Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Loading c:\windows\system32\rifizipo.dll


  • This topic is locked This topic is locked
7 replies to this topic

#1 msvjcpa

msvjcpa

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 15 February 2010 - 08:30 AM

I was having a lot of trouble with my computer and getting redirects when browsing in IE. I restored my computer to the factory settings to get a fresh start and then proceeded to reinstall my software,etc. Things seem to be working better but when I start up my computer I get this error message as if it's looking for a file that is no longer there:

Error Loading c:\windows\system32\rifizipo.dll

I ran HijackThis and have posted the log below. What should I do to get rid of this error message. Any help is appreciated. Thanks...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:20 AM, on 2/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gosakikul] Rundll32.exe "c:\windows\system32\rifizipo.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\HP_Administrator\Application Data\Smilebox\SmileboxTray.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: kiweyewi.dll c:\windows\system32\kazozemu.dll c:\windows\system32\rifizipo.dll
O21 - SSODL: pajebimeh - {118d0cc7-4497-4611-a818-415942bd32be} - c:\windows\system32\rifizipo.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {118d0cc7-4497-4611-a818-415942bd32be} - c:\windows\system32\rifizipo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11806 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 PM

Posted 15 February 2010 - 05:57 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 msvjcpa

msvjcpa
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 16 February 2010 - 07:23 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3748
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/16/2010 6:20:59 PM
mbam-log-2010-02-16 (18-20-59).txt

Scan type: Quick Scan
Objects scanned: 150318
Time elapsed: 35 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gosakikul (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Administrator.JOHNSONFAMILY\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Your PC Protector (Rogue.PcProtector) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Administrator.JOHNSONFAMILY\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\dbsinit.exe (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\wispex.html (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\pix.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\t1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\t2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\Thumbs.db (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\up1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\up2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w11.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w3.jpg (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\word.doc (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Your PC Protector\Your PC Protector.lnk (Rogue.PcProtector) -> Quarantined and deleted successfully.
C:\Your PC Protector.lnk (Rogue.PcProtector) -> Quarantined and deleted successfully.
C:\Program Files\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.


#4 msvjcpa

msvjcpa
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 16 February 2010 - 08:00 PM

OTL logfile created on: 2/16/2010 6:35:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 24.00% Memory free
919.00 Mb Paging File | 492.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.29 Gb Total Space | 105.15 Gb Free Space | 58.98% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.38 Gb Free Space | 17.23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 698.64 Gb Total Space | 632.86 Gb Free Space | 90.59% Space Free | Partition Type: NTFS

Computer Name: JOHNSONDESKTOP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/16 18:34:05 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/02/07 16:11:56 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/02/07 16:11:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/19 04:34:22 | 000,266,888 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\HP_Administrator\Application Data\Smilebox\SmileboxTray.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 20:54:18 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/05/21 20:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/05/21 20:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2009/05/21 17:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/20 14:01:32 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/04/20 13:01:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/04/20 13:01:32 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/04/20 13:01:32 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/20 13:01:30 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/06/10 18:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe
PRC - [2007/05/08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/05/25 20:18:18 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2005/03/18 05:05:00 | 000,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/14 22:49:06 | 000,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/02/25 23:34:02 | 000,245,760 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/02/02 16:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/09/07 14:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/06/29 11:06:38 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [1998/05/07 10:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/16 18:34:05 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2005/05/25 20:18:18 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/10 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/07 16:11:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/04/20 13:01:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/04/20 13:01:32 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/04/20 13:01:32 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/04/20 13:01:32 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/20 13:01:30 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/03/14 22:49:06 | 000,352,256 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 09:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\S-1-5-21-1894519760-1467411831-3564605145-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\S-1-5-21-1894519760-1467411831-3564605145-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..network.proxy.ftp: "168.94.74.68"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "168.94.74.68"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "168.94.74.68"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "168.94.74.68"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "168.94.74.68"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/20 14:17:31 | 000,000,000 | ---D | M]

[2007/04/06 16:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\939aoivm.default\extensions
[2007/04/06 16:10:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\939aoivm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/10/18 03:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/11 15:47:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2006/09/24 17:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/09/24 17:53:27 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/09/24 17:53:28 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/09/24 17:53:27 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/09/24 17:55:12 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2006/09/24 17:53:33 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2006/09/24 17:53:33 | 000,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2006/09/24 17:53:33 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2006/09/24 17:53:33 | 000,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2006/09/24 17:53:33 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2006/09/24 17:53:33 | 000,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2006/09/24 17:53:33 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2006/09/24 17:53:33 | 000,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2006/09/24 17:53:33 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2006/09/24 17:53:33 | 000,000,718 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2006/09/24 17:53:33 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2006/09/24 17:53:33 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008..\Run: [SmileboxTray] C:\Documents and Settings\HP_Administrator\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1894519760-1467411831-3564605145-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (kiweyewi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\kazozemu.dll) - C:\WINDOWS\System32\kazozemu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\rifizipo.dll) - C:\WINDOWS\System32\rifizipo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: pajebimeh - {118d0cc7-4497-4611-a818-415942bd32be} - C:\WINDOWS\System32\rifizipo.dll File not found
O22 - SharedTaskScheduler: {118d0cc7-4497-4611-a818-415942bd32be} - tokatiluy - C:\WINDOWS\System32\rifizipo.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/25 20:49:04 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/07 15:33:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/16 18:33:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/16 17:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/02/16 17:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/16 17:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/16 17:43:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/16 17:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/16 17:34:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2010/02/15 07:06:50 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
[2010/02/09 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/07 19:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/07 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/02/07 18:21:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/07 17:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HPAppData
[2010/02/07 17:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HP
[2010/02/07 17:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\IECompatCache
[2010/02/07 17:22:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/07 16:11:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/07 16:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
[2010/02/07 16:05:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010/02/07 16:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LightScribe
[2010/02/07 16:04:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/02/07 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InterMute
[2010/02/07 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2010/02/07 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2010/02/07 16:02:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2010/02/07 16:02:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2010/02/07 16:02:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2010/02/07 16:02:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2010/02/07 16:02:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2010/02/07 16:02:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2010/02/07 16:02:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2010/02/07 16:02:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2010/02/07 16:02:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2010/02/07 16:02:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2010/02/07 16:02:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2010/02/07 16:02:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Apple Computer
[2010/02/07 16:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/02/07 16:02:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2010/02/07 16:02:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2010/02/07 16:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WINDOWS
[2010/02/07 15:55:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/02/07 15:45:12 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/07 15:45:12 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/07 15:35:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/07 15:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/02/07 15:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/07 15:17:01 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/01/14 15:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2009/09/04 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2009/08/31 20:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/31 19:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/07 13:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/08/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/05/25 19:25:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/05/25 19:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/05/25 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/25 19:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/16 18:35:29 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/02/16 18:34:05 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/16 18:29:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/16 18:29:04 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/02/16 18:28:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/16 18:28:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/16 18:28:01 | 401,133,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 18:25:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/02/16 18:25:53 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/02/16 17:55:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/16 17:43:17 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 17:42:12 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2010/02/15 22:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 11:07:08 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/02/15 07:07:04 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
[2010/02/14 21:27:20 | 000,297,913 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\salt lake temple.docx
[2010/02/14 19:09:47 | 000,087,200 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 09:54:10 | 000,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 09:10:50 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/12 16:58:25 | 048,792,284 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\19 Blessed.wav
[2010/02/11 06:43:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 07:49:31 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/09 07:49:31 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/09 07:49:30 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/07 22:36:50 | 000,165,183 | ---- | M] () -- C:\WINDOWS\hpoins37.dat
[2010/02/07 22:25:55 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/02/07 22:24:23 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/07 18:38:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 18:17:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/07 16:12:28 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Solitaire.lnk
[2010/02/07 16:03:49 | 000,001,872 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PY029AA-ABA A1129N_YC_0Pavi_QMXK530_E53NAsyEPC2_47_IALBACORE_SMSI_V1.0_B3.20_T050708_WXP2_L409_M383_J200_7AMD_8Athlon 64_92.19_#050808_N10EC8139_Z11C1048C_G10025954_OHP DVD Writer 640c;IDE-DVD DROM6216.MRK
[2010/02/07 16:02:49 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/02/07 16:01:40 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/02/07 15:59:24 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/07 15:59:12 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/02/07 15:57:02 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/02/07 15:51:40 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 15:45:28 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/07 15:45:28 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/07 15:45:28 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/07 15:45:28 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/07 15:36:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/07 11:05:59 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/16 17:43:17 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 21:27:19 | 000,297,913 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\salt lake temple.docx
[2010/02/12 16:58:11 | 048,792,284 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\19 Blessed.wav
[2010/02/09 18:04:37 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/02/07 22:25:55 | 000,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/02/07 22:18:03 | 000,165,183 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/02/07 22:18:03 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/02/07 19:43:48 | 401,133,568 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/07 16:27:39 | 001,310,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/02/07 16:19:02 | 000,163,182 | ---- | C] () -- C:\WINDOWS\hpoins37.dat.temp
[2010/02/07 16:19:01 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/02/07 16:15:58 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/02/07 16:14:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/02/07 16:03:40 | 000,001,872 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PY029AA-ABA A1129N_YC_0Pavi_QMXK530_E53NAsyEPC2_47_IALBACORE_SMSI_V1.0_B3.20_T050708_WXP2_L409_M383_J200_7AMD_8Athlon 64_92.19_#050808_N10EC8139_Z11C1048C_G10025954_OHP DVD Writer 640c;IDE-DVD DROM6216.MRK
[2010/02/07 16:02:25 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/02/07 16:02:17 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/02/07 16:02:10 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/02/07 16:01:39 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/02/07 15:45:12 | 000,010,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/07 15:45:12 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/07 10:37:37 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2009/05/30 11:04:17 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPCOM_48BitScanUpdate.log
[2007/08/31 17:34:29 | 000,000,042 | ---- | C] () -- C:\WINDOWS\TSMLite.INI
[2007/01/28 00:22:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/25 09:06:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2006/11/25 20:46:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/05/05 21:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/04/11 16:23:41 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/11 16:23:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/08 09:28:17 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2005/12/26 11:34:21 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/28 16:51:48 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/09/01 09:57:03 | 000,001,651 | ---- | C] () -- C:\WINDOWS\DJSmile.ini
[2005/08/24 05:02:13 | 000,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini
[2005/08/23 06:26:59 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DELFMIJO.ini
[2005/08/14 15:33:52 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/25 20:51:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/25 20:48:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/25 20:48:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/25 20:48:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/25 20:48:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/25 20:48:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/25 20:48:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/25 20:17:43 | 000,015,329 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/25 20:17:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/25 20:14:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/25 19:51:47 | 000,007,510 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/25 19:50:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/25 19:30:28 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/25 19:28:31 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/25 19:28:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/25 19:28:12 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 11:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/19 23:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 23:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/10 06:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/10 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/10 05:00:00 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== LOP Check ==========

[2005/05/25 20:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2005/05/25 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/04/01 19:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2007/04/01 17:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2008/11/03 07:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/09/10 18:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2006/03/09 22:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/05/05 21:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/01/29 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/15 17:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/10/23 03:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/21 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/18 12:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/05/25 20:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute
[2005/05/25 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/02/07 16:02:49 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2009/12/15 01:00:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 00:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/02/16 18:29:04 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/01/21 03:00:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/09/04 19:52:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/07 18:10:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/02/07 18:10:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/09/04 19:52:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sp3.cab:AGP440.sys
[2010/02/07 18:10:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2009/09/04 19:52:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/07 18:10:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/02/07 18:10:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/09/04 19:52:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sp3.cab:atapi.sys
[2010/02/07 18:10:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2010/01/22 18:38:56 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/10 06:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/12/21 23:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/12/21 23:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/04/20 14:01:34 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/12/21 23:42:45 | 000,251,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2009/04/20 14:01:34 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

OTL Extras logfile created on: 2/16/2010 6:35:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 24.00% Memory free
919.00 Mb Paging File | 492.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.29 Gb Total Space | 105.15 Gb Free Space | 58.98% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.38 Gb Free Space | 17.23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 698.64 Gb Total Space | 632.86 Gb Free Space | 90.59% Space Free | Partition Type: NTFS

Computer Name: JOHNSONDESKTOP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6512B303-F989-4C13-B9F6-A99989E4ED54}" = HP Tunes
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1B497FAA-E53E-420D-8408-FFDD3278CD50" = Blasterball 2 Holidays from HP Media Center (remove only)
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"31D6EDEF-1926-4267-A24E-077BFB360F72" = Final Drive Nitro from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"4C838121-69EC-424A-8FB0-91C15306A758" = Phoenix Assault from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A8B63E91-BB8C-41FF-B530-5BB13C915612" = Overball from HP Media Center (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Image Zone 4.8.6
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2010 7:15:40 PM | Computer Name = JOHNSONDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application smileboxclient.exe, version 1.0.1.12667, faulting
module quicktime.qts, version 7.65.17.80, fault address 0x00786142.

Error - 2/11/2010 6:35:53 PM | Computer Name = JOHNSONDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application smileboxclient.exe, version 1.0.1.12667, faulting
module quicktime.qts, version 7.65.17.80, fault address 0x00786142.

Error - 2/16/2010 7:58:26 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.FakeAV in File: C:\Program Files\adc32.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 2/16/2010 8:04:40 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!WindowsAntivirusPro in File: C:\Program Files\adc32.dll
by: Auto-Protect scan. Action: Quarantine. Action Description: The file was deleted
successfully.

Error - 2/16/2010 8:09:22 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.FakeAV in File: C:\Program Files\alggui.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 2/16/2010 8:15:27 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!AntiVirus2008 in File: C:\Documents and Settings\HP_Administrator.JOHNSONFAMILY\Local
Settings\Temporary Internet Files\Content.IE5\0AIGOH8Y\PC_protect[1].exe by: Auto-Protect
scan. Action: Quarantine succeeded : Access denied. Action Description: The file
was quarantined successfully.

Error - 2/16/2010 8:21:10 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.FakeAV in File: C:\Program Files\svchost.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 2/16/2010 8:22:00 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!WindowsAntivirusPro in File: C:\Program Files\schtml\wispex.html
by: Auto-Protect scan. Action: Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 2/16/2010 8:22:47 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\Temp\win68.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 2/16/2010 8:23:39 PM | Computer Name = JOHNSONDESKTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Generic.264 in File: C:\Documents and Settings\HP_Administrator.JOHNSONFAMILY\Local
Settings\temp\DWH15C7.tmp by: Auto-Protect scan. Action: Cleaned by Deletion.
Action Description: The file was deleted successfully.

[ System Events ]
Error - 2/8/2010 12:14:43 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.rsc. Reference error message: The operation completed successfully.
.

Error - 2/8/2010 12:14:49 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/8/2010 12:14:49 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 2/8/2010 12:14:49 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\Program Files\HP\Digital
Imaging\bin\hpotra08.rsc. Reference error message: The operation completed successfully.
.

Error - 2/8/2010 12:14:51 AM | Computer Name = JOHNSONDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 2/8/2010 12:14:51 AM | Computer Name = JOHNSONDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 2/8/2010 12:15:11 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/8/2010 12:15:11 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 2/8/2010 12:15:11 AM | Computer Name = JOHNSONDESKTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.rsc. Reference error message: The operation completed successfully.
.

Error - 2/14/2010 10:07:48 PM | Computer Name = JOHNSONDESKTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.


< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 PM

Posted 17 February 2010 - 12:02 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O20 - AppInit_DLLs: (kiweyewi.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kazozemu.dll) - C:\WINDOWS\System32\kazozemu.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\rifizipo.dll) - C:\WINDOWS\System32\rifizipo.dll File not found
    O21 - SSODL: pajebimeh - {118d0cc7-4497-4611-a818-415942bd32be} - C:\WINDOWS\System32\rifizipo.dll File not found
    O22 - SharedTaskScheduler: {118d0cc7-4497-4611-a818-415942bd32be} - tokatiluy - C:\WINDOWS\System32\rifizipo.dll File not found

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



Let me know how your computer is behaving after this step.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 msvjcpa

msvjcpa
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 19 February 2010 - 06:02 PM

Here is the latest log after this last step. As far as how the computer is behaving... the error message did not appear after the first steps were completed. When the computer rebooted after this last step, the error message was back. Please advise.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:kiweyewi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kazozemu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\rifizipo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pajebimeh deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118d0cc7-4497-4611-a818-415942bd32be}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{118d0cc7-4497-4611-a818-415942bd32be} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118d0cc7-4497-4611-a818-415942bd32be}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 18090 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 18090 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator
->Temp folder emptied: 35965706 bytes
->Temporary Internet Files folder emptied: 125326103 bytes
->Java cache emptied: 287733318 bytes
->FireFox cache emptied: 901636 bytes
->Google Chrome cache emptied: 6304961 bytes

User: HP_Administrator.JOHNSONFAMILY
->Temp folder emptied: 10803448 bytes
->Temporary Internet Files folder emptied: 78586220 bytes
->Java cache emptied: 42443585 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 117171 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1072866 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4033705 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 18090 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1705134583 bytes

Total Files Cleaned = 2,192.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02192010_164750

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll moved successfully.

Registry entries deleted on Reboot...

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 PM

Posted 20 February 2010 - 11:24 AM

I also need to see a new OTL log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 PM

Posted 19 March 2010 - 08:17 AM

Unfortunately there has been no response. dry.gif
This topic will now be closed.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users