Solved System Check malware removal

OTL Part 2


O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Burger%20Island/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://connect2.environment-agency.gov.uk/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://www.connect2ea.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer = 15.243.128.51 15.243.160.51
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/HP_Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 20:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 17:31:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2012/02/03 17:28:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/02 23:40:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/02 19:21:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/02 19:21:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/02 19:21:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/02 19:21:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/02 19:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/02 19:21:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 18:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Family Tree Stuff
[2012/02/02 18:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Desktop
[2012/02/01 23:42:52 | 004,393,886 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2012/01/31 19:07:01 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\HP_Owner\Desktop\boot_cleaner.exe
[2012/01/31 19:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\bootkit_remover
[2012/01/31 19:01:35 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2012/01/30 18:50:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Administrative Tools
[2012/01/30 18:49:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2012/01/30 18:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Log
[2012/01/29 21:32:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2012/01/16 20:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 20:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/01/16 20:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/01/16 20:54:54 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012/01/16 19:45:52 | 000,000,000 | ---D | C] -- C:\f8b78a383eb017763c
[2012/01/16 19:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/01/16 19:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2012/01/16 19:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/01/11 17:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/11 17:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/09 21:31:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/01/09 20:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\75D9E
[2012/01/09 20:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\44575
[2007/07/27 15:18:59 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2007/07/27 15:18:59 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2007/07/27 15:18:59 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007/05/12 13:59:14 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/04/13 16:15:30 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2007/04/13 16:15:30 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2007/04/13 16:15:30 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 17:33:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2012/02/03 17:23:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 17:23:10 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/02/03 17:23:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc8adaf4a818e4.job
[2012/02/03 17:22:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 17:22:52 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 00:08:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/02 20:14:53 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/02/02 19:35:17 | 000,545,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/02 19:35:17 | 000,096,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/02 19:14:24 | 004,393,886 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2012/02/02 18:15:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/02/02 00:09:51 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\rk-proxy.reg
[2012/02/02 00:08:48 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\rkill.com
[2012/02/02 00:07:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jww.exe
[2012/02/01 23:25:09 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/02/01 23:17:16 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Norton_Removal_Tool.exe
[2012/02/01 18:51:02 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ListParts.exe
[2012/02/01 13:42:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/31 19:01:14 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2012/01/31 18:54:58 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\bootkit_remover.zip
[2012/01/30 18:45:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2012/01/30 18:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\snsi9chm.exe
[2012/01/29 22:16:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/29 20:48:18 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 20:09:28 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
[2012/01/16 20:06:35 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/01/16 19:37:41 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/01/16 19:35:03 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2012/01/11 17:19:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/09 20:51:34 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/07 14:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 19:47:28 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/02 19:47:28 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/02/02 19:47:28 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
[2012/02/02 19:47:28 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\camtool.lnk
[2012/02/02 19:21:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/02 19:21:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/02 19:21:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/02 19:21:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/02 19:21:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/02 19:15:16 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/02 18:15:43 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Norton_Removal_Tool.exe
[2012/02/02 00:09:51 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\rk-proxy.reg
[2012/02/02 00:08:31 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\rkill.com
[2012/02/02 00:08:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jww.exe
[2012/02/01 18:56:27 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ListParts.exe
[2012/01/31 19:01:40 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\bootkit_remover.zip
[2012/01/30 18:38:23 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\snsi9chm.exe
[2012/01/29 22:15:04 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/29 18:27:38 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/01/29 18:27:38 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
[2012/01/29 18:27:37 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/01/16 20:17:14 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/01/16 20:09:28 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
[2012/01/16 20:06:35 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/01/16 20:06:34 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2012/01/16 20:05:33 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/01/10 12:38:05 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/08/18 10:51:23 | 000,208,100 | ---- | C] () -- C:\WINDOWS\hpoins47.dat
[2011/08/18 10:51:23 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat
[2010/09/28 17:30:10 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/28 17:30:07 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/28 17:30:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/28 17:29:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/17 18:11:05 | 000,035,952 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/28 22:11:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/01/03 23:47:27 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/03 23:47:21 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/03 23:47:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/12 22:47:22 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/22 16:55:35 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/09/17 14:38:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Mahjongg Variations.INI
[2008/05/27 14:58:37 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/26 18:32:44 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/01/13 17:53:45 | 000,000,390 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2008/01/13 17:52:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2008/01/13 17:52:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2008/01/13 17:52:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2008/01/13 17:52:50 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/10/12 14:56:13 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/28 09:18:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/28 09:17:08 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/27 15:18:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe
[2007/07/27 15:18:59 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2007/06/30 09:38:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/06/17 22:48:59 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/06/17 22:48:24 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 22:48:24 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/16 18:12:46 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/21 15:28:53 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2007/05/17 22:31:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc625010911.bin
[2007/04/23 00:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/23 00:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/13 16:15:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2007/04/13 16:15:32 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2007/04/13 10:20:13 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\IPDETECT.EXE
[2007/04/13 10:20:10 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
[2007/04/13 10:20:09 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin
[2007/02/25 15:50:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/12 13:19:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/01/26 17:45:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/01/26 17:33:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/01/09 01:20:19 | 000,002,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/05 21:39:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\vsnpstd2.exe
[2006/12/05 21:39:39 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2006/12/05 21:39:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd2.exe
[2006/12/05 20:51:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/04 00:10:37 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/03 15:28:46 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/12/03 15:28:40 | 000,000,295 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005/08/21 16:47:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/01/03 04:31:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/03 04:11:48 | 000,016,359 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/03 04:11:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/03 04:06:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/03 04:06:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/03 04:06:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/03 04:06:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/03 04:06:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/03 04:06:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/03 04:04:47 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/01/03 03:58:59 | 000,112,870 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/01/03 03:58:58 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/01/03 03:54:16 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/01/03 03:54:16 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/01/03 03:52:17 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/01/03 03:52:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/01/03 03:51:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/03 03:36:54 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/03 03:33:24 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/01/03 03:33:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/01/03 03:33:02 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/09 20:39:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/09 20:25:42 | 000,545,636 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/09 20:25:42 | 000,096,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/09 20:22:42 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/09 20:19:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/09 20:17:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/25 02:10:06 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2005/01/03 04:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2005/01/03 04:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.PLAYROOM\Application Data\SampleView
[2005/01/03 04:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.PLAYROOM.000\Application Data\SampleView
[2012/01/11 17:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.PLAYROOM.000\Application Data\Windows Search
[2008/01/17 15:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2008/12/17 17:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2007/07/14 09:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2008/03/21 11:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2007/12/02 15:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2009/05/23 17:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/29 13:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Burger Island 2
[2007/08/02 22:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/04/07 13:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
[2009/07/13 14:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/01/16 20:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2008/09/14 12:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2007/07/25 13:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireGlow
[2008/07/03 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2007/11/23 15:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/12/27 20:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/02/28 15:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2007/11/10 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/10/14 15:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007/09/28 13:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo
[2011/03/06 17:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gHeOpOk06300
[2008/02/18 13:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/08/16 15:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2007/12/24 15:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/06/17 19:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2007/12/08 15:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2010/04/26 20:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2008/11/04 16:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2008/10/22 16:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/04/21 18:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/02/16 17:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/01/24 07:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/11/27 16:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/01/19 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/09/30 14:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/02/25 19:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/06 14:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2007/12/27 20:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2008/08/09 15:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/01/22 15:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2008/05/25 14:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/01/26 11:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTopV1005
[2008/03/09 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/04/26 20:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2008/08/08 10:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2007/01/26 17:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/01/23 14:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2007/08/28 16:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/03 21:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/06 23:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/01/03 04:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/01/03 04:17:10 | 000,000,104 | ---- | M] () -- C:\.lnk
[2004/11/09 20:20:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/04/13 01:49:56 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2012/02/02 18:15:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/26 00:01:38 | 000,000,076 | ---- | M] () -- C:\Catalog.LiveSubscribe
[2004/08/04 12:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/03 00:17:58 | 000,919,903 | ---- | M] () -- C:\ComboFix.txt
[2004/11/09 20:20:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/04/03 00:00:19 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2007/07/18 19:13:55 | 000,000,093 | ---- | M] () -- C:\DownloadLog.txt
[2008/04/07 16:41:29 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2011/03/02 09:39:02 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2012/02/03 17:22:52 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 21:46:34 | 000,304,152 | ---- | M] () -- C:\img2-001.raw
[2007/07/28 18:46:28 | 000,230,424 | ---- | M] () -- C:\img2-002.raw
[2007/07/27 20:45:48 | 000,230,424 | ---- | M] () -- C:\img2-004.raw
[2004/11/09 20:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/24 14:53:44 | 000,000,139 | ---- | M] () -- C:\ioSpecial.ini
[2007/04/12 22:28:21 | 000,000,979 | ---- | M] () -- C:\IPH.PH
[2008/10/15 17:18:15 | 000,401,280 | ---- | M] () -- C:\logfile
[2011/04/03 07:54:20 | 000,001,111 | ---- | M] () -- C:\lxcz.log
[2004/11/09 20:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/26 21:55:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/03 06:55:28 | 000,136,918 | ---- | M] () -- C:\OTL.Txt
[2012/02/03 17:22:50 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/04/07 15:29:44 | 000,104,550 | ---- | M] () -- C:\playground.log
[2012/02/02 18:42:02 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2008/08/11 23:06:48 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2008/08/12 12:50:00 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2008/08/20 13:06:53 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2008/08/20 17:46:32 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2008/08/29 13:35:29 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2008/08/30 22:50:48 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2008/09/01 11:15:28 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm
[2008/10/01 16:34:46 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2008/09/18 14:58:37 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm
[2008/09/14 23:46:24 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2008/10/20 13:55:22 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
[2008/05/16 16:41:23 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
[2008/06/03 11:33:00 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2008/06/12 21:00:09 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
[2008/06/15 22:34:06 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
[2008/06/18 23:29:41 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
[2008/06/19 10:14:40 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
[2008/07/10 02:06:56 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
[2008/08/02 07:17:38 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2008/08/11 17:48:26 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2008/08/11 23:06:48 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2008/08/12 12:50:00 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2008/08/20 13:06:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2008/08/20 17:46:32 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2008/08/29 13:35:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2008/08/30 22:50:48 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2008/09/01 11:15:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2008/10/01 16:34:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2008/09/18 14:58:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2008/09/14 23:46:24 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2008/10/20 13:55:22 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2008/05/16 16:41:23 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2008/06/03 11:33:00 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2008/06/12 21:00:09 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2008/06/15 22:34:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2008/06/18 23:29:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2008/06/19 10:14:40 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2008/07/10 02:06:56 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2008/08/02 07:17:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2008/08/11 17:48:25 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2012/01/15 20:30:03 | 000,058,506 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_15.01.2012_20.26.20_log.txt
[2012/01/15 20:52:21 | 000,059,492 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_15.01.2012_20.48.06_log.txt
[2012/01/15 21:00:11 | 000,058,376 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_15.01.2012_20.59.41_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/12 06:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2004/11/09 20:19:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/10/21 14:29:40 | 000,320,512 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp101.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/07/28 17:53:11 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2007/05/12 13:59:02 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2008/02/26 18:32:44 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/11/09 20:10:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/11/09 20:10:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/11/09 20:10:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/26 22:01:52 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/04/13 01:53:27 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/11/09 20:23:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/31 19:01:14 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\HP_Owner\Desktop\boot_cleaner.exe
[2012/02/02 19:14:24 | 004,393,886 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2012/02/02 00:07:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jww.exe
[2012/02/01 18:51:02 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ListParts.exe
[2012/02/01 23:17:16 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Norton_Removal_Tool.exe
[2012/02/03 17:33:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2012/01/30 18:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\snsi9chm.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2003/01/17 16:35:40 | 000,013,023 | ---- | M] () -- C:\WINDOWS\snpstd2.src
[2004/02/27 15:36:18 | 000,013,023 | ---- | M] () -- C:\WINDOWS\snpstd3.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/11/03 13:03:59 | 051,422,520 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\iTunes743Setup.exe
[2007/05/21 13:27:29 | 004,301,387 | ---- | M] (Shareaza Development Team ) -- C:\Documents and Settings\HP_Owner\My Documents\Shareaza_2.2.5.0.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 12:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/04/13 01:53:26 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/08/13 01:22:34 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Cookies\desktop.ini
[2012/02/03 17:31:01 | 000,835,584 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 07:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 07:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 07:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 07:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 07:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 07:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 07:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 16:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
[1999/09/10 12:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 03/02/2012 17:32:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 421.28 Mb Available Physical Memory | 41.17% Memory free
2.40 Gb Paging File | 1.79 Gb Available in Paging File | 74.58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 54.01 Gb Free Space | 29.95% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.53 Gb Free Space | 42.18% Space Free | Partition Type: FAT32
Drive G: | 3.74 Gb Total Space | 0.05 Gb Free Space | 1.46% Space Free | Partition Type: FAT32

Computer Name: PLAYROOM | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2720316383-1297943296-3835745626-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm)
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = Zoom ADSL USB Modem
"{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}" = Digimax Converter
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5B7C0A59-4B18-A20E-20B0-25D95156F8CF}" = HMV UK Download Manager
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{70CDE2CA-D2D9-42B8-8644-ED959F6FE2B4}" = HTC Sync
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{900777E0-85AD-11D1-89AD-0050BAEBF06B}" = SmartCamera Ver 2.2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CA8BBB9-5FCF-11D9-8F38-0050BAEBF06B}" = camtool
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Cam Zoom
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}" = Sony Ericsson Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AskSBar Uninstall" = Ask Toolbar
"BFGC" = Big Fish Games Client
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"com.hmvdigital.downloadmanager" = HMV UK Download Manager
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diner Dash 2" = Diner Dash 2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Holly: A Christmas Tale Deluxe" = Holly: A Christmas Tale Deluxe
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Red Alert 2
"RegistryFix_is1" = RegistryFix v6.1
"Shop for HP Supplies" = Shop for HP Supplies
"Teddy Factory" = Teddy Factory
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Web Games Player Plugin" = Web Games Player Plugin
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2720316383-1297943296-3835745626-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 5.5.0" = Juniper Networks Cache Cleaner 5.5.0
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/02/2012 19:36:50 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 02/02/2012 19:37:58 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 02/02/2012 21:32:20 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 02/02/2012 21:32:35 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11719
Description = Product: TrayApp -- Error 1719. The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 02/02/2012 21:32:46 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 02/02/2012 21:32:49 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 02/02/2012 21:32:52 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 03/02/2012 13:28:34 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11705
Description = Product: TrayApp -- Error 1705. A previous installation for this product
is in progress. You must undo the changes made by that installation to continue.
Do you want to undo those changes?

Error - 03/02/2012 13:28:40 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 03/02/2012 13:30:34 | Computer Name = PLAYROOM | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

[ System Events ]
Error - 02/02/2012 15:21:22 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%2

Error - 02/02/2012 15:30:38 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 02/02/2012 15:31:51 | Computer Name = PLAYROOM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 02/02/2012 15:56:03 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 02/02/2012 15:57:06 | Computer Name = PLAYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate1ca1e82d3299a42
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 02/02/2012 15:57:10 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1ca1e82d3299a42) service to connect.

Error - 02/02/2012 15:57:10 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1ca1e82d3299a42) service failed
to start due to the following error: %%1053

Error - 02/02/2012 19:01:59 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 02/02/2012 20:07:54 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 03/02/2012 13:23:17 | Computer Name = PLAYROOM | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058


< End of report >
 
1. What are those?
2. Yes. I need to know how things are
3. It doesn't matter to me which AV program you use as long as you have one active.

============================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-2720316383-1297943296-3835745626-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2720316383-1297943296-3835745626-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2720316383-1297943296-3835745626-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\camtool.lnk = File not found
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
[2012/01/09 20:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\44575
[2012/01/09 20:51:34 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk


:Services

:Reg

:Files
C:\Program Files\AskSBar

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Progress

Hi Broni,

On part 2. Internet works, posting this from the PC that was troublesome.

On 1. I think its something to do with HP imaging from googling it, I will try to work on a fix. *NOW FIXED - REINSTALLED*

On 3. I will use COMODO until we are all done then install Norton.

Some other updates before I post the logs. Some auto updates have installed and they are now up to date. Also now I seem to jet errors from JUSCHED?? and it closes and gives the option of sending an error report. BUT, at least it now connects to the web! Also, I notice an error for internet explorer comes up saying *to help protect youur computer, windows has closed the program* and sometimes the links I click go to a completely different webpage. However, it boots superquickly in to XP now and chrome works fine.

On your instructions.

1, Java updated.

2. Old Java Removed

Scans

1. OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
File C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-2720316383-1297943296-3835745626-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2720316383-1297943296-3835745626-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2720316383-1297943296-3835745626-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
File C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\camtool.lnk moved successfully.
Starting removal of ActiveX control {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
C:\WINDOWS\Downloaded Program Files\VE3DInstall.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\HP_Owner\Application Data\44575 folder moved successfully.
C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AskSBar\bar\Settings folder moved successfully.
C:\Program Files\AskSBar\bar\History folder moved successfully.
C:\Program Files\AskSBar\bar\Cache folder moved successfully.
C:\Program Files\AskSBar\bar\1.bin folder moved successfully.
C:\Program Files\AskSBar\bar folder moved successfully.
C:\Program Files\AskSBar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 216257

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.PLAYROOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PLAYROOM.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 566 bytes

User: All Users

User: Betty

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 63731 bytes
->Temporary Internet Files folder emptied: 5416480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 368026877 bytes
->Apple Safari cache emptied: 184320 bytes
->Flash cache emptied: 74714 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1360006 bytes
->Flash cache emptied: 3298 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 545280 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 599627 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 894340 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 42458956 bytes
RecycleBin emptied: 891748 bytes

Total Files Cleaned = 401.00 mb


[EMPTYJAVA]

User: 216257

User: Administrator

User: Administrator.PLAYROOM

User: Administrator.PLAYROOM.000

User: All Users

User: Betty

User: Default User

User: HP_Owner
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: 216257

User: Administrator

User: Administrator.PLAYROOM
->Flash cache emptied: 0 bytes

User: Administrator.PLAYROOM.000
->Flash cache emptied: 0 bytes

User: All Users

User: Betty

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02032012_235627

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\RK7UY6JT\ads[2].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\RK7UY6JT\search[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\P9DZWCT8\ads[2].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\O22ZMS10\topic176201-3[1].html moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\psmachine.dll15fd4c9 not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LYP56RYP\drupal[1].js moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LYP56RYP\f[4].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LYP56RYP\xd_proxy[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LYP56RYP\xd_proxy[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\764e2b504d3038736442494143333264[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\f[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\hub.1326407570[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\searchCA3T4BRG.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\searchCAASDADE.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\sk-ckpro[6].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\tweet_button.1326407570[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CI0AAB3Q\yellowcardct_com[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6FAV9GZ6\dest2[1].htm moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6FAV9GZ6\like[1].htm not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6FAV9GZ6\searchCAMB345U.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6FAV9GZ6\searchCARRCFQZ.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6FAV9GZ6\sk-pxbrdg[6].htm moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\1@x13[2].htm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\2012-golden-globe-awards-show-winners-576835[2].htm not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\afr[7].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\searchCA5Q8MDI.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\searchCA71WE3L.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\searchCAFNFXGV.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\search[11].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\sk-ckpro[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KJ94T3B\status[1].htm moved successfully.

Registry entries deleted on Reboot...

2. FSS

Farbar Service Scanner Version: 02-02-2012
Ran by HP_Owner (administrator) on 04-02-2012 at 01:06:12
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2004-08-04 12:00] - [2008-04-14 00:12] - 0039936 ____A (Microsoft Corporation) 1852A19B834058F489F85EB520A88D15

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

4. ESET


C:\Documents and Settings\All Users\Documents\Incomplete\T-3870556-prison break theme CD quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\4A04\14.exe.vir a variant of Win32/Kryptik.ZAF trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\4A04\4.exe.vir a variant of Win32/Kryptik.YRG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\4A04\5.exe.vir Win32/Cycbot.AK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\4A04\A.exe.vir Win32/Cycbot.AK trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP1\A0000001.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP1\A0002001.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP1\A0003002.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP1\A0004013.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP10\A0029769.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0005011.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0006011.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0007011.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0008011.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0008022.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0008075.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0010080.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0010107.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP2\A0011120.sys a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP4\A0024389.exe a variant of Win32/Kryptik.YRG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP5\A0028109.exe a variant of Win32/Kryptik.ZAF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP5\A0028110.exe a variant of Win32/Kryptik.YRG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP5\A0028111.exe Win32/Cycbot.AK trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP5\A0028112.exe Win32/Cycbot.AK trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache5713385669586965560.tmp probably a variant of Java/TrojanDownloader.OpenStream.NCI trojan deleted - quarantined
C:\_OTL\MovedFiles\02032012_235627\C_Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
 
I still need Security Check log.

Also go Start>Run, type in:
services.msc
Click OK.

Scroll down to DNS Client service.
Right click on it, click "Properties".
Under "Startup type" select "Automatic" from drop-down menu.
OK your way out.
 
Broni,

Sorry, forgot to post that one so is below.

Just run the other instructions

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
COMODO Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````
 
As for that error disable "jusched.exe" as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Thanks,

I will post the OTL when done it is running now (on other PC). I have Norton Internet Security 2011 with a spare licence (you get 3 with it). If I install that I guess I need to uninstall Comodo and Malware bytes as wou should opnly have one running. Am I right?

Thanks
 
You'll have to uninstall Comodo but not MBAM.
MBAM works fine with any AV program.
 
Final OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: 216257

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.PLAYROOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PLAYROOM.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Betty

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 1397615841 bytes
->Temporary Internet Files folder emptied: 41235529 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 33550634 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 799350 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4276993 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 244605785 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,642.00 mb


[EMPTYFLASH]

User: 216257

User: Administrator

User: Administrator.PLAYROOM
->Flash cache emptied: 0 bytes

User: Administrator.PLAYROOM.000
->Flash cache emptied: 0 bytes

User: All Users

User: Betty

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: 216257

User: Administrator

User: Administrator.PLAYROOM

User: Administrator.PLAYROOM.000

User: All Users

User: Betty

User: Default User

User: HP_Owner
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 02042012_200248

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
And to elaborate

i) Installed latest flash

1. OTL above
2. Removed all tools and logs.
3. Updates all up to date.
4. Already told them to do this,
5. Done
6. Done (did it before posting earlier and full comodo scan, not muc wasfound).
7. Will ask them to, redid it before posting this,
8. done, is scanning now (will take ages)
9. Again, done.
10. will do.

The rest is self explanatory, does OTL Log show anything.

as a request, can you keep this open for a final few hours as I finish secuna and filehippo, install norton and do a final scan with that, If that all goes well, I reckon this will be all solved.

Youve been great mate, thanks!
 
I don't close topics.
Reply whenever you need to.

Way to go!!
p4193510.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

D
Google Chrome gets real-time phishing and malware protection with upgraded Safe Browsing...
Replies
7
Views
254
Evrsr
E
O
Syngate - what is it and why has it shown up on my laptop?
Replies
2
Views
296
Nelson28
N
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E

Latest posts

Back