Solved Infected again, but..

[Broni]

You posted only fractions of both logs.
I need both FULL logs.

 

[Hurriken]

OTL

OTL logfile created on: 10/17/2010 1:27:51 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.42 Gb Total Space | 79.02 Gb Free Space | 35.21% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/01 19:09:26 | 000,313,216 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2010/04/01 19:09:24 | 001,103,744 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/27 17:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/04 13:34:50 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/02 11:10:46 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/10/02 11:10:14 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/04/13 05:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/06 20:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/17 11:30:26 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2005/11/15 20:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 14:50:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/01 19:09:26 | 000,313,216 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/04/27 17:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/21 13:27:36 | 000,022,600 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NxDrv.sys -- (NxDrv)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/25 10:44:48 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/10/30 14:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/25 14:54:58 | 000,036,384 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npusbio.sys -- (npusbio)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/31 10:31:12 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/08 18:02:04 | 000,019,640 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/05/11 13:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iastor.sys -- (iaStor)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: npNELaunch@sonicwall.com:4.0.0.78
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 17:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 20:55:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/10/06 17:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/10/11 20:55:38 | 000,000,000 | ---D | M]

[2008/12/12 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/10/15 14:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions
[2010/05/19 22:37:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 12:31:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/20 20:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\npNELaunch@sonicwall.com
[2010/06/21 10:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com
[2010/06/21 10:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com-trash
[2010/10/15 14:53:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 23:30:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 18:43:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/25 13:30:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://dio.conbio.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} http://66.98.130.69/DGTx.CAB (DGTx.uc1)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/04 13:47:12 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

 

[Hurriken]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (3099643537784832)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 13:25:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/10/17 10:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD
[2010/10/16 23:03:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/16 22:28:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/16 22:28:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/16 22:28:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/16 22:28:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/16 22:25:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/15 22:28:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2010/10/14 18:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/10/13 08:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/06 17:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/06 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/18 10:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/09/18 10:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\TrackMania
[2010/09/07 22:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/24 10:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\ER99 Data
[2010/08/23 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Downloads
[2010/08/23 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\FinalTorrent
[2010/08/23 23:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\FinalTorrent
[2010/08/23 23:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/08/23 23:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
[2010/08/23 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Draft Predictor 2010
[2010/08/23 20:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bert
[2010/08/23 20:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010/08/23 19:25:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/15 10:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Albums
[2010/08/15 10:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
[2010/07/23 09:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pictures for showing 2
[2010/07/23 08:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pictures for showing
[2010/07/20 14:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010/07/20 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/07/20 14:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/07/20 14:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/20 14:06:55 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/20 13:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Games
[2010/07/20 13:23:55 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2006/12/12 10:47:24 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/10/17 13:17:12 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/17 12:33:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.lnk
[2010/10/17 11:15:57 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/17 11:12:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/17 11:12:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 11:12:43 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 11:02:06 | 000,054,760 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/10/17 11:02:06 | 000,054,760 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/10/17 11:02:06 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/10/17 10:54:36 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/10/17 09:27:40 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
[2010/10/16 23:03:55 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/16 22:20:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/10/16 19:47:06 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/10/15 22:58:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vfwlzpsc.exe
[2010/10/14 23:33:43 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/14 18:43:37 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/10/13 08:36:06 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 03:09:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/10/11 20:55:40 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 20:46:22 | 000,212,142 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 20_46_20.960228.dmp
[2010/10/11 19:51:01 | 000,134,162 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\225510.pdf
[2010/10/11 17:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 17:03:42 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2010/10/11 00:29:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 00_29_30.623339.dmp
[2010/10/09 08:57:25 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/09 00:20:46 | 000,033,315 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-09 00_20_45.924591.dmp
[2010/10/08 03:02:47 | 000,442,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 03:02:47 | 000,072,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 18:55:51 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\19-01 Rev M ServicereportFront.doc
[2010/10/06 18:54:39 | 000,170,898 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MC30077 Device Consulting.pdf
[2010/10/06 18:39:33 | 000,138,681 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\224776.pdf
[2010/10/06 17:38:04 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 17:33:48 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/28 09:53:38 | 000,019,118 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TheEarlyChurchPatternforEvangelismPart1.pdf
[2010/09/23 22:13:26 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Draft Predictor 2010.lnk
[2010/09/23 16:00:15 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Chat Content.doc
[2010/09/22 15:14:16 | 000,146,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tombrady.jpg
[2010/09/22 15:11:07 | 000,387,250 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\picture-513.png
[2010/09/18 19:43:13 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Alien Swarm.url
[2010/09/18 01:12:35 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TrackMania Nations Forever.url
[2010/09/15 18:32:47 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Basic Ground Rules for Our Family Meeting.doc
[2010/09/07 22:22:56 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/05 18:25:43 | 000,692,174 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\recipe.pdf
[2010/09/04 20:12:47 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fantasy Champion 2010.doc
[2010/09/04 11:53:12 | 000,066,399 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\12713m41ha55qltibd552gvsv4zy.pdf
[2010/09/04 11:52:14 | 000,066,530 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\35603m41ha55qltibd552gvsv4zy.pdf
[2010/08/24 10:11:05 | 000,000,291 | ---- | M] () -- C:\Boot.bak
[2010/08/23 23:36:37 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk
[2010/08/23 23:36:37 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FinalTorrent.lnk
[2010/08/23 16:12:46 | 000,446,691 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ECO Signed 8-23-10.pdf
[2010/08/20 21:07:57 | 000,064,598 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photobomb.jpg
[2010/08/20 21:04:15 | 000,067,254 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\33497_433930991120_545286120_5245680_3535355_n.jpg
[2010/08/20 15:18:05 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge(2).doc
[2010/08/20 15:17:30 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge.doc
[2010/08/20 14:44:59 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/15 23:50:01 | 002,002,547 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/20 14:50:12 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/07/20 14:15:15 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/20 14:15:15 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/20 14:15:12 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/20 14:07:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/20 14:01:21 | 000,193,709 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

========== Files Created - No Company Name ==========

[2010/10/17 12:33:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.lnk
[2010/10/17 12:33:42 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
[2010/10/17 10:55:14 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/10/16 22:54:28 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 22:28:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/16 22:28:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/16 22:28:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/16 22:28:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/16 22:28:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/16 22:21:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/10/16 20:10:03 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/10/15 22:58:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\vfwlzpsc.exe
[2010/10/14 18:43:37 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/10/11 20:55:40 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 20:46:20 | 000,212,142 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 20_46_20.960228.dmp
[2010/10/11 19:51:00 | 000,134,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\225510.pdf
[2010/10/11 00:29:30 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 00_29_30.623339.dmp
[2010/10/11 00:15:32 | 000,003,844 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ZutiLog.txt
[2010/10/09 00:20:45 | 000,033,315 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-09 00_20_45.924591.dmp
[2010/10/06 18:55:51 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\19-01 Rev M ServicereportFront.doc
[2010/10/06 18:54:39 | 000,170,898 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MC30077 Device Consulting.pdf
[2010/10/06 17:38:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 17:33:48 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/04 19:24:13 | 000,138,681 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\224776.pdf
[2010/09/28 09:53:46 | 000,019,118 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TheEarlyChurchPatternforEvangelismPart1.pdf
[2010/09/23 16:00:14 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Chat Content.doc
[2010/09/22 15:14:16 | 000,146,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tombrady.jpg
[2010/09/22 15:11:06 | 000,387,250 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\picture-513.png
[2010/09/18 19:43:13 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Alien Swarm.url
[2010/09/18 01:12:34 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TrackMania Nations Forever.url
[2010/09/15 18:32:46 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Basic Ground Rules for Our Family Meeting.doc
[2010/09/07 22:22:56 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/07 22:22:56 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/05 18:25:43 | 000,692,174 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\recipe.pdf
[2010/09/04 11:53:12 | 000,066,399 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\12713m41ha55qltibd552gvsv4zy.pdf
[2010/09/04 11:52:13 | 000,066,530 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\35603m41ha55qltibd552gvsv4zy.pdf
[2010/09/02 17:22:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fantasy Champion 2010.doc
[2010/08/24 10:11:03 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2010/08/24 10:11:03 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/24 10:11:03 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/08/24 10:11:03 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
[2010/08/23 23:36:37 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk
[2010/08/23 23:36:37 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FinalTorrent.lnk
[2010/08/23 20:55:31 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Draft Predictor 2010.lnk
[2010/08/23 16:12:44 | 000,446,691 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ECO Signed 8-23-10.pdf
[2010/08/20 21:07:57 | 000,064,598 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photobomb.jpg
[2010/08/20 21:04:15 | 000,067,254 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\33497_433930991120_545286120_5245680_3535355_n.jpg
[2010/08/20 15:18:05 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge(2).doc
[2010/08/20 15:17:29 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge.doc
[2010/07/20 14:53:55 | 000,054,760 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/07/20 14:53:55 | 000,000,788 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/07/20 14:07:41 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/20 14:07:38 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/20 14:07:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/20 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/20 14:06:55 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/20 14:06:53 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/03/17 23:51:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/05/30 08:56:32 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/04 09:57:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\JFEXRMC.INI
[2009/03/29 20:55:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/15 00:20:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/02 20:59:56 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/10/02 20:59:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/05/07 23:32:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Woodwinds
[2008/05/07 23:32:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\designjet
[2008/05/07 23:32:24 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/03/31 10:31:10 | 001,978,368 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464.Dll
[2008/03/31 10:31:10 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0C.dll
[2008/03/31 10:31:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_10.dll
[2008/03/31 10:31:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0A.dll
[2008/03/31 10:31:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_07.dll
[2008/03/31 10:31:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_09.dll
[2008/03/31 10:31:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0402.dll
[2008/03/31 10:31:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_11.dll
[2008/03/17 16:44:17 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/02/19 23:48:40 | 000,023,978 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\.ipc_copyrecord
[2008/02/19 23:44:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/02/14 22:50:59 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/01/29 12:57:03 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\AppShare-6-7-2.dll
[2008/01/14 02:31:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2008/01/13 19:03:31 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/13 15:59:51 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2008/01/09 21:22:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/09 21:17:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2008/01/07 10:48:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/05 19:06:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2008/01/04 22:25:42 | 000,000,397 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2008/01/04 21:50:26 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008/01/04 14:13:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/04 14:10:23 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/01/04 13:55:02 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2008/01/04 13:50:48 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/04 13:50:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/04 13:47:32 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/04 13:36:04 | 000,000,320 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/04 13:35:27 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2008/01/04 13:30:41 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/04 13:29:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/04 13:26:42 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/01/04 13:26:42 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/04 13:25:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/31 17:00:41 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/24 00:00:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/26 16:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 08:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 09:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/06/26 16:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/19 09:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/05/07 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/05/07 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Equalizer
[2008/12/20 19:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/13 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/12/13 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2010/07/20 14:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/18 10:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2008/05/07 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/02/22 18:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2009/07/24 15:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/10/17 00:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/04/12 11:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/01 20:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/26 09:23:14 | 000,007,388 | ---- | M] () -- C:\aaw7boot.log
[2008/01/04 13:47:12 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/24 10:11:05 | 000,000,291 | ---- | M] () -- C:\Boot.bak
[2010/10/16 23:03:55 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2004/08/09 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/17 13:16:00 | 000,015,156 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 23:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/06 13:39:25 | 000,000,086 | ---- | M] () -- C:\csb.log
[2009/01/26 22:35:53 | 002,619,556 | ---- | M] () -- C:\Fraps.v2.6.0.4791-iND.rar
[2010/10/17 11:12:43 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/04 13:54:05 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
[2010/02/08 22:26:14 | 000,007,575 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/30 23:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/27 19:31:58 | 000,001,851 | -H-- | M] () -- C:\IPH.PH
[2008/10/24 11:40:04 | 000,226,632 | ---- | M] () -- C:\khalinstall.log
[2005/08/30 23:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/09 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/02 10:16:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/17 11:12:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/20 15:30:37 | 000,000,000 | ---- | M] () -- C:\plx_proxy.log
[2006/07/31 17:00:56 | 000,000,012 | ---- | M] () -- C:\RecoveryCD.txt
[2008/07/06 13:35:09 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2009/08/20 22:05:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/20 22:28:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/05 11:05:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/07 00:39:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/08 00:24:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/08 23:18:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/09 22:37:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/25 09:28:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/27 00:56:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/27 20:30:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/27 23:10:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/15 09:08:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/16 20:29:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/28 05:43:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/19 13:21:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/04 00:14:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/11/05 04:16:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/18 00:42:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/18 22:53:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/19 07:52:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/20 22:05:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/20 22:27:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/09/05 11:05:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/07 00:39:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/08 00:24:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/08 23:18:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/09 22:37:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/25 09:28:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/27 00:56:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/27 20:30:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/27 23:10:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/15 09:08:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/16 20:29:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/28 05:43:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/19 13:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/11/04 00:14:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/05 04:16:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/18 00:42:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/18 22:53:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/19 07:52:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/01/04 17:17:40 | 000,000,347 | -H-- | M] () -- C:\T4Metrics.log
[2010/10/17 12:17:53 | 000,050,306 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_17.10.2010_12.12.07_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 06:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/08/30 23:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/04/23 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
[2004/04/23 00:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP64.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 15:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 15:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 15:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/02 10:20:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/01/04 14:14:40 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/30 23:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/16 22:20:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/10/17 10:54:36 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/07/17 23:46:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2010/10/15 22:58:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vfwlzpsc.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/10/17 09:27:40 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
[2008/02/22 18:12:16 | 000,189,008 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\pictureviz.exe
[2008/03/14 12:13:58 | 004,042,960 | ---- | M] (Tropic Designs ) -- C:\Documents and Settings\HP_Administrator\My Documents\weatherpulse-setup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/09 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/01/01 00:02:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/09/01 23:08:38 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\desktop.ini
[2010/10/17 13:17:13 | 000,835,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 11:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

 

[Hurriken]

I tried to copy and paste "Extras" several differnet ways and the forum rejects it. I'll have to attach it.

OTL Extras logfile created on: 10/17/2010 1:27:51 PM - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.42 Gb Total Space | 79.02 Gb Free Space | 35.21% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.12% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe" = C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe" = C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro -- (FileMaker, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- (AOL LLC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe" = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb -- ()
"C:\Program Files\FileMaker\FileMaker Pro 10\FileMaker Pro.exe" = C:\Program Files\FileMaker\FileMaker Pro 10\FileMaker Pro.exe:*:Enabled:FileMaker Pro -- (FileMaker, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe" = C:\Program Files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:*:Enabled:Darkest Hour: Europe '44-'45 -- ()
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Program Files\FinalTorrent\FinalTorrent.EXE" = C:\Program Files\FinalTorrent\FinalTorrent.EXE:*:Enabled:FinalTorrent -- (Bitberry Software)
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V350 Photo Scanner Driver Update
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28184E01-D57A-4933-A09B-F65403F16D82}" = I-Cool
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E0501C4-22D1-40C8-9F9A-2C1983891063}" = Saitek SD6 Programming Software 6.0.10.7
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7A01DFF3-592E-4D5E-8AD2-32951A61B9D4}" = Draft Predictor 2010
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8680171A-9311-4453-86CA-E39EB5B6C2A3}" = FileMaker Pro 8
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F5D143-C950-465D-A8BE-C3D4D9CB3C1F}" = FileMaker Pro 10
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F1385C3-E388-4600-B21D-2C4A01280A69}" = TouchCopy
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat  8 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E4C07CAB-99A1-4177-8EA1-67B0FE6474C8}" = TurboTax 2008 wiliper
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED707F85-E1A7-4810-A619-555B732C191B}" = HyperLobby client
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Acrobat  8 Standard" = Adobe Acrobat 8.1.6 Standard
"Adobe Acrobat  8 Standard_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Chuck's Planted Aquarium Calculator_is1" = Chuck's Planted Aquarium Calculator v1.0i
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DISCover" = DISCover
"DriverAgent.exe" = DriverAgent by TouchStone Software
"EPSON Scanner" = EPSON Scan
"FinalTorrent_is1" = FinalTorrent 2010
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ieSpell" = ieSpell
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"OpenAL" = OpenAL
"PFConfig" = PFConfig 1.0.232
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"RealPlayer 6.0" = RealPlayer
"SFBM" = SoundFont Bank Manager
"Silent Package Run-Time Sample" = EPSON Perfection V350P User's Guide
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"Steam App 11020" = TrackMania Nations Forever
"Steam App 1200" = Red Orchestra
"Steam App 1280" = Darkest Hour
"Steam App 1290" = Darkest Hour Server
"Steam App 630" = Alien Swarm
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/15/2010 11:21:35 AM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 10/15/2010 11:21:37 AM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 10/15/2010 11:21:39 AM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 10/15/2010 12:41:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.
 
Error - 10/15/2010 12:46:39 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
 could be found for product Microsoft Office 2000 Premium.  The Windows installer
 cannot continue.
 
Error - 10/15/2010 2:08:31 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.
 
Error - 10/15/2010 2:56:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.
 
Error - 10/15/2010 2:56:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
 could be found for product Microsoft Office 2000 Premium.  The Windows installer
 cannot continue.
 
Error - 10/15/2010 11:10:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application il2fb.exe, version 0.0.0.0, faulting module jvm.dll,
 version 0.0.0.0, fault address 0x00041175.
 
Error - 10/15/2010 11:10:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1001
Description = Fault bucket 39829191.
 
[ System Events ]
Error - 10/17/2010 12:49:19 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM 
Service service to connect.
 
Error - 10/17/2010 12:49:19 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
Error - 10/17/2010 12:05:56 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
   %%126
 
Error - 10/17/2010 12:07:51 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.
 
Error - 10/17/2010 12:07:51 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   ftsata2  SASDIFSV  SASKUTIL
 
Error - 10/17/2010 12:09:07 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
 with DCOM within the required timeout.
 
Error - 10/17/2010 12:09:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10010
Description = The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register
 with DCOM within the required timeout.
 
Error - 10/17/2010 12:09:16 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10010
Description = The server {DA230D45-221A-4537-ABAB-75B0DE5FEBA6} did not register
 with DCOM within the required timeout.
 
Error - 10/17/2010 12:13:01 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
   %%126
 
Error - 10/17/2010 12:13:05 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   ftsata2  SASDIFSV  SASKUTIL
 
 
< End of report >

 

[Broni]

Some boards will read certain letter/numbers combination as smileys and since I see, this board won't allow more than 7 images per post, there you have it

Let me take a look....

 

[Hurriken]

Thats exactly what it told me...:blackeye:

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
  O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
  O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
  @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
  @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Hurriken]

OTL logfile created on: 10/17/2010 1:27:51 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.42 Gb Total Space | 79.02 Gb Free Space | 35.21% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/01 19:09:26 | 000,313,216 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PRC - [2010/04/01 19:09:24 | 001,103,744 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/27 17:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/04 13:34:50 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/02 11:10:46 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/10/02 11:10:14 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/04/13 05:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/06 20:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/17 11:30:26 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2005/11/15 20:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 14:50:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/01 19:09:26 | 000,313,216 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/04/27 17:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/21 13:27:36 | 000,022,600 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NxDrv.sys -- (NxDrv)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/25 10:44:48 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/10/30 14:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/25 14:54:58 | 000,036,384 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npusbio.sys -- (npusbio)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/31 10:31:12 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/08 18:02:04 | 000,019,640 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/05/11 13:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iastor.sys -- (iaStor)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: npNELaunch@sonicwall.com:4.0.0.78
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 17:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 20:55:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/10/06 17:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/10/11 20:55:38 | 000,000,000 | ---D | M]

[2008/12/12 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/10/15 14:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions
[2010/05/19 22:37:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 12:31:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/20 20:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\npNELaunch@sonicwall.com
[2010/06/21 10:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com
[2010/06/21 10:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com-trash
[2010/10/15 14:53:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 23:30:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 18:43:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/25 13:30:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://dio.conbio.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} http://66.98.130.69/DGTx.CAB (DGTx.uc1)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/04 13:47:12 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (3099643537784832)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 13:25:44 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/10/17 10:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD
[2010/10/16 23:03:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/16 22:28:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/16 22:28:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/16 22:28:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/16 22:28:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/16 22:25:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/15 22:28:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2010/10/14 18:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/10/13 08:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/06 17:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/06 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/18 10:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/09/18 10:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\TrackMania
[2010/09/07 22:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/24 10:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\ER99 Data
[2010/08/23 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Downloads
[2010/08/23 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\FinalTorrent
[2010/08/23 23:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\FinalTorrent
[2010/08/23 23:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/08/23 23:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
[2010/08/23 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Draft Predictor 2010
[2010/08/23 20:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bert
[2010/08/23 20:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010/08/23 19:25:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/15 10:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Albums
[2010/08/15 10:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
[2010/07/23 09:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pictures for showing 2
[2010/07/23 08:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pictures for showing
[2010/07/20 14:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010/07/20 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/07/20 14:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/07/20 14:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/20 14:06:55 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/20 13:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Games
[2010/07/20 13:23:55 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2006/12/12 10:47:24 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/10/17 13:17:12 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/17 12:33:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.lnk
[2010/10/17 11:15:57 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/17 11:12:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/17 11:12:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 11:12:43 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 11:02:06 | 000,054,760 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/10/17 11:02:06 | 000,054,760 | ---- | M] () --

 

[Hurriken]

C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/10/17 11:02:06 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/10/17 10:54:36 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/10/17 09:27:40 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
[2010/10/16 23:03:55 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/16 22:20:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/10/16 19:47:06 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/10/15 22:58:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vfwlzpsc.exe
[2010/10/14 23:33:43 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/14 18:43:37 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/10/13 08:36:06 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 03:09:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/10/11 20:55:40 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 20:46:22 | 000,212,142 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 20_46_20.960228.dmp
[2010/10/11 19:51:01 | 000,134,162 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\225510.pdf
[2010/10/11 17:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 17:03:42 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2010/10/11 00:29:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 00_29_30.623339.dmp
[2010/10/09 08:57:25 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/09 00:20:46 | 000,033,315 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-09 00_20_45.924591.dmp
[2010/10/08 03:02:47 | 000,442,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 03:02:47 | 000,072,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 18:55:51 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\19-01 Rev M ServicereportFront.doc
[2010/10/06 18:54:39 | 000,170,898 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MC30077 Device Consulting.pdf
[2010/10/06 18:39:33 | 000,138,681 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\224776.pdf
[2010/10/06 17:38:04 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 17:33:48 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/28 09:53:38 | 000,019,118 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TheEarlyChurchPatternforEvangelismPart1.pdf
[2010/09/23 22:13:26 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Draft Predictor 2010.lnk
[2010/09/23 16:00:15 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Chat Content.doc
[2010/09/22 15:14:16 | 000,146,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tombrady.jpg
[2010/09/22 15:11:07 | 000,387,250 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\picture-513.png
[2010/09/18 19:43:13 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Alien Swarm.url
[2010/09/18 01:12:35 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TrackMania Nations Forever.url
[2010/09/15 18:32:47 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Basic Ground Rules for Our Family Meeting.doc
[2010/09/07 22:22:56 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/05 18:25:43 | 000,692,174 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\recipe.pdf
[2010/09/04 20:12:47 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fantasy Champion 2010.doc
[2010/09/04 11:53:12 | 000,066,399 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\12713m41ha55qltibd552gvsv4zy.pdf
[2010/09/04 11:52:14 | 000,066,530 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\35603m41ha55qltibd552gvsv4zy.pdf
[2010/08/24 10:11:05 | 000,000,291 | ---- | M] () -- C:\Boot.bak
[2010/08/23 23:36:37 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk
[2010/08/23 23:36:37 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FinalTorrent.lnk
[2010/08/23 16:12:46 | 000,446,691 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ECO Signed 8-23-10.pdf
[2010/08/20 21:07:57 | 000,064,598 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photobomb.jpg
[2010/08/20 21:04:15 | 000,067,254 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\33497_433930991120_545286120_5245680_3535355_n.jpg
[2010/08/20 15:18:05 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge(2).doc
[2010/08/20 15:17:30 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge.doc
[2010/08/20 14:44:59 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/15 23:50:01 | 002,002,547 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/20 14:50:12 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/07/20 14:15:15 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/20 14:15:15 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/20 14:15:12 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/20 14:07:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/20 14:01:21 | 000,193,709 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

========== Files Created - No Company Name ==========

[2010/10/17 12:33:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.lnk
[2010/10/17 12:33:42 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
[2010/10/17 10:55:14 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/10/16 22:54:28 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 22:28:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/16 22:28:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/16 22:28:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/16 22:28:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/16 22:28:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/16 22:21:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/10/16 20:10:03 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/10/15 22:58:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\vfwlzpsc.exe
[2010/10/14 18:43:37 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/10/11 20:55:40 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 20:46:20 | 000,212,142 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 20_46_20.960228.dmp
[2010/10/11 19:51:00 | 000,134,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\225510.pdf
[2010/10/11 00:29:30 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-11 00_29_30.623339.dmp
[2010/10/11 00:15:32 | 000,003,844 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ZutiLog.txt
[2010/10/09 00:20:45 | 000,033,315 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ts3_clientui-win32-12451-2010-10-09 00_20_45.924591.dmp
[2010/10/06 18:55:51 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\19-01 Rev M ServicereportFront.doc
[2010/10/06 18:54:39 | 000,170,898 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MC30077 Device Consulting.pdf
[2010/10/06 17:38:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 17:33:48 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/04 19:24:13 | 000,138,681 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\224776.pdf
[2010/09/28 09:53:46 | 000,019,118 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TheEarlyChurchPatternforEvangelismPart1.pdf
[2010/09/23 16:00:14 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Chat Content.doc
[2010/09/22 15:14:16 | 000,146,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tombrady.jpg
[2010/09/22 15:11:06 | 000,387,250 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\picture-513.png
[2010/09/18 19:43:13 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Alien Swarm.url
[2010/09/18 01:12:34 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TrackMania Nations Forever.url
[2010/09/15 18:32:46 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Basic Ground Rules for Our Family Meeting.doc
[2010/09/07 22:22:56 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/07 22:22:56 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/05 18:25:43 | 000,692,174 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\recipe.pdf
[2010/09/04 11:53:12 | 000,066,399 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\12713m41ha55qltibd552gvsv4zy.pdf
[2010/09/04 11:52:13 | 000,066,530 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\35603m41ha55qltibd552gvsv4zy.pdf
[2010/09/02 17:22:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fantasy Champion 2010.doc
[2010/08/24 10:11:03 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2010/08/24 10:11:03 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/24 10:11:03 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/08/24 10:11:03 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
[2010/08/23 23:36:37 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk
[2010/08/23 23:36:37 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FinalTorrent.lnk
[2010/08/23 20:55:31 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Draft Predictor 2010.lnk
[2010/08/23 16:12:44 | 000,446,691 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ECO Signed 8-23-10.pdf
[2010/08/20 21:07:57 | 000,064,598 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photobomb.jpg
[2010/08/20 21:04:15 | 000,067,254 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\33497_433930991120_545286120_5245680_3535355_n.jpg
[2010/08/20 15:18:05 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge(2).doc
[2010/08/20 15:17:29 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Employee Performance Review 2010 K. Fudge.doc
[2010/07/20 14:53:55 | 000,054,760 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/07/20 14:53:55 | 000,000,788 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/07/20 14:07:41 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/20 14:07:38 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/20 14:07:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/20 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/20 14:06:55 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/20 14:06:53 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/03/17 23:51:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/05/30 08:56:32 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/04 09:57:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\JFEXRMC.INI
[2009/03/29 20:55:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/15 00:20:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/02 20:59:56 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/10/02 20:59:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/05/07 23:32:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Woodwinds
[2008/05/07 23:32:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\designjet
[2008/05/07 23:32:24 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/03/31 10:31:10 | 001,978,368 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464.Dll
[2008/03/31 10:31:10 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0C.dll
[2008/03/31 10:31:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_10.dll
[2008/03/31 10:31:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0A.dll
[2008/03/31 10:31:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_07.dll
[2008/03/31 10:31:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_09.dll
[2008/03/31 10:31:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0402.dll
[2008/03/31 10:31:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_11.dll
[2008/03/17 16:44:17 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/02/19 23:48:40 | 000,023,978 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\.ipc_copyrecord
[2008/02/19 23:44:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/02/14 22:50:59 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/01/29 12:57:03 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\AppShare-6-7-2.dll
[2008/01/14 02:31:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2008/01/13 19:03:31 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/13 15:59:51 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2008/01/09 21:22:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/09 21:17:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2008/01/07 10:48:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/05 19:06:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2008/01/04 22:25:42 | 000,000,397 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2008/01/04 21:50:26 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008/01/04 14:13:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/04 14:10:23 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/01/04 13:55:02 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2008/01/04 13:50:48 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/04 13:50:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/04 13:47:32 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/04 13:36:04 | 000,000,320 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/04 13:35:27 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2008/01/04 13:30:41 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/04 13:29:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/04 13:26:42 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/01/04 13:26:42 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/04 13:25:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/31 17:00:41 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/24 00:00:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/26 16:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 08:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 09:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/06/26 16:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/19 09:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/05/07 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/05/07 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Equalizer
[2008/12/20 19:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/13 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/12/13 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2010/07/20 14:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/18 10:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2008/05/07 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/02/22 18:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2009/07/24 15:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/10/17 00:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/04/12 11:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/01 20:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/26 09:23:14 | 000,007,388 | ---- | M] () -- C:\aaw7boot.log
[2008/01/04 13:47:12 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/24 10:11:05 | 000,000,291 | ---- | M] () -- C:\Boot.bak
[2010/10/16 23:03:55 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2004/08/09 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/17 13:16:00 | 000,015,156 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 23:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/06 13:39:25 | 000,000,086 | ---- | M] () -- C:\csb.log
[2009/01/26 22:35:53 | 002,619,556 | ---- | M] () -- C:\Fraps.v2.6.0.4791-iND.rar
[2010/10/17 11:12:43 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/04 13:54:05 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
[2010/02/08 22:26:14 | 000,007,575 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/30 23:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/27 19:31:58 | 000,001,851 | -H-- | M] () -- C:\IPH.PH
[2008/10/24 11:40:04 | 000,226,632 | ---- | M] () -- C:\khalinstall.log
[2005/08/30 23:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/09 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/02 10:16:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/17 11:12:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/20 15:30:37 | 000,000,000 | ---- | M] () -- C:\plx_proxy.log
[2006/07/31 17:00:56 | 000,000,012 | ---- | M] () -- C:\RecoveryCD.txt
[2008/07/06 13:35:09 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2009/08/20 22:05:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/20 22:28:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/05 11:05:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/07 00:39:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/08 00:24:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/08 23:18:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/09 22:37:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/25 09:28:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/27 00:56:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/27 20:30:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/27 23:10:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/15 09:08:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/16 20:29:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/28 05:43:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/19 13:21:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/04 00:14:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/11/05 04:16:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/18 00:42:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/18 22:53:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/19 07:52:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/20 22:05:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/20 22:27:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/09/05 11:05:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/07 00:39:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/08 00:24:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/08 23:18:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/09 22:37:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/25 09:28:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/27 00:56:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/27 20:30:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/27 23:10:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/15 09:08:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/16 20:29:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/28 05:43:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/19 13:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/11/04 00:14:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/05 04:16:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/18 00:42:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/18 22:53:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/19 07:52:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/01/04 17:17:40 | 000,000,347 | -H-- | M] () -- C:\T4Metrics.log
[2010/10/17 12:17:53 | 000,050,306 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_17.10.2010_12.12.07_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 06:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/08/30 23:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/04/23 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
[2004/04/23 00:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP64.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 15:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 15:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 15:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/02 10:20:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/01/04 14:14:40 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/30 23:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/16 22:20:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/10/17 10:54:36 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTBR_CD.exe
[2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/07/17 23:46:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2010/10/15 22:58:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vfwlzpsc.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/10/17 09:27:40 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
[2008/02/22 18:12:16 | 000,189,008 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\pictureviz.exe
[2008/03/14 12:13:58 | 004,042,960 | ---- | M] (Tropic Designs ) -- C:\Documents and Settings\HP_Administrator\My Documents\weatherpulse-setup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/09 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/01/01 00:02:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/09/01 23:08:38 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\desktop.ini
[2010/10/17 13:17:13 | 000,835,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 11:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


D:\I386\APPS\APP02037\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
D:\I386\APPS\APP02037\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application


I ran security check but I can't find the txt file. Should I run it again?

 

[Broni]

I ran security check but I can't find the txt file. Should I run it again?

Yes, please.

You posted a whole OTL log, instead of a log from the fix.'
Please, redo, or post correct log.

 

[Hurriken]

Here is Security Check, OTL is coming.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
Adobe Reader Japanese Fonts
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Hurriken]

I hope this is what you meant.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Reminder not found.
File C:\Windows\Creator\Remind_XP.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg not found.
File C:\WINDOWS\Updreg.EXE not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 141144 bytes
->Temporary Internet Files folder emptied: 533185 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41407803 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 653 bytes

User: Jennifer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melissa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Sigrid
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34570 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: Jennifer
->Flash cache emptied: 0 bytes

User: LocalService

User: Melissa
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Sigrid
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10182010_153835

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_a80.dat moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Yes


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[Hurriken]

Step one:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 2171 bytes
->Temporary Internet Files folder emptied: 528648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24881128 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

 

[Hurriken]

OK I have pretty much finished everything. I have a confession to make. I've been running without a firewall. I put it off and then forgot about it. I'm going to check out Zone Alarm it seems like it may be pretty good. It may be a good time to get new passwords as well.

You wanted to work on my start up menu?

 

[Broni]

Bad, bad boy....
Make sure to turn Windows firewall on.
It's perfectly enough.
If you want something more sophisticated, I recommend Comodo firewall.
I'm not a big fan of ZoneAlarm.

Now, off to your startups....

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

 

[Hurriken]

I don't even use half this stuff.




Startup List report created on 10/18/2010 by Startup Manager


Name: avast5
Path: C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: TkBellExe
Path: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SonicWALLNetExtender
Path: C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SaiMfd
Path: C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Recguard
Path: C:\WINDOWS\SMINST\RECGUARD.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ProfilerU
Path: C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: nwiz
Path: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvMediaCenter
Path: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvCplDaemon
Path: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: nmctxth
Path: "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: nmapp
Path: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Kernel and Hardware Abstraction Layer
Path: KHALMNPR.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ISUSScheduler
Path: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ISUSPM Startup
Path: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HPBootOp
Path: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Software Update
Path: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ftutil2
Path: rundll32.exe ftutil2.dll,SetWriteCacheMode
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ehTray
Path: C:\WINDOWS\ehome\ehtray.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: EEventManager
Path: C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: DMAScheduler
Path: "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: DLA
Path: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: CTxfiHlp
Path: CTXFIHLP.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: CTHelper
Path: CTHELPER.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: amd_dc_opt
Path: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: AlwaysReady Power Message APP
Path: ARPWRMSG.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Acrobat Assistant 8.0
Path: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SunJavaUpdateSched
Path: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: AppleSyncNotifier
Path: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: QuickTime Task
Path: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: iTunesHelper
Path: "C:\Program Files\iTunes\iTunesHelper.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe Reader Speed Launcher
Path: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Adobe ARM
Path: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: CarboniteSetupLite
Path: "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Steam
Path: "c:\program files\steam\steam.exe" -silent
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: MsnMsgr
Path: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: H/PC Connection Agent
Path: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Skype
Path: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Logitech SetPoint
Path: C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Microsoft Office
Path: C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: NkbMonitor.exe
Path: C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Picture Motion Browser Media Check Tool
Path: C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE /noballoononstart
Location: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Secunia PSI
Path: C:\PROGRA~1\Secunia\PSI\psi.exe --start-in-tray
Location: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------
Total 42 Items

 

[Broni]

Re-run "QuickStartup" and UN-check following items:

TkBellExe
nwiz
NvCplDaemon
ISUSScheduler
ISUSPM Startup
HPBootOp
HP Software Update
EEventManager
DMAScheduler
DLA
CTxfiHlp
AlwaysReady Power Message APP
SunJavaUpdateSched
AppleSyncNotifier
iTunesHelper
Adobe ARM
MsnMsgr
H/PC Connection Agent
Skype
Microsoft Office
Secunia PSI

Restart computer.

No actual programs will be removed.
If, for some reason, we disabled something, what you really need as a startup, you can use same "QuickStartup" to re-enable the item.

 

[Hurriken]

Wow the computer boots up in three minutes!

One thing, When I try to update Avast it says that it cannot connect to the servers.

 

[Broni]

Hmmm...do browsers work fine?

If so, try to restart computer/reinstall Avast.

 

[Broni]

Hmmm...do browsers work fine?

If so, try to restart computer/reinstall Avast.

 

[Hurriken]

The browsers work great. I looked at the windows Firewall, updates, etc and it tells me Avast is up running, and working great with the latest version.I D/Led the firefox beta but it won't work so I'm still using 3.6.10

 

[Broni]

You scared me

Good luck and stay safe

 

[Hurriken]

OK, so I'm done then....this machine is screaming fast now...faster than last time! I wish I would have known how much those start ups were bogging me down. It's ridiculous, you can't download anything without it trying to add a toolbar or stick something in the start up menu.

 

[Broni]

I'm glad to see you happy

When you're installing anything these days, always select "custom" installation and...PAY ATTENTION, to see what drive-by-install crap is coming