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[5148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:124] 8A720E7A
Thread System [4:128] 8A723008

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}\iexplore@Count 10061
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 395071
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore@Count 4535

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NEK7LKBV\footer_decor[1].gif 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\SFZ8W94M\tt[1].htm 0 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 8:14:56 on 2011-05-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1118 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\X0QAEQU6\dds[1].scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-28 11608]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-28 61960]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-24 1174152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-2-1 65536]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
.
=============== Created Last 30 ================
.
2011-05-29 02:46:58 -------- d-----w- c:\windows\system32\NtmsData
2011-05-29 02:46:38 -------- d-----w- c:\documents and settings\hp_administrator\application data\Avira
2011-05-28 16:18:57 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2011-05-28 16:18:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 16:18:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-28 16:18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 16:11:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-28 16:11:47 -------- d-----w- c:\program files\Avira
2011-05-28 16:11:47 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ---h--w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:15:18.28 ===============

RP1669: 4/14/2011 6:49:32 PM - System Checkpoint
RP1670: 4/15/2011 8:17:37 PM - System Checkpoint
RP1671: 4/16/2011 3:00:17 AM - Software Distribution Service 3.0
RP1672: 4/17/2011 10:17:09 PM - System Checkpoint
RP1673: 4/18/2011 11:02:42 PM - System Checkpoint
RP1674: 4/20/2011 12:02:44 AM - System Checkpoint
RP1675: 4/21/2011 12:02:48 AM - System Checkpoint
RP1676: 4/22/2011 12:02:51 AM - System Checkpoint
RP1677: 4/23/2011 1:02:53 AM - System Checkpoint
RP1678: 4/24/2011 1:02:57 AM - System Checkpoint
RP1679: 4/25/2011 2:02:59 AM - System Checkpoint
RP1680: 4/26/2011 2:03:02 AM - System Checkpoint
RP1681: 4/27/2011 3:00:14 AM - Software Distribution Service 3.0
RP1682: 4/28/2011 3:03:07 AM - System Checkpoint
RP1683: 4/29/2011 4:03:10 AM - System Checkpoint
RP1684: 4/30/2011 5:03:10 AM - System Checkpoint
RP1685: 5/1/2011 6:03:10 AM - System Checkpoint
RP1686: 5/2/2011 7:03:08 AM - System Checkpoint
RP1687: 5/3/2011 8:03:06 AM - System Checkpoint
RP1688: 5/4/2011 9:03:03 AM - System Checkpoint
RP1689: 5/5/2011 10:24:46 AM - System Checkpoint
RP1690: 5/6/2011 11:01:02 AM - System Checkpoint
RP1691: 5/7/2011 11:03:07 AM - System Checkpoint
RP1692: 5/8/2011 11:03:13 AM - System Checkpoint
RP1693: 5/9/2011 11:34:15 AM - System Checkpoint
RP1694: 5/10/2011 12:03:16 PM - System Checkpoint
RP1695: 5/11/2011 3:00:14 AM - Software Distribution Service 3.0
RP1696: 5/12/2011 3:03:16 AM - System Checkpoint
RP1697: 5/13/2011 4:03:18 AM - System Checkpoint
RP1698: 5/14/2011 5:03:13 AM - System Checkpoint
RP1699: 5/15/2011 6:03:16 AM - System Checkpoint
RP1700: 5/16/2011 7:03:18 AM - System Checkpoint
RP1701: 5/17/2011 7:04:24 AM - System Checkpoint
RP1702: 5/18/2011 8:03:22 AM - System Checkpoint
RP1703: 5/19/2011 9:03:23 AM - System Checkpoint
RP1704: 5/20/2011 10:01:51 AM - System Checkpoint
RP1705: 5/21/2011 10:03:28 AM - System Checkpoint
RP1706: 5/22/2011 11:00:32 AM - System Checkpoint
RP1707: 5/23/2011 11:03:28 AM - System Checkpoint
RP1708: 5/24/2011 11:39:17 AM - System Checkpoint
RP1709: 5/25/2011 12:04:21 PM - System Checkpoint
RP1710: 5/26/2011 12:25:48 PM - System Checkpoint
RP1711: 5/27/2011 12:42:24 PM - System Checkpoint
RP1712: 5/28/2011 10:14:03 AM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
AiO_Scan_CDA
AiOSoftwareNPI
ATT-PRT22
AutoUpdate
Avira AntiVir Personal - Free Antivirus
BufferChm
C6100
c6100_Help
CCleaner (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DISCover
DivX
DocProc
DocProcQFolder
Documents To Go
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Epocrates Essentials
eSupportQFolder
Fax_CDA
Full Tilt Poker
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP Document Viewer 7.0
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
LightScribe 1.4.105.1
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft IntelliPoint 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Netscape Browser (remove only)
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OptionalContentQFolder
Otto
Palm Desktop
Palm VersaMail(tm)
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Poker Tracker Version 2.16.03d
PokerTracker 3 (remove only)
PostgreSQL 8.3
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Rhapsody Player Engine
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Tax Forms Helper 2008 8.5
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 California
TaxACT 2009
TaxACT 2009 California
TaxACT California 2006
TaxACT California 2007
Toolbox
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip
Yahoo! Detect
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
5/28/2011 9:45:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 IntelIde ViaIde
5/28/2011 10:18:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
5/27/2011 8:38:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
.
==== End Of File ===========================

Bobbye · May 29, 2011

Okay, we have some work to do! Note: You may be getting 'Alerts' or messages indicating you have terrible things wrong with the system- it's important that you don't act on any of them at this point. The rogue Trojan is creating them to try and get you to buy their program to 'fix' them.
=======================================
This makes me wonder how good the security really is:
You have AVG Safe Search, AntiVir Desktop AV and the DDS header shows FW: Norton Internet Worm Protection but you are running processes for the entire NIS. Except for Avira, it appears that you have bits and pieces of several security programs! Suggest you check that out.
=====================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe

& follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button

Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

ryaned · May 29, 2011

re ComdiFix

CombiFix "stalled" in the middle of the download and the only option available to me is the minimize one. Is the "stall" to be expected? What should I do?
Thanks, Ned

ryaned · May 29, 2011

additional problem with ComboFix

When I double click "ComboFix.exe" my computer shuts down and I have do a "hard restart."
I also notice a new log on my desktop entitled catchme.log the contents I will past below:

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared
File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
thanks, Ned

Bobbye · May 29, 2011

Ned, catchme is the rootkit/stealth malware scanner that scans for hidden processes, hidden registry keys, hidden services and hidden files. It can also delete, destroy and collect malicious files.
It is included in Combofix: But is can also be run by itself.

You may have inadvertently done a mouse click when running Combofix, causing the stall. And possible only the catchme in Combofix logged.

So we are going to start this over: Please do a right click> Delete on the catchme.log.

Regarding this file:

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully

Combofix would have handled this and there would have been an entry something like this at the beginning:
"Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected"
============================================
Let's do this: Uninstall ComboFix and all Backups of the files it deleted>> If Combofix isn't on the system, you will get an error message when you try to uninstall it. Either way, please go on with the following:

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

================================
Now run the following:

Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
Double click on TDSSKiller.exe. to run the scan
When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
After clicking Next, the utility applies selected actions and outputs the result. Save the log and leave it in your next reply.
A reboot is required after disinfection.

========================================
When you have finished with the TDSSKiller, I'd like you to start over with Combofix: Please pay attention to Note 1 below- this could have caused the stall:

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

ryaned · May 29, 2011

re ComboFix

If I run ComboFix /Uninstall I get a windowthat says: "windows cannot find Combofix.....etc"
Yet if I search for combofix I find the following; 20+ Combofix.exe in C:\Documents ans Settings.... each followed by 5 files COMCOFIX.EXE with numbers and letters in C:\Windows Prefetch I just stopped the search and it was over 100 all downloaded at the same time.

Thanks, NED

ryaned · May 29, 2011

Comcofix/TDSSKiller results

1) TDSSKiller.zip downloads but TDSSKiller.exe will not run.

2)When ComboFix is run the catchme.log reappears and a "dos like" window with C:\ in the upper left corner and a blank blue screen appears. No Microsoft Widows Recover Console appears.
Thanks, Ned

ryaned · May 30, 2011

follow up to my redirect problem

Bobbye,

I downloaded TDSSKiller.exe to a "clean machine", burned to a CD and it still will not run.

I cannot download or uninstall Combofix.

I have attached a screen shot of what I get if I try to do either.

Any further suggestions?

Thanks, Ned

Bobbye · May 30, 2011

Sorry, I don't open .docs. It's a security risk for me. Let's back up and try this. You are going to run Malwarebytes again, but with a Full Scan instead of Quick Scam:

Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan]option is selected and then click on the Scan button.

When scan has finished, you will see this image:

Click on OK to close box and continue.
Click on the Show Results button.
Click on the Remove Selected button to remove all the listed malware.
At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.

========================================
The run this: Download Unhide.exe and save to the desktop.

Double-click on Unhide.exe icon to run the program.
This program will remove the +H, or hidden, attribute from all the files on your hard drives.

See if the icons return.

ryaned · May 31, 2011

MBAM log

Hi Bobbye,
I ran a Malwarebytes full scan and Unhide.exe. Icons returned to desktop and All Programs in the star menu.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6728

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/30/2011 9:48:56 PM
mbam-log-2011-05-30 (21-48-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 307975
Time elapsed: 1 hour(s), 13 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Google search still redirects.

Thanks, Ned

Bobbye · May 31, 2011

Can you save the screen shot to some other program that will allow the .jpg file extension. If not, you will need to describe what you're seeing.

And I think if you get this handled, you will do better:

This makes me wonder how good the security really is:
You have AVG Safe Search, AntiVir Desktop AV and the DDS header shows FW: Norton Internet Worm Protection but you are running processes for the entire NIS. Except for Avira, it appears that you have bits and pieces of several security programs! Suggest you check that out.

1. Shut down Norton Worm Protection- or better, run the Norton Removal Tool:
Norton Removal Tool

2. Shut down AVG Safe Search

3. Shutdown PCProfiler: this is part of PC Doctor software, sometimes pre-installed on some machines. Located in C:\Program File\Fujitsu Hardware Diagnostics Tool\

Run this Security Check please:
Download Security Check by screen317 from HERE or HERE .

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I've been working with another member who had so much security on the system to keep malware out, that he had virtually locked himself in and couldn't connect to the internet!

ryaned · May 31, 2011

antivirus uninstall

Hi Bobbye,
I uninstalled the Norton program and the PC Doctor as you suggested. I don't know how to disable AVG as it isn't installed although all the installation files live some where on my machine.
Google still redirects after search.
Here is the security check log:

Results of screen317's Security Check version 0.99.12
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Thanks, Ned

ryaned · Jun 1, 2011

screen shot

Bobbye,
At the time I made the screenshot I didn't have program available to sav as jpeg
and now that I have it as a word doc I can't convert it. So here goes my effort to describe it: 3 windows

1.A window showing the ComboFix download when it stalled and did so several times in the same place.

2.A window that pops up when I try to run ComboFix /Uninstall that says "Windows cannot find 'ComboFix'. Make sure you typed the name correctly and try again.To search for a file click the Start button then click search". I did that and several ComboFix.exe files come up.

3.A window titled Microsoft C++ Debug Library that says, "Debug assertion failed! etc this pops up spontaneously from time to time....

Thanks, Ned

ryaned · Jun 1, 2011

screenshot

Bobbye,
Here is the screen shot.
Thanks Ned

Bobbye · Jun 1, 2011

Uninstall ComboFix and all Backups of the files it deleted>> If Combofix isn't on the system, you will get an error message when you try to uninstall it

I warned you about this. Whatever caused the stall- whether you hit the mouse button or not- prevented it from fully installing and/or damaged the uninstaller.

Yet if I search for combofix I find the following; 20+ Combofix.exe in C:\Documents ans Settings.... each followed by 5 files COMCOFIX.EXE with numbers and letters in C:\Windows Prefetch I just stopped the search and it was over 100 all downloaded at the same time.

Important: Is this a typo? >>>COMCOFIX.EXE If it is, okay. But if it's not, that's why the uninstaller won't work. You can do one of two things- or maybe both:

We need to get the aborted Combofix files off of the system. You can search and delete all things Combofix
To Delete the PreFetch files:

Click on Start> Run> type in Prefetch> Enter.
The Folder C:\WINDOWS\Prefetch should now be open.
Press the keys Ctrl and A. This will highlight the entire contents of the Prefetch folder.
Once highlighted, release the 2 keys> Do a Right click in any area of the files> Delete. This should empty out the Prefetch folder.
Click the "X" in the upper right hand corner to close out the "C:\WINDOWS\Prefetch" folder

Note: You can delete all of the prefetch content- you don't have to just choose the Combofix files.

Now delete the combofix.exe and any other Combofix entries. If you want to followup and make sure they are all out, download and run the Windows Installer Cleanup Utility and delete any Combofix entries if any.
========================================
Once you have finished the above, Please download ATF Cleaner by Atribune HERE and save to the desktop

[1] Double-click ATF-Cleaner.exe to run the program.
[2] Under Main choose: Select All
[3] Click the Empty Selected button.

If you use Firefox browser

[1] Click Firefox at the top and choose:Select All
[2] Click the Empty Selected button.
[3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
=================================================
When that has finished, reboot the computer
See if you can now download and run Combofix. Caution Take care not to hit the mouse button while Combofix is running.

ryaned · Jun 2, 2011

re COMCOFIX.EXE

COMCOFIX.EXE is a typo. I will get to the rest of your instructions tomorrow, my day off.
Thanks for your time and patience. Ned

ryaned · Jun 2, 2011

unsuccessful ComboFix delete

Bobbye,
When I try to delete ComboFix.exe this window appears.
And there is no ComboFix entries in Window Installer Cleanup Utility.

Thanks, Ned

ryaned · Jun 3, 2011

combofix problem

Bobbye,

After following your recent instructions I downloaded ComboFix to my desktop and when the icon was double clicked I get the following window(see screen shot) that stalls. I have never got beyond this point.

Thanks, Ned

Bobbye · Jun 4, 2011

Please try to run the following- Doesn't appear that we can do anything with Combofix at this point:

Download OTL from either of the links below and save it to your desktop.
Link 1
Link 2
Double click the OTL icon to run it.
The opened console will resemble this:
Set Output at the top to Minimal Output.
Check the boxes beside LOP Check and Purity Check.

Copy the entries in the Codebox below> Paste in the Custom Scan box.

Code:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Make sure all other windows are closed and to let it run uninterrupted.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

ryaned · Jun 4, 2011

otl scan

Bobbye,
Here are the results of the OTL scan

OTL logfile created on: 6/4/2011 9:22:50 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.44% Memory free
3.78 Gb Paging File | 3.07 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 201.51 Gb Free Space | 89.95% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.62 Gb Free Space | 7.00% Space Free | Partition Type: FAT32

Computer Name: RYANED | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe (Swearware)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\32788R22FWJFW\iexplore.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2007/03/04 14:47:55 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/03 07:17:01 | 000,000,000 | -H-D | M]

[2007/12/18 22:19:19 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.png
[2007/12/18 22:19:19 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.src
[2007/12/18 22:19:19 | 000,001,076 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.gif
[2007/12/18 22:19:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.src
[2007/12/18 22:19:19 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.gif
[2007/12/18 22:19:19 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.src
[2007/12/18 22:19:19 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.gif
[2007/12/18 22:19:19 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.src
[2007/12/18 22:19:19 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.gif
[2007/12/18 22:19:19 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.src

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1306682764862 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.dmtc.com/live/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.bodoglife.com/images/template/body-bg.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/24 00:17:22 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/29 11:10:39 | 000,000,000 | -H-- | M] () - C:\.autoreg -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 09:18:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/06/03 12:15:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/03 12:15:02 | 004,111,831 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe
[2011/06/03 11:53:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/02 13:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/06/02 13:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/06/02 13:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2011/05/31 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/05/29 23:23:06 | 004,296,757 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/05/29 21:26:24 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/29 19:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller
[2011/05/29 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/29 13:11:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/29 08:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
[2011/05/28 19:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/28 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira
[2011/05/28 09:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/05/28 09:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 09:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/28 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/28 09:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/28 09:11:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/28 09:11:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/28 09:11:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/28 09:11:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/28 09:11:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/28 09:07:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/05/27 22:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows XP Recovery
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 09:18:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/06/04 08:29:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/03 13:29:00 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 12:15:16 | 004,111,831 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe
[2011/06/01 10:13:30 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2011/06/01 10:12:51 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
[2011/05/31 23:29:39 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/05/31 19:24:12 | 000,879,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2011/05/31 19:11:12 | 000,000,187 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/31 19:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 19:10:18 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 18:56:09 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
[2011/05/31 18:39:33 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Paint.lnk
[2011/05/30 22:01:37 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
[2011/05/29 23:23:20 | 004,296,757 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/05/29 21:12:30 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/29 19:22:02 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2011/05/28 21:17:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/28 10:39:56 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/28 09:54:52 | 000,000,061 | -H-- | M] () -- C:\WINDOWS\TaxACT09.ini
[2011/05/28 09:18:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 09:12:00 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/27 22:41:27 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 22:40:21 | 000,043,531 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/27 22:10:20 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
[2011/05/27 22:10:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364
[2011/05/27 22:09:32 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/27 22:09:26 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22339364
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 13:59:04 | 000,002,349 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/06/01 10:12:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
[2011/05/31 23:29:39 | 000,001,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/05/31 19:24:02 | 000,879,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2011/05/31 18:56:07 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
[2011/05/30 22:01:28 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
[2011/05/29 19:21:55 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2011/05/28 21:17:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/28 09:18:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 09:12:00 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/27 23:22:15 | 000,000,859 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 22:10:20 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
[2011/05/27 22:10:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364
[2011/05/27 22:09:32 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/27 22:09:26 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22339364
[2010/08/05 15:48:33 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/10/01 11:27:52 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/07/16 19:34:59 | 000,004,924 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/04/26 14:55:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/24 13:20:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/05/16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/06 18:04:32 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/14 00:52:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/08/04 14:59:07 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\TaxACT06.ini
[2007/05/27 07:59:17 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\TAXACT01.INI
[2007/05/27 07:58:37 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\TaxAct00.ini
[2007/04/23 13:11:26 | 000,532,480 | -H-- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2007/04/17 13:03:10 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2007/03/10 14:41:06 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/10 14:41:05 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/14 13:06:58 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/12/29 11:24:07 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/12/07 11:23:40 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/01 22:49:41 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/23 12:14:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2006/10/21 16:48:49 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/10/21 15:24:00 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/24 00:45:40 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/24 00:26:09 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/24 00:21:42 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/24 00:20:57 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/24 00:20:51 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/24 00:17:40 | 000,000,219 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/24 00:05:54 | 000,000,157 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/24 00:05:15 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/24 00:05:15 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/24 00:00:33 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/23 23:59:34 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/23 23:56:36 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/23 23:56:36 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/23 23:56:36 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/23 23:56:36 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/23 23:56:35 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/23 23:56:35 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/23 23:56:35 | 000,573,440 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/23 23:56:35 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/23 23:56:35 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/23 23:56:35 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/23 23:56:35 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/23 23:55:07 | 000,000,881 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/23 23:34:08 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/23 23:34:08 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/23 23:33:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 04:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/05 14:18:56 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/04 02:12:04 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 14:07:46 | 000,384,926 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 14:07:46 | 000,054,484 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 14:05:30 | 000,198,552 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 14:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 13:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 13:24:26 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/09 21:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 00:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 01:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 01:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/18 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 18:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/08/24 00:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/09/20 10:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/18 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2009/07/16 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/24 00:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/09 14:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/09 14:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/09 14:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A

< End of report >
Thanks, Ned

ryaned · Jun 4, 2011

OTL scan

Bobbye,
Here is the Extras.txt file.

OTL Extras logfile created on: 6/4/2011 9:22:50 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.44% Memory free
3.78 Gb Paging File | 3.07 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 201.51 Gb Free Space | 89.95% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.62 Gb Free Space | 7.00% Space Free | Partition Type: FAT32

Computer Name: RYANED | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled

ISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled

ISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled

ISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS272.tmp\SymNRT.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS272.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}" = Palm Desktop
"{4E7E8E6A-15F1-4E26-9352-26AD235131E9}" = Documents To Go
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail(tm)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATT-PRT22" = ATT-PRT22
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"DISCover" = DISCover
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d
"PokerTracker3" = PokerTracker 3 (remove only)
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Tax Forms Helper 2008_is1" = Tax Forms Helper 2008 8.5
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 California" = TaxACT 2008 California
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 California" = TaxACT 2009 California
"TaxACT California 2006" = TaxACT California 2006
"TaxACT California 2007" = TaxACT California 2007
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail(tm)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2011 10:14:26 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
the product Sonic MyDVD Plus cannot be found. Try the installation again using
a valid copy of the installation package 'MyDVD.MSI'.

Error - 5/31/2011 10:19:47 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
for the product HP DigitalMedia Archive cannot be found. Try the installation again
using a valid copy of the installation package 'EZARC.msi'.

Error - 5/31/2011 10:20:35 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
the product Sonic MyDVD Plus cannot be found. Try the installation again using
a valid copy of the installation package 'MyDVD.MSI'.

Error - 5/31/2011 10:24:50 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
for the product HP DigitalMedia Archive cannot be found. Try the installation again
using a valid copy of the installation package 'EZARC.msi'.

Error - 5/31/2011 10:30:01 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
the product Sonic MyDVD Plus cannot be found. Try the installation again using
a valid copy of the installation package 'MyDVD.MSI'.

Error - 5/31/2011 10:30:19 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
the product Sonic MyDVD Plus cannot be found. Try the installation again using
a valid copy of the installation package 'MyDVD.MSI'.

Error - 5/31/2011 10:34:43 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
for the product HP DigitalMedia Archive cannot be found. Try the installation again
using a valid copy of the installation package 'EZARC.msi'.

Error - 5/31/2011 10:35:07 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: Sonic MyDVD Plus -- Error 1706. An installation package for
the product Sonic MyDVD Plus cannot be found. Try the installation again using
a valid copy of the installation package 'MyDVD.MSI'.

Error - 5/31/2011 10:41:02 PM | Computer Name = RYANED | Source = MsiInstaller | ID = 11706
Description = Product: HP DigitalMedia Archive -- Error 1706. An installation package
for the product HP DigitalMedia Archive cannot be found. Try the installation again
using a valid copy of the installation package 'EZARC.msi'.

Error - 6/3/2011 3:19:10 PM | Computer Name = RYANED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/30/2011 12:58:25 PM | Computer Name = RYANED | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/30/2011 11:35:22 PM | Computer Name = RYANED | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/30/2011 11:35:44 PM | Computer Name = RYANED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 5/31/2011 12:57:16 AM | Computer Name = RYANED | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/31/2011 12:57:36 AM | Computer Name = RYANED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 5/31/2011 10:08:07 PM | Computer Name = RYANED | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/31/2011 10:12:25 PM | Computer Name = RYANED | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/31/2011 10:12:45 PM | Computer Name = RYANED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 6/1/2011 12:58:26 PM | Computer Name = RYANED | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/3/2011 12:58:26 PM | Computer Name = RYANED | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >

Thanks, Ned

Bobbye · Jun 6, 2011

Sorry for delay- lots of infected systems out there!

Please run these OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O24 - Desktop Components:0 () - http://www.bodoglife.com/images/template/body-bg.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to obtain root file information for disk D:\
[2011/06/03 12:15:02 | 004,111,831 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe
[2011/06/03 11:53:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/29 23:23:06 | 004,296,757 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/05/29 21:26:24 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/29 19:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller
[2011/05/29 13:11:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/29 23:23:20 | 004,296,757 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/05/29 21:12:30 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/29 19:22:02 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2009/07/16 19:34:59 | 000,004,924 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run uninterrupted, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==================================================
There were many Cobofix entries. Hopefully they will be removed.
==========================================
There are some entries you will need to remove separately:
Remove 024 Desktop entries:

Clock on Start> Settings> Control Panel> Display
Desktop tab> Customize Desktop
Web tab> Uncheck and delete everything here except for "My current home page"
Uncheck 'Lock Desktop Items' if checked
Clik on OK> Apply> Okay

Close.

ryaned · Jun 7, 2011

OTL scan

Bobbye,
Here is the log after the the Run Fix scan.

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File http://www.bodoglife.com/images/template/body-bg.gif not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File About:Home not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp not found.
File not found.
C:\Documents and Settings\HP_Administrator\Desktop\ComboFix1.exe moved successfully.
C:\ComboFix\N_ folder moved successfully.
C:\ComboFix folder moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller folder moved successfully.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox\32788R22FWJFW folder moved successfully.
C:\Qoobox folder moved successfully.
File C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe not found.
File C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe not found.
C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 734239201 bytes
->Temporary Internet Files folder emptied: 92145836 bytes
->Java cache emptied: 203304 bytes
->Flash cache emptied: 2183903 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13069129 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 589464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 732 bytes

Total Files Cleaned = 804.00 mb

Error: Unable to interpret <[Reboot]•Then click the Run Fix button at the top> in the current context!

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_231953

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I will post the log after Quik Scan next.

Thanks, Ned

ryaned · Jun 7, 2011

OTL Scan part 2

Bobbye,
Here is the log after running an OTL Quick Scan.

OTL logfile created on: 6/6/2011 11:35:48 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 70.67% Memory free
3.78 Gb Paging File | 3.24 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 202.22 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.62 Gb Free Space | 7.00% Space Free | Partition Type: FAT32

Computer Name: RYANED | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
PRC - C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
PRC - C:\Program Files\DISC\DiscStreamHub.exe (Digital Interactive Systems Corporation, Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2007/03/04 14:47:55 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/03 07:17:01 | 000,000,000 | -H-D | M]

[2007/12/18 22:19:19 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.png
[2007/12/18 22:19:19 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\AOL.src
[2007/12/18 22:19:19 | 000,001,076 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.gif
[2007/12/18 22:19:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\google.src
[2007/12/18 22:19:19 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.gif
[2007/12/18 22:19:19 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\jeeves.src
[2007/12/18 22:19:19 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.gif
[2007/12/18 22:19:19 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\NetscapeSearch.src
[2007/12/18 22:19:19 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.gif
[2007/12/18 22:19:19 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\cdyz1gwb.default\searchplugins\yahoo.src

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1306682764862 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.dmtc.com/live/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/24 00:17:22 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/29 11:10:39 | 000,000,000 | -H-- | M] () - C:\.autoreg -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 23:19:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 09:18:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/06/03 12:15:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/02 13:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/06/02 13:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/06/02 13:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2011/05/31 23:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2011/05/29 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/29 08:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
[2011/05/28 19:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/28 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira
[2011/05/28 09:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/05/28 09:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 09:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/28 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/28 09:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/28 09:11:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/28 09:11:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/28 09:11:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/28 09:11:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/28 09:11:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/28 09:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/28 09:07:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/05/27 22:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows XP Recovery

========== Files - Modified Within 30 Days ==========

[2011/06/06 23:29:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 23:25:05 | 000,000,187 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/06 23:23:55 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 23:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 23:23:19 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 09:18:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/06/01 10:13:30 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2011/06/01 10:12:51 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
[2011/05/31 23:29:39 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/05/31 19:24:12 | 000,879,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2011/05/31 18:56:09 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
[2011/05/31 18:39:33 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Paint.lnk
[2011/05/30 22:01:37 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
[2011/05/28 21:17:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/28 10:39:56 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/28 09:54:52 | 000,000,061 | -H-- | M] () -- C:\WINDOWS\TaxACT09.ini
[2011/05/28 09:18:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 09:12:00 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/27 22:41:27 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 22:40:21 | 000,043,531 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/27 22:10:20 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
[2011/05/27 22:10:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22339364
[2011/05/27 22:09:32 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/27 22:09:26 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22339364

========== Files Created - No Company Name ==========

[2011/06/02 13:59:04 | 000,002,349 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/06/01 10:12:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\letterhead efc personal.wps
[2011/05/31 23:29:39 | 000,001,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2011/05/31 19:24:02 | 000,879,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2011/05/31 18:56:07 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
[2011/05/30 22:01:28 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\unhide.exe
[2011/05/28 21:17:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/28 09:18:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 09:12:00 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/27 23:22:15 | 000,000,859 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 22:10:20 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364r
[2011/05/27 22:10:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22339364
[2011/05/27 22:09:32 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Windows XP Recovery.lnk
[2011/05/27 22:09:26 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22339364
[2010/08/05 15:48:33 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/10/01 11:27:52 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/04/26 14:55:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/24 13:20:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/05/16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/06 18:04:32 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/14 00:52:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/08/04 14:59:07 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\TaxACT06.ini
[2007/05/27 07:59:17 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\TAXACT01.INI
[2007/05/27 07:58:37 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\TaxAct00.ini
[2007/04/23 13:11:26 | 000,532,480 | -H-- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2007/04/17 13:03:10 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2007/03/10 14:41:06 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/10 14:41:05 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/14 13:06:58 | 000,116,458 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/12/29 11:24:07 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/12/07 11:23:40 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/01 22:49:41 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/23 12:14:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2006/10/21 16:48:49 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/10/21 15:24:00 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/24 00:45:40 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/24 00:26:09 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/24 00:21:42 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/24 00:20:57 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/24 00:20:51 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/24 00:17:40 | 000,000,219 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/24 00:05:54 | 000,000,157 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/24 00:05:15 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/24 00:05:15 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/24 00:00:33 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/23 23:59:34 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/23 23:56:36 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/23 23:56:36 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/23 23:56:36 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/23 23:56:36 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/23 23:56:35 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/23 23:56:35 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/23 23:56:35 | 000,573,440 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/23 23:56:35 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/23 23:56:35 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/23 23:56:35 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/23 23:56:35 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/23 23:55:07 | 000,000,881 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/23 23:34:08 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/23 23:34:08 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/23 23:33:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 04:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/05 14:18:56 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/04 02:12:04 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 14:07:46 | 000,384,926 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 14:07:46 | 000,054,484 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 14:05:30 | 000,198,552 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 14:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 13:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 13:24:26 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/09 21:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 00:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 01:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 01:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/18 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 18:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/08/24 00:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/09/20 10:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/18 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2009/07/16 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/24 00:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

========== Purity Check ==========

< End of report >

I will procede with removing 024 Desktop entries as you directed.

Thanks, Ned

There were no items in the Web tab box to uncheck!? Ned

Bobbye · Jun 7, 2011

Okay, that looks better. And I thin all but one of the Combofix entries was removed. I just need for you to see if this is in the HP Administrator:
C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

IF you need help with it, see HP BladeSystem- Onboard Administrator
===============================================
When finished, Please try Combofix again, starting from the download:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=====================================
Please tell me if the desktop icon problem has continued and explain what you mean by 'malfunctioning.'

Inactive Redirected from Google search and some recovered desktop icons malfuntioning

Posts: 85 +0

Posts: 16,313 +36

Posts: 85 +0

Posts: 85 +0

Posts: 16,313 +36

Posts: 85 +0

Posts: 85 +0

Posts: 85 +0

Attachments

Posts: 16,313 +36

Posts: 85 +0

Posts: 16,313 +36

Posts: 85 +0

Posts: 85 +0

Posts: 85 +0

Attachments

Posts: 16,313 +36

Posts: 85 +0

Posts: 85 +0

Attachments

Posts: 85 +0

Attachments

Posts: 16,313 +36

Posts: 85 +0

Posts: 85 +0

Posts: 16,313 +36

Posts: 85 +0

Posts: 85 +0

Posts: 16,313 +36

Similar threads