Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI MoneyPak Ransom $200


  • This topic is locked This topic is locked
30 replies to this topic

#1 ncfj40

ncfj40

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 29 July 2012 - 11:59 PM

My Windows XP machine has the FBI MoneyPak Ransom $200 Malware/Virus.
The screen pops up and locks up my machine. Control-alt-delete no longer works. I see a flash of something but it disappears fast. I have to shut down by holding the power button down. My cd/dvd drive has been disabled by the Malware. System restore says "System restore is unable to protect your computer. Please restart your computer...." I have seen restore points listed in one of the logs your Prep guide suggested I run but system restore will not work from windows or a command line. If I start the machine in safe mode it shuts back down within a few short moments. Sometimes its seconds. It is unpredictable. I am unable to download anything or run a malware scanner in safe mode because of it shutting down. I have found that if I turn off my wireless router, the FBI warning page does not pop up. I have been able to leave the machine on and shutdown/restart with no issues as long as I leave the wireless connection off. The second I connect the machine to the internet, the screen pops up and I am unable to do anything as the machine is locked up.

I downloaded EMSISOFT from another pc and ran it from a USB stick as per the tutorial I found on this website. It found several medium risk and high risk items. I quarantined them, but it seems to find the same medium risk ones every time I reboot and run the emergency kit scanner. The lock up page still appears when I turn on the wireless router. I also ran Malwarebytes by transfering it to the infected pc by means of a usb stick. I was unable to update it because of the networking issues. It found some minor items but did not change my symptoms.

I have followed your preparation guide and am now asking for your help.

I have attached my Attach.txt file and my Ark.txt file.
I have inserted my DDS.txt file into this message as requested.

Thank you in advance for amy help you can provide.
ncfj40




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by All Users at 16:52:07 on 2012-07-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.437 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Windstream\Service Agent\ServicepointService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=921gl4f8e2f8h
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windstream Service Agent.exe] "c:\program files\windstream\service agent\Windstream Service Agent.exe" /AUTORUN
mRun: [DiagnosticTools.exe] "c:\program files\windstream\diagnostic tools\DiagnosticTools.exe" /AUTORUN
StartupFolder: c:\docume~1\alluse~1.hpl\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1.hpl\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\all users.hplaptop\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1.hpl\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4\transfer utility\CameraMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///E:/components/Liquid.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178585190202
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\all users.hplaptop\application data\mozilla\firefox\profiles\69u40lqm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users.hplaptop\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\all users.hplaptop\application data\mozilla\firefox\profiles\69u40lqm.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\all users.hplaptop\application data\mozilla\firefox\profiles\69u40lqm.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windstream\service agent\nprpspa.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-22 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-22 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-22 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-22 66616]
R2 HsdService;HsdService;c:\program files\windstream\diagnostic tools\HsdService.exe [2012-7-20 1393976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 ServicepointService;ServicepointService;c:\program files\windstream\service agent\ServicepointService.exe [2012-7-20 10315064]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 96991526;96991526; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-24 00:59:23 -------- d-----w- c:\program files\Combined Community Codec Pack
2012-07-20 18:59:08 -------- d-----w- c:\program files\Windstream_BCUC
2012-07-20 17:56:00 -------- d-----w- c:\documents and settings\all users.hplaptop\application data\Windstream
2012-07-20 17:55:45 -------- d-----w- c:\documents and settings\all users\application data\Radialpoint
2012-07-20 17:55:33 -------- d-----w- c:\documents and settings\all users.hplaptop\application data\Radialpoint
2012-07-20 17:55:20 -------- d-----w- c:\program files\Windstream
2012-07-20 17:55:20 -------- d-----w- c:\documents and settings\all users\application data\Windstream
2012-07-20 17:53:11 -------- d-----w- c:\program files\Windstream_Activation
2012-07-20 17:53:02 -------- d-----w- c:\program files\common files\Motive
.
==================== Find3M ====================
.
2012-07-24 00:35:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 00:35:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:22:31 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 23:35:17 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
============= FINISH: 16:54:20.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 04 August 2012 - 12:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463038 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 05 August 2012 - 10:12 AM

I have not added a new DDS or GMER log as I have turned off my Laptop immediately after creating the last logs and am waiting for help before turning it on again.

I do not have the original windows CD but it appears as it is on the computer and can be accessed through "HP system recovery". or something like that.

According to the logs I generated and posted there are restore points if there is a way to get System restore working again.

Thanks for your help.

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 PM

Posted 06 August 2012 - 07:31 AM

Hi ncfj40,

:step1: On a clean PC
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

:step2: We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You'll need to download ComboFix on a clean PC and then transfer it to the infected PC (using the USB drive you disinfected in the previous step). If you can't run it in Normal Mode, try renaming it to caseyboy.exe, if that doesn't work please run it in Safe Mode.

Please include the C:\ComboFix.txt in your next reply for further review.

Casey

Edited by Casey_boy, 06 August 2012 - 07:35 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 06 August 2012 - 09:10 AM

My clean PC is my work laptop. My corporate antivirus flags "Flash_Disinfector.exe" as a threat and wont let me download it. I do not have administration rights on my work laptop.
My other alternative is a MAC. Can I run "Flash_Disinfector.exe" on it and use it as my clean PC and to disinfect my usb stick?

Edited by ncfj40, 06 August 2012 - 09:15 AM.


#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 PM

Posted 06 August 2012 - 09:25 AM

Hi ncfj40,

Unfortunately not. We'll have to skip that step. Just remember to scan your USB drive with an anti-virus software when you plug it into a clean PC if you've plugged it into the infected one.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 06 August 2012 - 07:55 PM

Casey,
I have run ComboFix.
Attached is the log file it created.
Thanks,
Jay

Attached Files



#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 PM

Posted 07 August 2012 - 04:42 AM

Hi Jay,

How's the PC running now?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 07 August 2012 - 06:10 AM

Hi Casey,
I'm sorry, I didn't know that ComboFix might have removed everything. I thought it was one step in a process of things. I will check to see how it is running tonight after work.
Jay

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 PM

Posted 07 August 2012 - 06:27 AM

Hi Jay,

It is just one step - but it's always good to check on how the PC is running after every one :)

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 07 August 2012 - 08:06 PM

Hi Casey,
When I started up the laptop tonight, CHDISK immediately started. It flashed all kinds of stuff about orphan files and such.
It was flashing by so fast I couldn't keep up with it. It then started in normal windows mode. I still have the wireless modem turned off so no network or internet connections. I had a RUNDLL error popup. It said "Error loading C:\DOCUME~1\ALLUSE~1\LOCALS~1\TEMP\rty0_7z.exe.
I turned on my wireless modem and connected to the internet. So far no "FBI Lockup" screen. I surfed several websites and forums that I am familiar with and all seems to be normal.
Avira asked to update and I let it.
I don't believe my CD/DVD drive is functioning even though Windows control panel says there is nothing wrong with it.
I tried several programs and everything seems to be normal.
Just for kicks I tried to open Windows System Restore. It still says it is "Unable to protect my computer".
Ctrl-Alt-Delete works again.
I rebooted and other than the RUNDLL error popping up again, it was uneventful.
I use Thunderbird for my email. I am able to retrieve email from my gmail accounts but not from the emails assocaited with my ISP. I get an "Unable to send password" error. I can log onto those accounts via their webmail page and have tested the passwords.

Thanks,
Jay

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 PM

Posted 08 August 2012 - 05:16 AM

Hi Jay,

Thanks for the detailed response. We should be able to fix that start-up error fairly easily :)

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 08 August 2012 - 06:31 AM

Good Morning Casey,
Here are the requested logs:

OTL logfile created on: 8/8/2012 7:14:09 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users.HPLAPTOP\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 163.82 Mb Available Physical Memory | 16.16% Memory free
2.38 Gb Paging File | 1.63 Gb Available in Paging File | 68.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 39.95 Gb Free Space | 40.31% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.20 Gb Free Space | 10.32% Space Free | Partition Type: FAT32

Computer Name: HPLAPTOP | User Name: All Users | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 07:12:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\OTL.exe
PRC - [2012/07/20 11:44:23 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/11 12:18:46 | 006,205,088 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/06/28 08:04:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 08:00:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/18 22:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/20 11:44:22 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 08:18:11 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f2be4b7d\system.drawing.dll
MOD - [2012/06/14 08:17:49 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_88745d0a\system.windows.forms.dll
MOD - [2012/06/14 08:17:17 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/23 00:39:57 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d5bdca29\mscorlib.dll
MOD - [2012/01/23 00:39:47 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_29bedd19\system.xml.dll
MOD - [2012/01/23 00:39:24 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e4b42268\system.dll
MOD - [2012/01/23 00:39:14 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/23 00:39:12 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/09/18 22:14:34 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/07/19 18:13:42 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2006/06/29 14:47:56 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2006/06/29 14:47:56 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2006/06/29 14:47:48 | 001,044,480 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2006/06/29 14:47:44 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2006/06/29 14:47:44 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2006/06/29 14:47:44 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2006/06/29 14:47:44 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2006/06/29 14:47:40 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2006/06/29 14:47:40 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2006/06/29 14:47:40 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2006/06/29 14:47:40 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2006/06/29 14:47:40 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2006/06/29 14:47:40 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2006/06/29 14:47:40 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2006/06/29 14:47:40 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2006/06/29 14:47:40 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2006/06/29 14:47:40 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2006/06/29 14:47:40 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2006/06/29 14:47:40 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2006/06/29 14:47:40 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2006/06/29 14:47:40 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2006/06/29 14:47:38 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2006/06/29 14:47:38 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2006/06/29 14:47:38 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2006/06/29 14:47:38 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2006/06/29 14:47:38 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2006/06/29 14:47:38 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2006/06/29 14:47:38 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2006/06/29 14:47:38 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2006/06/29 14:47:38 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2006/06/29 14:47:38 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2006/06/29 14:22:38 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/06/29 14:20:32 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2001/10/28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/07 20:27:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 11:44:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 08:04:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 08:00:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLUSE~1.HPL\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (96991526)
DRV - [2012/05/01 19:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/05 14:58:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/07/05 14:58:26 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/28 08:05:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 08:05:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/05/23 17:26:34 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/06 21:13:16 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/07/06 11:28:58 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 11:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg5.mail.yahoo.com/neo/launch?.rand=921gl4f8e2f8h
IE - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\SearchScopes,DefaultScope = {7C3D0C73-E7D9-43C0-A445-C620C849292D}
IE - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\SearchScopes\{7C3D0C73-E7D9-43C0-A445-C620C849292D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\All Users.HPLAPTOP\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/09 18:32:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 11:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/07 20:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 08:45:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/09 18:32:40 | 000,000,000 | ---D | M]

[2010/08/21 12:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Extensions
[2010/08/21 12:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/07 20:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\extensions
[2011/08/25 20:43:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/29 07:41:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/27 20:06:14 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\extensions\DeviceDetection@logitech.com
[2011/11/12 09:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\extensions\nostmp
[2011/06/23 23:19:08 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\searchplugins\googlecom-in-english.xml
[2012/08/07 20:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/07 20:48:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/20 11:44:23 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/19 05:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 05:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2012/06/18 07:17:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 07:17:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/08/06 20:45:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users.HPLAPTOP\Start Menu\Programs\StartUp\Dropbox.lnk = C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file:///E:/components/Liquid.ocx (Liquid.LiquidHelper)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178585190202 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEB61FA9-15D4-45DE-B5BC-184ECC6197DF}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\All Users.HPLAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users.HPLAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 07:13:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\OTL.exe
[2012/08/07 20:48:44 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/07 20:48:44 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/07 20:48:44 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/07 20:48:44 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/06 20:25:51 | 004,725,168 | R--- | C] (Swearware) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\caseyboy.exe
[2012/07/29 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\gmer
[2012/07/29 16:51:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\dds.scr
[2012/07/29 15:52:44 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\esetsmartinstaller_enu.exe
[2012/07/29 15:52:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\aswMBR.exe
[2012/07/29 15:52:16 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\tdsskiller.exe
[2012/07/24 20:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\emsisoft
[2012/07/23 21:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Ramius
[2012/07/23 21:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Allegria
[2012/07/23 21:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Media Player Classic
[2012/07/23 20:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2012/07/23 20:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2012/07/23 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Rogue
[2012/07/20 14:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windstream
[2012/07/20 14:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Motive
[2012/07/20 14:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windstream_BCUC
[2012/07/20 13:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Windstream
[2012/07/20 13:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/07/20 13:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Radialpoint
[2012/07/20 13:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windstream
[2012/07/20 13:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windstream_Activation
[2012/07/20 13:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2012/07/20 13:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 07:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/08 07:22:05 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 07:12:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\OTL.exe
[2012/08/08 07:09:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/08 07:09:26 | 000,001,691 | ---- | M] () -- C:\hpqp.ini
[2012/08/08 07:08:56 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2012/08/08 07:08:48 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 07:08:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/08 07:08:28 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 20:52:37 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/08/07 20:48:24 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/07 20:48:24 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/07 20:48:24 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/07 20:48:24 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/07 20:48:24 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/07 20:48:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/07 20:27:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/07 20:27:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/06 20:45:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/06 10:40:28 | 004,725,168 | R--- | M] (Swearware) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\caseyboy.exe
[2012/07/29 16:56:30 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\gmer.zip
[2012/07/29 16:49:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\dds.scr
[2012/07/29 16:48:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\defogger_reenable
[2012/07/29 16:38:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Defogger.exe
[2012/07/29 15:48:08 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\esetsmartinstaller_enu.exe
[2012/07/29 15:46:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\aswMBR.exe
[2012/07/29 15:45:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\tdsskiller.exe
[2012/07/29 15:39:07 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Start Menu\Programs\StartUp\ctfmon.lnk
[2012/07/28 21:34:14 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\z7_0ytr.pad
[2012/07/27 21:24:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 14:02:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 20:33:12 | 144,644,477 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\My Documents\EmsisoftEmergencyKit.zip
[2012/07/20 14:59:36 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Windstream Broadband Check-up Center.lnk
[2012/07/20 13:50:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/07/17 19:01:35 | 000,178,701 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\AM266.pdf
[2012/07/12 21:56:15 | 009,830,264 | ---- | M] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\SetupAnyDVD7050.exe
[2012/07/12 07:02:06 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 23:14:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 16:59:14 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\gmer.zip
[2012/07/29 16:48:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\defogger_reenable
[2012/07/29 16:47:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Defogger.exe
[2012/07/29 16:41:42 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/27 21:24:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 20:39:59 | 144,644,477 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\My Documents\EmsisoftEmergencyKit.zip
[2012/07/24 14:05:16 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Start Menu\Programs\StartUp\ctfmon.lnk
[2012/07/24 14:05:15 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\z7_0ytr.pad
[2012/07/23 20:35:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 14:59:36 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\Windstream Broadband Check-up Center.lnk
[2012/07/17 19:01:34 | 000,178,701 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\AM266.pdf
[2012/07/12 21:56:14 | 009,830,264 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Desktop\SetupAnyDVD7050.exe
[2012/02/15 08:43:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/22 16:01:09 | 000,193,316 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2012/01/22 16:01:09 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2011/08/11 00:32:50 | 000,324,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1702516696-1542184632-416428452-1013-0.dat
[2011/06/11 11:44:26 | 000,069,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/31 18:25:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18013988
[2011/04/25 21:24:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/25 21:24:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/25 21:24:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/25 21:24:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/25 21:24:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/08 00:43:00 | 000,324,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/30 00:07:25 | 000,027,409 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2008/05/05 18:06:39 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\default.pls
[2008/05/02 19:28:07 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\.rnd
[2008/03/31 21:06:53 | 000,005,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/01/04 22:01:11 | 000,887,932 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/11/01 20:50:00 | 000,002,941 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/18 20:53:37 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/06/18 20:21:27 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Caches
[2007/06/18 20:21:27 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Bubble Noise
[2007/06/18 20:21:27 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/02/03 16:36:17 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/01/25 22:03:22 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Application Data\wklnhst.dat
[2007/01/22 12:38:23 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/16 23:18:59 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\All Users.HPLAPTOP\Local Settings\Application Data\fusioncache.dat

< End of report >

and the other one:

OTL Extras logfile created on: 8/8/2012 7:14:09 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users.HPLAPTOP\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 163.82 Mb Available Physical Memory | 16.16% Memory free
2.38 Gb Paging File | 1.63 Gb Available in Paging File | 68.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 39.95 Gb Free Space | 40.31% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.20 Gb Free Space | 10.32% Space Free | Partition Type: FAT32

Computer Name: HPLAPTOP | User Name: All Users | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1702516696-1542184632-416428452-1013\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" = C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe:*:Enabled:Network Drive Mapping Utility Application -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\All Users.HPLAPTOP\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{07041881-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Student with Encarta Premium 2007
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0D9C6525-FE1B-471E-ADF1-BF286546EC58}" = H&R Block North Carolina 2010
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Pavilion Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AFE8B2D-79BD-48C0-B9DF-79A92DB918E2}" = TaxCut North Carolina 2008
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6466C45C-DC2E-4E75-A677-2F384FF26376}" = TaxCut South Carolina 2008
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{916B2871-EB8A-4744-8880-AE0019823835}" = H&R Block North Carolina 2011
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9F1DAC1F-A47F-44F7-88C5-3D714500D2E9}" = H&R Block South Carolina 2011
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Learning Essentials for Microsoft Office
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B8B08D9D-EDE8-4325-A0B6-7B1759D6E72B}" = H&R Block South Carolina 2010
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C7325E7B-6844-4D46-9515-365BCE0DC185}" = Network Drive Mapping Utility
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CloneDVD2" = CloneDVD2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"CSCLIB" = Canon Camera Support Core Library
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Print Projects" = HP Print Projects 1.0
"HP Rhapsody" = HP Rhapsody
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"Motorola USB Drivers" = Motorola USB Drivers
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"PROSet" = Intel® PRO Network Connections Drivers
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"Super DX-Ball_is1" = Super DX-Ball v1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Windstream_BCUC" = Windstream Broadband Check-up Center
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1702516696-1542184632-416428452-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"RadialpointServicepointDashboardExtensions_is1" = Radialpoint Servicepoint Dashboard Extensions version 12.2.27.36396

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2012 9:25:57 PM | Computer Name = HPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16381922

Error - 7/19/2012 9:25:57 PM | Computer Name = HPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16381922

Error - 7/25/2012 7:09:25 AM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/25/2012 3:29:22 PM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/26/2012 12:19:33 AM | Computer Name = HPLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application rstrui.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2012 9:21:40 PM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/27/2012 10:27:27 PM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 7/28/2012 4:23:58 PM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/28/2012 9:30:56 PM | Computer Name = HPLAPTOP | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 7/29/2012 3:39:16 PM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 5/19/2010 8:23:25 PM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1919
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/26/2010 9:33:28 PM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16404
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/7/2012 8:28:27 PM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 8/7/2012 8:38:02 PM | Computer Name = HPLAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/7/2012 8:38:17 PM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 8/7/2012 8:38:12 PM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/7/2012 8:53:35 PM | Computer Name = HPLAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/7/2012 8:53:35 PM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 8/8/2012 7:08:47 AM | Computer Name = HPLAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/8/2012 7:08:48 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 8/8/2012 7:09:04 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/8/2012 7:10:43 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >

Thanks for your help

Jay

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 PM

Posted 08 August 2012 - 03:06 PM

Hi,

Spybot S&D

I recommend that you uninstall Spybot S&D, as it is no longer capable of detecting the latest threats. Much better anti-malware solutions, such as MalwareByte's exsit, and running Spybot S&D can be an added layer of complication during the cleaning process due to it's resident TeaTimer component.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1702516696-1542184632-416428452-1013\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    
    :commands
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 ncfj40

ncfj40
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 08 August 2012 - 08:10 PM

hey Casey,
Deleted Spybot through Add/remove programs.
Ran OTL fix with custom scan/fix pasted in appropriate spot.

here is the log created:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1702516696-1542184632-416428452-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== COMMANDS ==========
Error creating restore point.

OTL by OldTimer - Version 3.2.56.0 log created on 08082012_210639

Thanks,
Jay




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users