Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ave.exe, browser redirects - Please Help Me


  • This topic is locked This topic is locked
26 replies to this topic

#1 Adiron

Adiron

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 April 2010 - 12:06 PM

A couple weeks ago I started getting the ave.exe windows security/defender/etc scareware popups. I successfully removed this malware using trojan_fakerean_exe_fix.reg to allow exe files to run and MBAM to remove. This malware came back several times and I continued to remove in the same manner. I added Avira to my system and I think it is able to keep the ave.exe from reinstalling itself (often pops up warning that "D:/Autorun.inf has been blocked"?) However, I have been experiencing the same browser redirects that many people in these forums have mentioned. Search engines produce seemingly legit search results. but when you go to them you are redirected to random shopping sites, etc.

I often get the following error message "DISCover Drop & Play System Executable has encountered a problem and needs to close" that has just started happening with the Malware and my system is EXTREMELY slow most of the time and often crashes or freezes.

DDS logs are below. Every time I run GMER my system crashes half way through the scan. Is there anything I can do to prevent this so I can give you a GMER log?

I run the following software on my system that have found various "malware" but haven't done much to improve the symptoms of my system:

Avira Antivir Free Personal
MBAM
AVG
AdAware
Spybot
CCleaner
Threatfire

Please let me know of any other info you need.

Thanks in advance for your help.









DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 13:03:40.10 on Sun 04/18/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1126 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\DVDFAB~3\DVDFab.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://qwest.live.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://qwest.live.com
mStart Page = hxxp://qwest.live.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [<NO NAME>]
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} - hxxps://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab
DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} - hxxp://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} - hxxps://gosystemrs.fasttax.com/OCX/comconv.cab
DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://gosystemrs.fasttax.com/OCX/RSLoginModule.cab
DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} - hxxp://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} - hxxp://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxps://gosystemrs.fasttax.com/OCX/iftwclix.cab
DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} - hxxps://gosystemrs.fasttax.com/OCX/WebAttachments.cab
DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/webnotifier.cab
DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/Downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} - hxxp://www.cpa-exam.org/AICPATutorial/install/General.cab
DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} - hxxp://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/DCParse.cab
DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/frmsrc.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} - hxxp://www223.rockyou.com/RockYouImageUploader.cab
DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} - hxxp://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxps://gosystemrs.fasttax.com/OCX/vsflex7.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\t1g8s4c1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-01-18 18:31:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011820090119\index.dat

============= FINISH: 13:07:54.34 ===============










UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2006 10:42:00 PM
System Uptime: 4/16/2010 7:32:07 PM (42 hours ago)

Motherboard: MSI | | AMETHYST-M
Processor: AMD Athlon™ 64 Processor 3800+ | Socket 939 | 2387/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 26.041 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.453 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP456: 4/6/2010 9:07:34 PM - System Checkpoint
RP457: 4/8/2010 3:33:10 AM - System Checkpoint
RP458: 4/8/2010 8:17:02 AM - Avg Update
RP459: 4/8/2010 8:18:12 AM - Avg Update
RP460: 4/9/2010 11:40:52 AM - System Checkpoint
RP461: 4/10/2010 11:46:42 AM - System Checkpoint
RP462: 4/11/2010 11:53:26 AM - System Checkpoint
RP463: 4/14/2010 2:33:07 AM - System Checkpoint
RP464: 4/17/2010 3:54:08 AM - System Checkpoint
RP465: 4/18/2010 4:50:11 AM - System Checkpoint

==== Installed Programs ======================


==== Event Viewer Messages From Past Week ========


==== End Of File ===========================


Edited by Adiron, 19 April 2010 - 12:08 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:15 AM

Posted 19 April 2010 - 02:32 PM

Good evening. smile.gif

The first thing you need to do is to remove one of your anti-virus programs as there is the risk of conflictions with two, or more, running in real-time - not a good thing. Once you have done that, do this:

Download HAMeb_check.exe by noahdfear from here and save it to your Desktop.
  • Double click the tool to run it - it will take a minute or two to complete.
  • Once complete it will open Notepad with the results and save a copy as HelpAsst.log to the root of your hard drive, usually C:\
  • Please post the contents in your next reply.

So long, and thanks for all the fish.

 

 


#3 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 April 2010 - 05:31 PM

I uninstalled AVG. I ran the root checker you mentioned. Below is the log:

C:\Documents and Settings\HP_Administrator\Desktop\HAMeb_check.exe
Mon 04/19/2010 at 16:28:12.67

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4B5AC8]<<
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:15 AM

Posted 19 April 2010 - 05:55 PM

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *
  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for

So long, and thanks for all the fish.

 

 


#5 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 April 2010 - 07:32 PM

ComboFix 10-04-18.04 - HP_Administrator 04/19/2010 17:46:54.1.1 - x86
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 00:06 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-04-20 00:06 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-18 20:21 . 2010-04-18 20:21 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western_Digital
2010-04-18 20:18 . 2010-04-18 20:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Western Digital
2010-04-18 20:18 . 2010-04-18 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-04-18 20:18 . 2010-04-18 20:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-04-18 20:17 . 2009-02-13 18:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-04-18 20:17 . 2010-04-18 20:17 -------- d-----w- c:\program files\Western Digital
2010-04-18 20:16 . 2010-04-18 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Western Digital
2010-04-17 01:52 . 2004-08-09 21:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2010-04-17 01:52 . 2004-08-09 21:00 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll
2010-04-17 01:52 . 2004-08-09 21:00 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll
2010-04-17 01:52 . 2004-08-09 21:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2010-04-17 01:51 . 2004-08-09 21:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2010-04-17 01:51 . 2004-08-09 21:00 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2010-04-17 01:50 . 2004-08-09 21:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2010-04-17 01:50 . 2004-08-09 21:00 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll
2010-04-09 04:58 . 2010-04-09 04:58 -------- d-----w- c:\program files\YourWare Solutions
2010-04-09 04:23 . 2010-04-09 04:23 -------- d-----w- c:\program files\7-Zip
2010-04-08 19:46 . 2010-01-14 22:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-04-08 19:46 . 2010-01-14 22:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-04-08 19:46 . 2010-01-14 22:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-04-08 19:46 . 2010-04-08 19:47 -------- d-----w- c:\program files\ThreatFire
2010-04-08 19:46 . 2010-04-08 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-08 13:49 . 2010-04-08 13:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avira
2010-04-08 13:36 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-08 13:36 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-08 13:36 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-08 13:36 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-08 13:36 . 2010-04-08 13:36 -------- d-----w- c:\program files\Avira
2010-04-08 13:36 . 2010-04-08 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 16:57 . 2010-04-07 16:57 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-07 03:15 . 2010-04-19 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 03:15 . 2010-04-07 06:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 03:06 . 2010-04-07 03:07 -------- d-----w- c:\program files\CCleaner
2010-04-06 14:53 . 2010-04-06 14:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-04 20:51 . 2010-04-04 17:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-04 18:07 . 2010-04-04 18:07 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup_AVG_RESTORED_1.exe
2010-04-04 18:07 . 2010-04-04 18:07 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup_AVG_RESTORED.exe
2010-04-04 17:56 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-04 17:56 . 2010-04-04 17:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-04 17:56 . 2010-04-04 17:56 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-04 17:56 . 2010-04-04 17:56 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-04 17:56 . 2010-04-04 17:56 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-04 17:36 . 2010-04-04 17:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-04 17:36 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ICS
2010-04-03 03:38 . 2010-04-03 03:38 -------- d-----w- C:\$AVG
2010-04-03 03:31 . 2010-04-19 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-30 06:56 . 2010-03-30 06:56 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:47 . 2010-03-30 05:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Helper
2010-03-28 01:57 . 2010-03-28 01:57 -------- d-----w- c:\program files\DVDFab 7
2010-03-24 20:41 . 2010-04-06 14:53 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 21:53 . 2010-01-13 14:20 804328 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-19 06:58 . 2007-10-04 01:33 -------- d-----w- c:\program files\LogMeIn
2010-04-19 03:37 . 2009-04-19 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-18 19:34 . 2009-09-25 07:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2010-04-18 19:20 . 2006-03-07 12:24 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-04-17 02:38 . 2006-03-07 11:40 73600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 02:08 . 2006-11-20 05:50 -------- d-----w- c:\program files\World of Warcraft
2010-04-11 02:39 . 2009-01-28 19:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2010-04-09 05:06 . 2009-01-28 19:46 -------- d-----w- c:\program files\DNA
2010-04-07 16:57 . 2010-04-04 17:55 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-07 16:57 . 2010-04-04 17:55 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-05 00:38 . 2008-07-11 16:40 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2010-04-05 00:38 . 2008-07-11 16:40 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2010-04-05 00:38 . 2008-07-11 16:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso
2010-04-05 00:38 . 2008-09-14 04:35 -------- d-----w- c:\program files\Astonsoft
2010-04-04 17:56 . 2010-04-04 17:55 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-04 17:36 . 2006-11-04 23:36 -------- d-----w- c:\program files\Lavasoft
2010-04-04 17:36 . 2007-01-07 01:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 06:54 . 2007-05-30 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-03 03:38 . 2009-02-01 16:30 -------- d-----w- c:\program files\AVG
2010-04-03 02:21 . 2009-02-01 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 14:11 . 2009-11-11 14:29 79488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-30 06:46 . 2009-02-01 20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 06:45 . 2009-02-01 20:11 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 02:09 . 2006-03-07 12:07 -------- d-----w- c:\program files\Google
2010-03-11 12:38 . 2004-08-09 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-21 04:54 . 2007-10-20 04:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-12 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 136600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-12-31 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 19:47 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe"
"QuickCare2.2"=c:\program files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
gpredctr REG_SZ c:\windows\system32\auditson.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\docholiday330\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Apps\\2.0\\KJYQ4BBD.0C2\\5N3A5LN0.3K5\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6881:TCP"= 6881:TCP:wow1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/4/2010 11:56 AM 64288]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [4/8/2010 1:46 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/8/2010 1:46 PM 59664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2010 7:36 AM 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 10:21 AM 12856]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 9:40 PM 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [4/8/2010 1:46 PM 33552]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [5/5/2009 5:45 AM 124256]
S2 gupdate1c9c098a2d5fe52;Google Update Service (gupdate1c9c098a2d5fe52);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 8:43 PM 133104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/18/2010 2:17 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:55]

2010-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2010-04-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 21:54]

2010-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 02:41]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 02:43]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 02:43]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-12 02:34]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-12 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://qwest.live.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} - hxxps://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t1g8s4c1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-PCDrProfiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 18:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(772)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-04-19 18:15:05
ComboFix-quarantined-files.txt 2010-04-20 00:14

Pre-Run: 27,989,467,136 bytes free
Post-Run: 28,164,136,960 bytes free

- - End Of File - - 46989ECC228AC5275C6E1FE5F6365F16


#6 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 April 2010 - 08:39 PM

That seems to have fixed the browser redirects. Also, my system is running much faster.

However, I am still having issues with my desktop. After I log in my whole screen goes black and then when it comes back my desktop wallpaper is gone and there is only a plain blue background. Before I ran combofix this was happening when I got the "DISCover" error mentioned above. I haven't seen that message yet since combofix, but still have this issue. Also, I forgot to mention that I was getting Just In Time Debugging error messages. I haven't seen those since Combofix yet either. Thought that might have something to do with it.

I am also getting periodic messages from the security center system tray icon saying that my firewall has been turned off. I have been experiencing this for a long time, even before I had any Malware symptoms. Avira just ran and said there was 1 hidden objecct present. I think since i have the free edition that it won't do anything to remove it. Is this something that wass missed by combofix?

Edited by Adiron, 19 April 2010 - 09:30 PM.


#7 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 20 April 2010 - 09:45 AM

Avira is still finding Malware:


"The file 'C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP468\A0093965.sys'
contained a virus or unwanted program 'TR/Patched.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4a2a17b6.qua'."

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:15 AM

Posted 20 April 2010 - 02:11 PM

Good evening. smile.gif

I'll deal with the issues one at a time.

QUOTE
"The file 'C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP468\A0093965.sys'
contained a virus or unwanted program 'TR/Patched.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4a2a17b6.qua'."

The location indicates that the file detected was held with a System Restore point and as such posed no active risk to your PC. Had you restored the PC using an infected Restore Point, obviously you would have also restored any malware present at the time the point was created.

QUOTE
However, I am still having issues with my desktop. After I log in my whole screen goes black and then when it comes back my desktop wallpaper is gone and there is only a plain blue background.

if you right click the Desktop, select Properties, then Desktop Tab you should see the default wallpaper options for XP. Can you select one and then Apply it? If you can, does it appear OK after a reboot or not? Finally, do you have a preferred wallpaper as I had a similar problem and managed a fix of sorts.

QUOTE
I am also getting periodic messages from the security center system tray icon saying that my firewall has been turned off.

You are going to need a better firewall that the one that you at the minute as I assume that you are using the Windows one - it doesn't monitor outbound connections which isn't brilliant. We'll worry about that at the end.

QUOTE
Avira just ran and said there was 1 hidden objecct present.

Is this the detection in C:\System Volume Information, or a different one?



So long, and thanks for all the fish.

 

 


#9 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 20 April 2010 - 03:43 PM

QUOTE
"The file 'C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP468\A0093965.sys'contained a virus or unwanted program 'TR/Patched.Gen' [trojan]
Action(s) taken:The file was moved to the quarantine directory under the name '4a2a17b6.qua'."
The location indicates that the file detected was held with a System Restore point and as such posed no active risk to your PC. Had you restored the PC using an infected Restore Point, obviously you would have also restored any malware present at the time the point was created.


Should I turn system restore off and on to remove restore points?

QUOTE
However, I am still having issues with my desktop. After I log in my whole screen goes black and then when it comes back my desktop wallpaper is gone and there is only a plain blue background.
if you right click the Desktop, select Properties, then Desktop Tab you should see the default wallpaper options for XP. Can you select one and then Apply it? If you can, does it appear OK after a reboot or not? Finally, do you have a preferred wallpaper as I had a similar problem and managed a fix of sorts.


The screen turns black and stays black until I start clicking on it. For example, if I have a window open when it happens, the screen goes black. If I move the window around the screen the black disappears only in the areas that I have moved the window around. Then the backdrop is a plain blue wallpaper. If I go to properties and set my wallpaper again, it will just disappear when the screen goes black again. Is the just-in-time debugging an issue? I had never seen this before and I think I selected an option to turn if JIT Debugging in Visual when it first happened which may have been a bad idea?


QUOTE
Avira just ran and said there was 1 hidden object present.
Is this the detection in C:\System Volume Information, or a different one?


This is from the log that found the hidden object

"Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible."

This object wasn't found in the later scan that found the C:\System Volume.


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:15 AM

Posted 21 April 2010 - 02:52 PM

Good evening. smile.gif

Download OTLby OldTimer from here and save it to your Desktop.
  • Close all open program windows and then double click the file to run it.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Plese don't change any of the settings.
  • Click the Quick Scan button and let it do it's thing - it shouldn't take too long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please paste the contents of these two files into your next reply, checking that all the data makes it into your post - large files may get cut off.

So long, and thanks for all the fish.

 

 


#11 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 21 April 2010 - 08:54 PM

OTL logfile created on: 4/21/2010 6:06:22 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 11.35 Gb Free Space | 6.38% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 0.45 Gb Free Space | 5.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/21 18:05:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/04/19 16:59:03 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/07 10:57:35 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/04 11:55:44 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/02 18:43:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 01:31:12 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/22 08:34:26 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 07:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 07:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/10/01 13:48:01 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 13:47:53 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/07/25 11:16:46 | 000,005,120 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/09/12 10:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/01/04 15:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/11/11 15:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/11 15:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/11 15:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/11 15:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/01 04:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | -H-- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | -H-- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/04/21 18:05:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2009/10/14 07:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - [2010/04/19 16:59:03 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/07 10:57:35 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/22 08:34:26 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 07:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/01 13:48:01 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/05/05 05:45:50 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/02 18:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/04/21 13:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 18:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 18:43:56 | 000,000,000 | ---D | M]

[2009/06/11 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/06/11 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/21 17:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t1g8s4c1.default\extensions
[2009/09/03 21:34:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t1g8s4c1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/21 17:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/21 10:44:57 | 000,392,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} https://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab (RIARSDocumentum.DocumentumIntegration)
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} http://www.cpa-exam.org/AICPATutorial/inst...AICPAViewer.cab (AICPAViewer.clsViewer)
O16 - DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} https://gosystemrs.fasttax.com/OCX/comconv.cab (CommonBridge Class)
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} https://gosystemrs.fasttax.com/OCX/RSLoginModule.cab (CLRMachineInfoCtl Class)
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab (AICPASSV.Spreadsheet)
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} https://gosystemrs.fasttax.com/OCX/RSTabbedList.cab (CLRTabbedList Class)
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab (AICPAAuthLit.AuthLitItem)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} https://gosystemrs.fasttax.com/OCX/iftwclix.cab (InstallFromTheWeb ActiveX Control)
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} https://gosystemrs.fasttax.com/OCX/WebAttachments.cab (WebAttachObj Class)
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} https://gosystemrs.fasttax.com/OCX/webnotifier.cab (GRSNotifierCtrl Class)
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} https://gosystemrs.fasttax.com/OCX/Downloader.cab (MultiDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} http://www.cpa-exam.org/AICPATutorial/install/General.cab (AICPAUI.ucHyperlink)
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab (AICPACR.ConstructedResponse)
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} https://gosystemrs.fasttax.com/OCX/DCParse.cab (IParseCSV Class)
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} https://gosystemrs.fasttax.com/OCX/frmsrc.cab (FrmSrcCt Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} http://www223.rockyou.com/RockYouImageUploader.cab (RockYou Image Uploader Control)
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} http://www.cpa-exam.org/AICPATutorial/inst...CPAViewerIL.cab (AICPA treeView control)
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} https://gosystemrs.fasttax.com/OCX/vsflex7.cab (:-) VideoSoft FlexGrid 7.0 (OLEDB))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 05:55:28 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: gpredctr - (C:\WINDOWS\system32\auditson.dll) - C:\WINDOWS\System32\auditson.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 13:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (93744777996009472)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/21 18:05:32 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/04/21 13:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ForceField Shared Files
[2010/04/21 13:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CheckPoint
[2010/04/21 13:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/21 13:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/21 13:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/21 13:28:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/21 09:51:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010/04/20 16:25:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/20 16:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org
[2010/04/20 15:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/20 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/20 15:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/20 14:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\open office
[2010/04/20 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder (2)
[2010/04/19 20:05:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/19 17:34:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 17:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 17:34:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 17:34:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 17:34:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 17:33:59 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/04/19 17:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/19 15:53:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/19 15:53:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/19 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/19 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/18 14:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Western Digital
[2010/04/18 14:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/18 14:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/04/18 14:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western Digital
[2010/04/18 12:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2010/04/11 21:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Hijackthis
[2010/04/08 22:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2010/04/08 22:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/04/08 13:46:59 | 000,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/04/08 13:46:59 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/04/08 13:46:59 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/04/08 13:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/04/08 13:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/08 07:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira
[2010/04/08 07:36:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/08 07:36:33 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/08 07:36:33 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/04/08 07:36:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/08 07:36:33 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/08 07:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/08 07:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/06 08:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/04 23:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/04 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/03 09:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2009/09/08 18:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/04/19 21:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/18 20:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/07/11 10:40:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[2008/04/05 22:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/09/24 02:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/21 18:05:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/04/21 18:00:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/21 17:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/21 17:55:49 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 17:55:24 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/04/21 17:55:14 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008UA.job
[2010/04/21 13:46:58 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/21 13:43:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/21 13:42:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/21 13:40:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 13:37:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 13:37:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/21 13:37:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/21 13:37:00 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 13:34:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/04/21 13:31:33 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/21 13:29:04 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/21 13:29:03 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ZoneAlarm Security.lnk
[2010/04/21 10:44:57 | 000,392,702 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/21 09:53:25 | 000,008,972 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100421_095320.reg
[2010/04/20 21:46:01 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\World of Warcraft.lnk
[2010/04/20 21:42:57 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/20 20:40:27 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008Core.job
[2010/04/20 15:35:16 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/04/20 14:40:55 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2010/04/19 21:57:46 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/19 18:07:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/19 17:10:09 | 003,920,290 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
[2010/04/19 16:27:57 | 000,485,896 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HAMeb_check.exe
[2010/04/19 01:47:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/18 12:56:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/04/18 12:51:48 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/04/17 22:11:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/17 15:40:27 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100417_154023.reg
[2010/04/16 19:33:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/14 00:01:31 | 000,012,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100414_000118.reg
[2010/04/11 21:04:53 | 000,218,816 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100411_210439.reg
[2010/04/11 20:05:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/08 22:58:27 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FreeRAM XP Pro.lnk
[2010/04/08 22:56:22 | 000,620,127 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\framxpro.zip
[2010/04/08 13:47:10 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2010/04/08 07:46:11 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/04/07 18:39:33 | 000,013,492 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\olV3RohQ
[2010/04/07 18:39:33 | 000,013,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\olV3RohQ
[2010/04/07 18:36:30 | 000,013,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\506037238
[2010/04/07 18:36:19 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\506037238
[2010/04/07 18:36:19 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4133361706
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/21 13:29:04 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/21 13:29:03 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ZoneAlarm Security.lnk
[2010/04/21 13:28:46 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/21 09:53:22 | 000,008,972 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100421_095320.reg
[2010/04/20 15:35:15 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/04/19 21:57:46 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/19 17:34:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 17:34:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 17:34:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 17:34:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 17:34:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/19 17:10:08 | 003,920,290 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
[2010/04/19 16:27:56 | 000,485,896 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HAMeb_check.exe
[2010/04/19 01:47:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/19 01:47:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/18 12:56:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/04/18 12:51:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/04/17 15:40:26 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100417_154023.reg
[2010/04/16 19:51:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/04/16 19:51:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2010/04/16 19:51:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/04/16 19:51:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/04/16 19:51:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/04/16 19:51:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2010/04/16 19:50:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/04/16 19:50:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2010/04/14 00:01:22 | 000,012,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100414_000118.reg
[2010/04/11 21:04:44 | 000,218,816 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100411_210439.reg
[2010/04/11 20:42:25 | 000,002,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2010/04/11 20:35:24 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008UA.job
[2010/04/11 20:35:22 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008Core.job
[2010/04/08 22:58:27 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FreeRAM XP Pro.lnk
[2010/04/08 22:56:03 | 000,620,127 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\framxpro.zip
[2010/04/08 13:47:10 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2010/04/08 07:46:11 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/04/07 14:36:17 | 000,013,500 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\506037238
[2010/04/07 14:36:17 | 000,013,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4133361706
[2010/04/07 13:36:18 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\olV3RohQ
[2010/04/07 13:36:18 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\506037238
[2010/04/07 12:44:02 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\olV3RohQ
[2010/04/07 12:44:02 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\olV3RohQ
[2010/04/05 22:49:36 | 000,015,748 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 22:49:36 | 000,015,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
[2010/04/02 20:34:05 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\834061123
[2010/04/02 20:17:51 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wv7V1mEL4UH
[2010/03/31 20:41:50 | 000,008,858 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\8kUL5H5g
[2010/03/31 20:41:50 | 000,008,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8kUL5H5g
[2010/01/13 08:20:48 | 000,804,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/27 20:06:42 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}_WiseFW.ini
[2009/08/01 14:03:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Txfim082.INI
[2009/02/01 03:07:30 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tt.gif
[2009/02/01 03:07:30 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\nn.gif
[2009/02/01 03:07:30 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\yy.gif
[2008/09/13 15:47:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2008/07/11 10:41:03 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
[2008/07/11 10:40:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2008/07/11 10:40:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2008/05/12 19:53:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/12 19:50:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/12 19:50:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 19:50:08 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/05/12 19:49:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/28 20:57:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Txfim072.INI
[2007/12/16 22:40:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/29 22:41:54 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\FixVTS.ini
[2007/03/03 23:25:22 | 000,002,182 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/12 09:54:41 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/11/01 11:04:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\rscn06cl.dll
[2006/11/01 10:18:06 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\RSCBRGCL.DLL
[2006/08/10 15:32:29 | 000,000,080 | -H-- | C] () -- C:\WINDOWS\sierra.ini
[2006/06/10 09:22:44 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/10 09:12:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/06/05 22:42:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/05 22:42:46 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2006/06/05 22:42:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
[2006/06/05 22:42:46 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2006/06/05 22:41:54 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/06/05 22:41:54 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/04/04 11:02:38 | 000,094,293 | ---- | C] () -- C:\WINDOWS\System32\MultiDownloadCtrl.dll
[2006/03/07 06:25:04 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 06:02:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 05:58:40 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 05:58:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 05:56:02 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 05:53:16 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 05:43:03 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 05:41:40 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 05:27:04 | 000,003,338 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 05:26:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 05:20:28 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 05:00:57 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 05:00:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 05:00:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 08:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2005/05/23 16:05:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DCParse.dll
[2005/05/23 11:12:22 | 000,077,907 | ---- | C] () -- C:\WINDOWS\System32\wbnotify.dll
[2004/07/26 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/02/19 14:33:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.dll
[1998/01/16 10:40:12 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL

========== LOP Check ==========

[2010/04/19 15:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/03/07 05:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/10/27 20:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/06/18 22:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/04 20:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/28 13:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/08/04 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/08/25 20:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/03/10 08:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/18 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/06/13 12:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/04 11:36:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/21 13:43:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/21 18:00:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/09 22:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 22:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/28 20:18:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 18:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 07:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 07:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2010/04/18 13:20:26 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2010/02/04 09:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/04 11:56:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >




OTL Extras logfile created on: 4/21/2010 6:06:22 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 11.35 Gb Free Space | 6.38% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 0.45 Gb Free Space | 5.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6881:TCP" = 6881:TCP:*:Enabled:wow1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Valve\Steam\SteamApps\docholiday330\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\docholiday330\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\KJYQ4BBD.0C2\5N3A5LN0.3K5\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\KJYQ4BBD.0C2\5N3A5LN0.3K5\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}" = LeapFrog Connect
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FADC5B1-E0E8-4DCA-A1BF-8B3B6496207A}" = Form Fill (Windows Live Toolbar)
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2FD9998F-B3F3-10D6-A31E-8E021337EC0B}" = CCC Help English
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{32BBD344-47DB-7027-7E1D-13DB78415784}" = ccc-core-preinstall
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{5A098C87-FA43-E81C-B206-4E0ADF7287B5}" = ccc-utility
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66034137-F1CE-4CEF-8180-46553C54DB18}" = Popup Blocker (Windows Live Toolbar)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{71CB529E-21A4-42AD-BF38-564F08988633}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A051D152-2934-413C-A2EE-AF3F462007BB}" = RS 2007 Client
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF5937B6-B68F-4197-8854-5079D5D1CC2B}" = QuickConnect
"{B0889CBC-F889-A895-4EE9-8E0260C7D63F}" = Catalyst Control Center HydraVision Full
"{B10A4ACC-118A-8E9D-2CF3-A19BBC73B9C2}" = Catalyst Control Center Graphics Full Existing
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B31CBE94-F497-9273-5766-DD4E11AA2D55}" = Catalyst Control Center Graphics Full New
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8C89918-E191-47A6-B9E0-96FBA61AB614}" = RS 2008 Client
"{BA60C8FC-6712-5116-231C-6C5E05060866}" = Catalyst Control Center Graphics Light
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB654885-263B-E696-5690-3B341C22EC17}" = Catalyst Control Center Core Implementation
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E0520079-4024-8B23-738F-EC0792AA3502}" = ccc-core-static
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EF461F1E-61C0-4AE9-B469-2A0A433BB8F0}" = LeapFrog My Pals Plugin
"{EFED5763-E48C-4664-A343-3CA6BC0C865F}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB62FD97-DAA9-BEE9-1A31-3A47E33F4E24}" = Catalyst Control Center Graphics Previews Common
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"7-Zip" = 7-Zip 4.65
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"CCleaner" = CCleaner
"Creative Jukebox Driver" = Creative Jukebox Driver
"CurseClient" = Curse Client
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DISCover" = DISCover
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"Google Updater" = Google Updater
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QwestQuickCare_is1" = Qwest QuickCare 2.2
"RealPlayer 6.0" = RealPlayer
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = T-Mobile Dash™ User Manual
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 10:09:45 AM | Computer Name = YOUR-4DACD0EA75 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/20/2010 2:00:07 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3476 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/20/2010 3:02:27 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3476 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/20/2010 9:53:22 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3476 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/21/2010 2:00:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3468 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/21/2010 2:00:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/21/2010 3:10:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3468 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/21/2010 3:38:48 PM | Computer Name = YOUR-4DACD0EA75 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 4/21/2010 7:55:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Google Update | ID = 20
Description =

Error - 4/21/2010 7:55:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/19/2010 9:26:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 4/19/2010 10:05:52 PM | Computer Name = YOUR-4DACD0EA75 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/19/2010 10:05:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 4/20/2010 5:32:15 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2010 10:10:45 PM | Computer Name = YOUR-4DACD0EA75 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/20/2010 10:10:45 PM | Computer Name = YOUR-4DACD0EA75 | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 4/21/2010 3:33:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7024
Description = The TrueVector Internet Monitor service terminated with service-specific
error 0 (0x0).

Error - 4/21/2010 3:38:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ System Application
service to connect.

Error - 4/21/2010 3:38:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The COM+ System Application service failed to start due to the following
error: %%1053

Error - 4/21/2010 3:38:48 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service COMSysApp with
arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}


< End of report >

OTL logfile created on: 4/21/2010 6:06:22 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 11.35 Gb Free Space | 6.38% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 0.45 Gb Free Space | 5.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/21 18:05:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/04/19 16:59:03 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/07 10:57:35 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/04 11:55:44 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/02 18:43:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 01:31:12 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/22 08:34:26 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 07:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 07:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/10/01 13:48:01 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 13:47:53 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/07/25 11:16:46 | 000,005,120 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/09/12 10:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/01/04 15:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/11/11 15:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/11 15:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/11 15:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/11 15:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/01 04:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | -H-- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | -H-- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/04/21 18:05:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2009/10/14 07:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - [2010/04/19 16:59:03 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/07 10:57:35 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/22 08:34:26 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 07:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/01 13:48:01 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/08/27 17:19:26 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/05/05 05:45:50 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/02 18:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/04/21 13:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 18:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 18:43:56 | 000,000,000 | ---D | M]

[2009/06/11 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/06/11 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/21 17:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t1g8s4c1.default\extensions
[2009/09/03 21:34:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t1g8s4c1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/21 17:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/21 10:44:57 | 000,392,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} https://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab (RIARSDocumentum.DocumentumIntegration)
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} http://www.cpa-exam.org/AICPATutorial/inst...AICPAViewer.cab (AICPAViewer.clsViewer)
O16 - DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} https://gosystemrs.fasttax.com/OCX/comconv.cab (CommonBridge Class)
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} https://gosystemrs.fasttax.com/OCX/RSLoginModule.cab (CLRMachineInfoCtl Class)
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab (AICPASSV.Spreadsheet)
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} https://gosystemrs.fasttax.com/OCX/RSTabbedList.cab (CLRTabbedList Class)
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab (AICPAAuthLit.AuthLitItem)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} https://gosystemrs.fasttax.com/OCX/iftwclix.cab (InstallFromTheWeb ActiveX Control)
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} https://gosystemrs.fasttax.com/OCX/WebAttachments.cab (WebAttachObj Class)
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} https://gosystemrs.fasttax.com/OCX/webnotifier.cab (GRSNotifierCtrl Class)
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} https://gosystemrs.fasttax.com/OCX/Downloader.cab (MultiDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} http://www.cpa-exam.org/AICPATutorial/install/General.cab (AICPAUI.ucHyperlink)
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab (AICPACR.ConstructedResponse)
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} https://gosystemrs.fasttax.com/OCX/DCParse.cab (IParseCSV Class)
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} https://gosystemrs.fasttax.com/OCX/frmsrc.cab (FrmSrcCt Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} http://www223.rockyou.com/RockYouImageUploader.cab (RockYou Image Uploader Control)
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} http://www.cpa-exam.org/AICPATutorial/inst...CPAViewerIL.cab (AICPA treeView control)
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} https://gosystemrs.fasttax.com/OCX/vsflex7.cab (:-) VideoSoft FlexGrid 7.0 (OLEDB))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 05:55:28 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: gpredctr - (C:\WINDOWS\system32\auditson.dll) - C:\WINDOWS\System32\auditson.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 13:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (93744777996009472)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/21 18:05:32 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/04/21 13:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ForceField Shared Files
[2010/04/21 13:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CheckPoint
[2010/04/21 13:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/21 13:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/21 13:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/21 13:28:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/21 09:51:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010/04/20 16:25:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/20 16:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org
[2010/04/20 15:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/20 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/20 15:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/20 14:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\open office
[2010/04/20 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder (2)
[2010/04/19 20:05:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/19 17:34:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 17:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 17:34:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 17:34:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 17:34:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 17:33:59 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/04/19 17:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/19 15:53:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/19 15:53:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/19 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/19 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/18 14:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Western Digital
[2010/04/18 14:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/18 14:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/04/18 14:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western Digital
[2010/04/18 12:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2010/04/11 21:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Hijackthis
[2010/04/08 22:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2010/04/08 22:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/04/08 13:46:59 | 000,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/04/08 13:46:59 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/04/08 13:46:59 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/04/08 13:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/04/08 13:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/08 07:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira
[2010/04/08 07:36:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/08 07:36:33 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/08 07:36:33 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/04/08 07:36:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/08 07:36:33 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/08 07:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/08 07:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/06 08:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/04 23:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/04 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/03 09:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2009/09/08 18:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/04/19 21:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/18 20:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/07/11 10:40:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[2008/04/05 22:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/09/24 02:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/21 18:05:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/04/21 18:00:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/21 17:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/21 17:55:49 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 17:55:24 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/04/21 17:55:14 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008UA.job
[2010/04/21 13:46:58 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/21 13:43:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/21 13:42:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/21 13:40:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 13:37:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 13:37:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/21 13:37:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/21 13:37:00 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 13:34:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/04/21 13:31:33 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/21 13:29:04 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/21 13:29:03 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ZoneAlarm Security.lnk
[2010/04/21 10:44:57 | 000,392,702 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/21 09:53:25 | 000,008,972 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100421_095320.reg
[2010/04/20 21:46:01 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\World of Warcraft.lnk
[2010/04/20 21:42:57 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/20 20:40:27 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008Core.job
[2010/04/20 15:35:16 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/04/20 14:40:55 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2010/04/19 21:57:46 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/19 18:07:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/19 17:10:09 | 003,920,290 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
[2010/04/19 16:27:57 | 000,485,896 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HAMeb_check.exe
[2010/04/19 01:47:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/18 12:56:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/04/18 12:51:48 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/04/17 22:11:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/17 15:40:27 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100417_154023.reg
[2010/04/16 19:33:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/14 00:01:31 | 000,012,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100414_000118.reg
[2010/04/11 21:04:53 | 000,218,816 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100411_210439.reg
[2010/04/11 20:05:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/08 22:58:27 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FreeRAM XP Pro.lnk
[2010/04/08 22:56:22 | 000,620,127 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\framxpro.zip
[2010/04/08 13:47:10 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2010/04/08 07:46:11 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/04/07 18:39:33 | 000,013,492 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\olV3RohQ
[2010/04/07 18:39:33 | 000,013,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\olV3RohQ
[2010/04/07 18:36:30 | 000,013,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\506037238
[2010/04/07 18:36:19 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\506037238
[2010/04/07 18:36:19 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4133361706
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/21 13:29:04 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/21 13:29:03 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ZoneAlarm Security.lnk
[2010/04/21 13:28:46 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/21 09:53:22 | 000,008,972 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100421_095320.reg
[2010/04/20 15:35:15 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/04/19 21:57:46 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/19 17:34:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 17:34:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 17:34:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 17:34:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 17:34:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/19 17:10:08 | 003,920,290 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
[2010/04/19 16:27:56 | 000,485,896 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HAMeb_check.exe
[2010/04/19 01:47:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/19 01:47:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/18 12:56:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/04/18 12:51:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/04/17 15:40:26 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100417_154023.reg
[2010/04/16 19:51:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/04/16 19:51:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/04/16 19:51:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/04/16 19:51:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2010/04/16 19:51:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/04/16 19:51:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/04/16 19:51:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/04/16 19:51:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2010/04/16 19:50:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/04/16 19:50:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2010/04/14 00:01:22 | 000,012,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100414_000118.reg
[2010/04/11 21:04:44 | 000,218,816 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100411_210439.reg
[2010/04/11 20:42:25 | 000,002,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2010/04/11 20:35:24 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008UA.job
[2010/04/11 20:35:22 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1223154695-1827412434-391176234-1008Core.job
[2010/04/08 22:58:27 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FreeRAM XP Pro.lnk
[2010/04/08 22:56:03 | 000,620,127 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\framxpro.zip
[2010/04/08 13:47:10 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2010/04/08 07:46:11 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/04/07 14:36:17 | 000,013,500 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\506037238
[2010/04/07 14:36:17 | 000,013,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4133361706
[2010/04/07 13:36:18 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\olV3RohQ
[2010/04/07 13:36:18 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\506037238
[2010/04/07 12:44:02 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\olV3RohQ
[2010/04/07 12:44:02 | 000,013,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\olV3RohQ
[2010/04/05 22:49:36 | 000,015,748 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 22:49:36 | 000,015,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
[2010/04/02 20:34:05 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\834061123
[2010/04/02 20:17:51 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wv7V1mEL4UH
[2010/03/31 20:41:50 | 000,008,858 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\8kUL5H5g
[2010/03/31 20:41:50 | 000,008,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8kUL5H5g
[2010/01/13 08:20:48 | 000,804,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/27 20:06:42 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}_WiseFW.ini
[2009/08/01 14:03:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Txfim082.INI
[2009/02/01 03:07:30 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tt.gif
[2009/02/01 03:07:30 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\nn.gif
[2009/02/01 03:07:30 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\yy.gif
[2008/09/13 15:47:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc
[2008/07/11 10:41:03 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
[2008/07/11 10:40:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2008/07/11 10:40:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2008/05/12 19:53:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/12 19:50:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/12 19:50:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 19:50:08 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/05/12 19:49:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/28 20:57:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Txfim072.INI
[2007/12/16 22:40:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/29 22:41:54 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\FixVTS.ini
[2007/03/03 23:25:22 | 000,002,182 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/12 09:54:41 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/11/01 11:04:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\rscn06cl.dll
[2006/11/01 10:18:06 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\RSCBRGCL.DLL
[2006/08/10 15:32:29 | 000,000,080 | -H-- | C] () -- C:\WINDOWS\sierra.ini
[2006/06/10 09:22:44 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/10 09:12:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/06/05 22:42:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/05 22:42:46 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2006/06/05 22:42:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
[2006/06/05 22:42:46 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2006/06/05 22:41:54 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/06/05 22:41:54 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/04/04 11:02:38 | 000,094,293 | ---- | C] () -- C:\WINDOWS\System32\MultiDownloadCtrl.dll
[2006/03/07 06:25:04 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 06:02:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 05:58:40 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 05:58:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 05:56:02 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 05:53:16 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 05:43:03 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 05:41:40 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 05:27:04 | 000,003,338 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 05:26:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 05:20:28 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 05:00:57 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 05:00:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 05:00:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 08:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2005/05/23 16:05:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DCParse.dll
[2005/05/23 11:12:22 | 000,077,907 | ---- | C] () -- C:\WINDOWS\System32\wbnotify.dll
[2004/07/26 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/02/19 14:33:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.dll
[1998/01/16 10:40:12 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL

========== LOP Check ==========

[2010/04/19 15:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/03/07 05:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/10/27 20:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/06/18 22:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/04 20:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/28 13:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/08/04 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/08/25 20:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/03/10 08:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/18 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/06/13 12:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/04 11:36:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/21 13:43:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/21 18:00:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/09 22:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 22:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/18 11:56:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 00:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/28 20:18:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 18:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 07:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 07:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2010/04/18 13:20:26 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2010/02/04 09:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/04 11:56:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >




OTL Extras logfile created on: 4/21/2010 6:06:22 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 11.35 Gb Free Space | 6.38% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 0.45 Gb Free Space | 5.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6881:TCP" = 6881:TCP:*:Enabled:wow1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Valve\Steam\SteamApps\docholiday330\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\docholiday330\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\KJYQ4BBD.0C2\5N3A5LN0.3K5\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\KJYQ4BBD.0C2\5N3A5LN0.3K5\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}" = LeapFrog Connect
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FADC5B1-E0E8-4DCA-A1BF-8B3B6496207A}" = Form Fill (Windows Live Toolbar)
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2FD9998F-B3F3-10D6-A31E-8E021337EC0B}" = CCC Help English
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{32BBD344-47DB-7027-7E1D-13DB78415784}" = ccc-core-preinstall
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{5A098C87-FA43-E81C-B206-4E0ADF7287B5}" = ccc-utility
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66034137-F1CE-4CEF-8180-46553C54DB18}" = Popup Blocker (Windows Live Toolbar)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{71CB529E-21A4-42AD-BF38-564F08988633}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A051D152-2934-413C-A2EE-AF3F462007BB}" = RS 2007 Client
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF5937B6-B68F-4197-8854-5079D5D1CC2B}" = QuickConnect
"{B0889CBC-F889-A895-4EE9-8E0260C7D63F}" = Catalyst Control Center HydraVision Full
"{B10A4ACC-118A-8E9D-2CF3-A19BBC73B9C2}" = Catalyst Control Center Graphics Full Existing
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B31CBE94-F497-9273-5766-DD4E11AA2D55}" = Catalyst Control Center Graphics Full New
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8C89918-E191-47A6-B9E0-96FBA61AB614}" = RS 2008 Client
"{BA60C8FC-6712-5116-231C-6C5E05060866}" = Catalyst Control Center Graphics Light
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB654885-263B-E696-5690-3B341C22EC17}" = Catalyst Control Center Core Implementation
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E0520079-4024-8B23-738F-EC0792AA3502}" = ccc-core-static
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EF461F1E-61C0-4AE9-B469-2A0A433BB8F0}" = LeapFrog My Pals Plugin
"{EFED5763-E48C-4664-A343-3CA6BC0C865F}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB62FD97-DAA9-BEE9-1A31-3A47E33F4E24}" = Catalyst Control Center Graphics Previews Common
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"7-Zip" = 7-Zip 4.65
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"CCleaner" = CCleaner
"Creative Jukebox Driver" = Creative Jukebox Driver
"CurseClient" = Curse Client
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DISCover" = DISCover
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"Google Updater" = Google Updater
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QwestQuickCare_is1" = Qwest QuickCare 2.2
"RealPlayer 6.0" = RealPlayer
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = T-Mobile Dash™ User Manual
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 10:09:45 AM | Computer Name = YOUR-4DACD0EA75 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/20/2010 2:00:07 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3476 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/20/2010 3:02:27 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3476 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/20/2010 9:53:22 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3476 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/21/2010 2:00:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3468 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/21/2010 2:00:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/21/2010 3:10:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3468 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/21/2010 3:38:48 PM | Computer Name = YOUR-4DACD0EA75 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 4/21/2010 7:55:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Google Update | ID = 20
Description =

Error - 4/21/2010 7:55:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/19/2010 9:26:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 4/19/2010 10:05:52 PM | Computer Name = YOUR-4DACD0EA75 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/19/2010 10:05:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 4/20/2010 5:32:15 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2010 10:10:45 PM | Computer Name = YOUR-4DACD0EA75 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/20/2010 10:10:45 PM | Computer Name = YOUR-4DACD0EA75 | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 4/21/2010 3:33:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7024
Description = The TrueVector Internet Monitor service terminated with service-specific
error 0 (0x0).

Error - 4/21/2010 3:38:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ System Application
service to connect.

Error - 4/21/2010 3:38:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The COM+ System Application service failed to start due to the following
error: %%1053

Error - 4/21/2010 3:38:48 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service COMSysApp with
arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}


< End of report >

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:15 AM

Posted 22 April 2010 - 02:24 PM

Good evening. smile.gif

We'll start by removing DISCover from your system and see what happens. It can be reinstalled later if you wish. Go to Start > Control Panel > Add/Remove Programs and remove the following, and then reboot your PC:

DISCover

Tell me if the screen issue occurs now.

So long, and thanks for all the fish.

 

 


#13 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 22 April 2010 - 03:52 PM

The screen issue hasnt happened for a couple days. I will try this if it continues.

Are there any other suspicious items in the Combofix or OTL logs above?

Thanks for your help!

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:15 AM

Posted 23 April 2010 - 02:49 PM

Good evening. smile.gif

I'd like a little information about the contents of one of the folders on your system. Please do the following:

Go to Start > Run..., enter the following and click OK:
    cmd

In the Command Window that should appear copy and paste the following and hit <ENTER>:
    dir "C:\Documents and Settings\All Users\Application Data" > "%userprofile%\desktop\loggy.txt"

I'd like the contents of the file loggy.txt that you should now find on your Desktop.

So long, and thanks for all the fish.

 

 


#15 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 23 April 2010 - 06:46 PM

Volume in drive C is HP_PAVILION
Volume Serial Number is 3F57-2DA1

Directory of C:\Documents and Settings\All Users\Application Data

03/07/2006 05:49 AM <DIR> Adobe
03/22/2008 11:58 PM <DIR> Apple
12/24/2006 09:52 PM <DIR> Apple Computer
06/02/2009 11:29 AM <DIR> ATI
04/19/2010 03:52 PM <DIR> avg9
04/08/2010 07:36 AM <DIR> Avira
01/18/2009 07:35 PM <DIR> Blizzard
08/20/2009 09:38 PM <DIR> Blizzard Entertainment
06/10/2006 09:19 AM <DIR> Creative
03/07/2006 05:48 AM <DIR> CyberLink
03/07/2006 05:40 AM <DIR> Digital Interactive Systems Corporation
04/22/2010 08:27 AM <DIR> DVD Shrink
04/27/2008 08:22 PM <DIR> Google
04/23/2010 09:27 AM <DIR> Google Updater
03/07/2006 05:29 AM <DIR> HP
06/17/2006 02:40 PM 3,338 hpzinstall.log
03/07/2006 05:43 AM <DIR> InstallShield
03/07/2006 05:55 AM <DIR> Intuit
12/31/2008 12:42 AM <DIR> Lavasoft
10/27/2009 08:04 PM <DIR> Leapfrog
06/18/2008 10:45 PM <DIR> LogMeIn
02/01/2009 02:11 PM <DIR> Malwarebytes
08/04/2009 08:47 PM <DIR> MSScanAppDataDir
04/08/2010 01:46 PM <DIR> PC Tools
10/23/2007 05:24 PM 2,182 QTSBandwidthCache
03/07/2006 05:21 AM <DIR> SBSI
03/07/2006 05:29 AM <DIR> Sonic
01/28/2009 01:51 PM <DIR> Soulseek
04/21/2010 09:53 AM <DIR> Spybot - Search & Destroy
08/04/2009 08:48 PM <DIR> SSScanAppDataDir
04/20/2010 03:33 PM <DIR> Sun
08/25/2008 08:23 PM <DIR> SupportSoft
02/01/2009 10:24 AM <DIR> Symantec
03/10/2007 08:09 AM <DIR> Viewpoint
04/18/2010 02:18 PM <DIR> Western Digital
12/16/2007 06:26 PM <DIR> Windows Genuine Advantage
08/25/2008 07:50 PM <DIR> Windows Live Toolbar
06/13/2009 12:46 PM <DIR> WinZip
08/25/2008 07:37 PM <DIR> WLInstaller
2 File(s) 5,520 bytes
37 Dir(s) 28,903,428,096 bytes free




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users