Open Cloud Av

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7919

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2011 7:55:48 PM
mbam-log-2011-10-10 (19-55-48).txt

Scan type: Quick scan
Objects scanned: 198940
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Hello, jacquefromla.
Looking better. Almost done...is your computer running OK for you?



Step 1

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 2

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

etavares

 

etavares thank you so much, Ive finally been able turn Microsoft security essentials back on. Everything seems to be running much better. Of course here is the eset log, and its not pretty Can you tell by any of these logs or scans where I am picking this junk up?

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP757\A0115754.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP758\A0115794.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP758\A0115802.exe a variant of Win32/Kryptik.TOL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP758\A0115860.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP758\A0115872.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP759\A0115881.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP759\A0115889.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP759\A0115897.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP759\A0115908.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP760\A0115919.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP760\A0115932.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP762\A0116516.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

 

Hello, jacquefromla.

I think that log is beautiful. THose viruses it detected are leftovers from the infection in system restore points, not active viruses. ESET cleaned them so you won't get reinfected if you did a system restore.

I'd like to see on last OTL log...please open OTL and press Quick Scan and post the resulting log here. ALmost done!

etavares

 

Ok, I hope this log looks good.


OTL logfile created on: 10/13/2011 9:01:20 PM - Run 5
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\HP_Owner\Desktop\My Shared Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 118.35 Mb Available Physical Memory | 23.51% Memory free
1.20 Gb Paging File | 0.72 Gb Available in Paging File | 59.81% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 129.75 Gb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive K: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.26% Space Free | Partition Type: FAT

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\HP_Owner\Desktop\My Shared Folder\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BJComBase.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MpKsl66e30628) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D90D02A-4046-47C3-B80A-91498DC3B6F3}\MpKsl66e30628.sys (Microsoft Corporation)
DRV - (bsusbser) -- C:\WINDOWS\system32\drivers\bsusbser.sys (QUALCOMM Incorporated)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com ppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com prjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com prpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com sJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D3F9D703-682F-4A54-B106-7D19FA44DD72}: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{D3F9D703-682F-4A54-B106-7D19FA44DD72}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 18:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 18:47:39 | 000,000,000 | ---D | M]

[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/12 15:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions
[2010/07/06 09:14:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/16 14:16:08 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2011/08/18 23:30:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/16 14:16:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2010/10/29 01:24:25 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\searchplugins\askcom.xml
[2011/10/12 23:28:34 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\searchplugins\fenopy.xml
[2011/10/08 11:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/21 16:35:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/08/21 16:35:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/21 16:35:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/08 10:37:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCA507B5-39ED-4482-9891-99716DCB2EC4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 11:55:35 | 000,000,752 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/08/13 15:48:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 13:26:58 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/10/11 13:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/10 18:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/10 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/10 18:05:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Owner\Desktop\erunt-setup.exe
[2011/10/08 18:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/08 18:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/08 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/08 18:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/08 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/08 18:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/08 11:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\RK_Quarantine
[2011/10/08 11:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\WINDOWS
[2011/10/08 11:44:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/08 11:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/10/08 09:48:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 09:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\GrantPerms
[2011/10/06 23:32:56 | 000,000,000 | ---D | C] -- C:\Junction


========== Files - Modified Within 30 Days ==========

[2011/10/13 21:02:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 21:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 15:25:28 | 000,828,157 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\stargazer.zip
[2011/10/13 15:25:00 | 000,979,458 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\20111012132825918.pdf
[2011/10/13 13:56:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/13 13:52:32 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/10/13 13:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 10:44:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/12 12:56:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/11 13:27:07 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/10/10 18:18:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/10 18:18:01 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2011/10/10 18:05:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Owner\Desktop\erunt-setup.exe
[2011/10/08 18:58:10 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/08 18:47:11 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 11:56:09 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 11:56:09 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/08 11:47:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/08 10:37:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/08 09:18:35 | 000,450,862 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\GrantPerms.zip
[2011/10/07 22:32:20 | 000,007,829 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\appleLOGOcut_220430.jpg
[2011/10/06 23:29:01 | 000,079,623 | ---- | M] () -- C:\Junction.zip
[2011/10/06 19:35:30 | 000,455,503 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\DummyCreator.zip
[2011/09/24 11:06:48 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 01:44:22 | 000,730,729 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\DSC02287.JPG

========== Files Created - No Company Name ==========

[2011/10/13 15:29:43 | 000,979,458 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\20111012132825918.pdf
[2011/10/13 15:25:44 | 000,828,157 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\stargazer.zip
[2011/10/10 18:18:04 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/10 18:16:42 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2011/10/08 18:58:10 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/08 18:47:11 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 11:56:09 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/08 09:18:47 | 000,450,862 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\GrantPerms.zip
[2011/10/07 22:32:17 | 000,007,829 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\appleLOGOcut_220430.jpg
[2011/10/06 23:29:34 | 000,079,623 | ---- | C] () -- C:\Junction.zip
[2011/10/06 19:35:58 | 000,455,503 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\DummyCreator.zip
[2011/09/21 01:44:14 | 000,730,729 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\DSC02287.JPG
[2011/03/31 23:27:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/12 18:44:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/08 01:20:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/25 18:43:07 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 09:58:35 | 000,007,337 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010/02/22 09:58:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/18 14:52:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/01/10 17:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/10 16:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 14:34:00 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2006/06/10 09:17:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/08 21:03:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/08/13 15:50:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/13 15:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/13 15:46:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/13 15:46:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/13 15:46:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/19 11:08:56 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/02/27 11:28:59 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/19 00:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/10/14 14:22:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/16 14:09:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/16 14:09:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/16 14:08:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/16 14:08:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/16 14:08:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/16 14:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/16 14:08:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/16 14:07:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/08 08:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 14:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 14:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 14:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 14:33:31 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/08/07 14:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 14:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 14:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 13:50:45 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2004/08/07 13:50:45 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2004/08/07 13:33:07 | 000,089,028 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/08/07 13:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/08/07 13:24:38 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/08/07 13:24:38 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/08/07 13:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/07 13:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/08/07 12:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 12:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 12:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 12:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 12:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 12:01:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/07 11:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 11:47:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/07 11:47:05 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 11:47:05 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 11:46:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/07 04:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:52 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2004/02/27 17:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 10:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 10:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 18:38:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2004/10/13 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2005/02/13 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0205
[2010/04/30 12:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/08/19 12:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nA01602EgMcH01602
[2011/06/28 18:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/19 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/16 10:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/07 03:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/13 13:56:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

 

Hello, jacquefromla.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

• Download OTC by OldTimer and save it to your desktop.
• If that link doesn't work, try this one.
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
• Then Click the big button.
• You will get a prompt saying "Begin Cleanup Process". Please select Yes.
• Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:

1. Double-click the Downloaded installer and install the tool to a location of your choice
2. Via the Startmenu, navigate to HostsMan and run the program.
   • Click "Hosts" in the menu
   • Click "Manage Updates" in the submenu
   • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
   • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
     
3. Click the X to exit the program.
4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares

 

I cant get my Microsoft Security Tools to update?

 

OK, might be a leftover...what exactly are you trying to update and what's the message you're getting?

 

Virus and update definitions failed
internet connectivity issue
Error 0x80070424

When I click the help tab it instructs me to do this for window XP
Microsoft Security Essentials uses Microsoft Updates (MU) service to deliver the virus and spyware definition updates and product upgrades. The definition updates and/or the product upgrade failures are generally caused by this service and results in a “0x8*******” error. If you encounter these errors, please write down the exact error code and follow these steps.
Step 1: Restart the Microsoft Update (MU) service

1. 
   In Windows XP, click Start, click Run, type services.msc, and then press Enter.
2. 
   Right click Automatic Updates and then click Start. If Start is unavailable, click Restart.

I have looked under the window services none of them appear to be the automatic updates I am directed to start/restart

 

When running secunia for the 3rd time after doing the recommended updates then restarting my browser it still says this Sun Java JRE 1.5.x / 5.x 5.0.20.9


This installation of Sun Java JRE 1.5.x / 5.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 5.0.20.9, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.240.0.

But when I go to Java and (Ive installed the new version 3 times but secunia keeps saying I have the old one)and chose to verify my java version I get this
Verified Java Version

Congratulations!

You have the recommended Java installed (Version 6 Update 27).

 

Scunia is also giving me an error missing windows updates....
but no information on how to fix them. By trying to figure out that prob myself it tell me to go to the start menu, control panel,. auto updates, and my settings are currently download and install updates automatically.

 

To confirm, automatic updates is not in your list of services to start?

For secunia, you may have more than one version of Java installed...if you see Java 1.5 or Java 5 in your add/remove programs, uninstall it. If not, it's leftovers you can delete manually if you want (there should be an option in secunia to open the folder it's detecting it in).

 

That is correct, I was able to update Microsoft Security Essentials on 10/18 when a update notice popped up. Today I try to make it manually look for an update but it wont and shows the last time back on the 18th.

MIcrosoft Security Alerts is red saying I need to turn on auto updates to be fully protected but it wont change to green no matter what I try.

 

OK, sounds like there was a leftover, or you picked up a new virus. Let's start with MBAM:


Hello, jacquefromla.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

 

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7999

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2011 9:16:46 AM
mbam-log-2011-10-22 (09-16-46).txt

Scan type: Quick scan
Objects scanned: 198382
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Hello, jacquefromla.


Step 1

We need to create an OTL report,

• Please download OTL from this link.
• (If that link doesn't work, try this alternate link
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Select "Use Safelist" under "Extra Registry"
• Under the Custom Scan box paste this in:
  
  netsvcs
  msconfig
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.sys /90
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\*
  %USERPROFILE%\..|smtmp;true;true;true /FP
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button.
• The scan should take a few minutes.
• Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

Step 2

Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

etavares

 

I just want to mention Ive installed hostman, its been great. Also I removed the one Ask taskbar like you suggested then I had a firefox update and now I have a new taskbar that wasnt here before. I tried going tp add/remove programs and remove the yahoo taskbar but it removed a another taskbar and left this new one?


OTL logfile created on: 10/24/2011 11:04:05 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 122.59 Mb Available Physical Memory | 24.36% Memory free
1.20 Gb Paging File | 0.67 Gb Available in Paging File | 56.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 128.61 Gb Free Space | 71.25% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive K: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.26% Space Free | Partition Type: FAT

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 10:59:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/06 10:45:24 | 003,043,840 | ---- | M] (abelhadigital.com) -- C:\Program Files\HostsMan\hm.exe
PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\common\YMailAdvisor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/07 14:33:31 | 000,016,423 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2004/07/06 01:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/01 18:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/03/12 04:23:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 08:20:01 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/28 23:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2004/08/07 14:33:31 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2004/08/07 14:33:31 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2004/08/07 14:33:31 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2004/08/07 14:33:31 | 000,024,615 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\frext-309731.dll
MOD - [2004/08/07 14:33:31 | 000,024,615 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll
MOD - [2004/08/07 14:33:31 | 000,016,423 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
MOD - [2004/08/07 14:33:28 | 000,114,688 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/03/18 23:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/24 10:23:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92FF43C0-6976-4E32-85B0-3D2D159980A2}\MpKsla1c15887.sys -- (MpKsla1c15887)
DRV - [2006/12/20 04:01:08 | 000,094,848 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bsusbser.sys -- (bsusbser)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/19 17:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 04:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/06 23:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 17:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D3F9D703-682F-4A54-B106-7D19FA44DD72}: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{D3F9D703-682F-4A54-B106-7D19FA44DD72}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 18:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 20:03:29 | 000,000,000 | ---D | M]

[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/21 21:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions
[2010/07/06 09:14:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/16 14:16:08 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2011/10/21 21:30:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/18 23:30:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/16 14:16:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2011/10/16 12:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 12:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/16 12:46:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/16 12:46:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/17 21:11:20 | 000,502,560 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 0.r.msn.com #[microsoft_adcenter]
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.adbrite.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.marketbanker.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100-100.ru
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 127.0.0.1 100.topnews.ru
O1 - Hosts: 14597 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCA507B5-39ED-4482-9891-99716DCB2EC4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 11:55:35 | 000,000,752 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/08/13 15:48:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 10:59:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/10/20 20:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/10/16 13:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/16 13:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/16 13:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/10/16 13:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\abelhadigital.com
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2011/10/16 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan
[2011/10/16 12:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan
[2011/10/11 13:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/10 18:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/10 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/08 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/08 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/08 18:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/08 11:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\WINDOWS
[2011/10/08 11:44:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/08 11:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/10/06 23:32:56 | 000,000,000 | ---D | C] -- C:\Junction

========== Files - Modified Within 30 Days ==========

[2011/10/24 11:07:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 10:59:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/10/24 10:49:05 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/10/24 10:43:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/24 10:28:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/24 10:24:26 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/10/24 10:24:24 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 10:23:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/24 10:23:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/23 11:51:58 | 000,045,680 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Soap.jpg
[2011/10/23 11:50:07 | 000,057,452 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\MiamiMirror.jpg
[2011/10/23 11:47:13 | 000,067,484 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\NewOpen.jpg
[2011/10/21 23:12:13 | 000,690,581 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\DSC02287.JPG
[2011/10/20 20:07:57 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/20 20:07:57 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/10/19 12:56:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/17 21:11:20 | 000,502,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/10/17 21:08:51 | 000,502,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/10/16 13:32:29 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/15 23:31:23 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 14:08:30 | 000,024,876 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns3.jpg
[2011/10/14 14:08:14 | 000,818,659 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns2.png
[2011/10/14 14:07:54 | 000,032,799 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns1.jpg
[2011/10/10 18:18:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/08 18:47:11 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 11:56:09 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 11:56:09 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/06 23:29:01 | 000,079,623 | ---- | M] () -- C:\Junction.zip

========== Files Created - No Company Name ==========

[2011/10/24 10:49:05 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/10/23 11:51:57 | 000,045,680 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Soap.jpg
[2011/10/23 11:50:06 | 000,057,452 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\MiamiMirror.jpg
[2011/10/23 11:47:10 | 000,067,484 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\NewOpen.jpg
[2011/10/22 21:21:52 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/20 20:07:57 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/10/20 20:07:56 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/16 13:32:29 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/16 13:18:29 | 000,818,659 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns2.png
[2011/10/16 13:18:29 | 000,032,799 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns1.jpg
[2011/10/16 13:18:29 | 000,024,876 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns3.jpg
[2011/10/16 12:30:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/10 18:18:04 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/08 18:47:11 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 11:56:09 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/06 23:29:34 | 000,079,623 | ---- | C] () -- C:\Junction.zip
[2011/03/31 23:27:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/12 18:44:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/08 01:20:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/25 18:43:07 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 09:58:35 | 000,007,337 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010/02/22 09:58:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/18 14:52:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/01/10 17:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/10 16:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 14:34:00 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2006/06/10 09:17:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/08 21:03:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/08/13 15:50:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/13 15:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/13 15:46:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/13 15:46:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/13 15:46:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/19 11:08:56 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/02/27 11:28:59 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/19 00:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/10/14 14:22:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/16 14:09:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/16 14:09:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/16 14:08:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/16 14:08:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/16 14:08:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/16 14:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/16 14:08:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/16 14:07:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/08 08:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 14:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 14:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 14:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 14:33:31 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/08/07 14:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 14:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 14:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 13:50:45 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2004/08/07 13:50:45 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2004/08/07 13:33:07 | 000,089,028 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/08/07 13:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/08/07 13:24:38 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/08/07 13:24:38 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/08/07 13:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/07 13:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/08/07 12:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 12:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 12:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 12:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 12:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 12:01:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/07 11:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 11:47:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/07 11:47:05 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 11:47:05 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 11:46:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/07 04:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:52 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2004/02/27 17:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 10:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 10:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 18:38:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/10/16 12:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2004/10/13 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2005/02/13 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0205
[2010/04/30 12:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/08/19 12:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nA01602EgMcH01602
[2011/06/28 18:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/19 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/16 10:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/07 03:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacque2\Application Data\SampleView
[2011/10/24 10:28:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/06/18 11:56:45 | 000,000,029 | ---- | M] () -- C:\alrt_204.data
[2005/02/27 11:55:35 | 000,000,752 | ---- | M] () -- C:\autoAlbum.log
[2005/08/13 15:48:14 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/08/13 15:48:38 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2005/08/18 15:43:43 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/10/11 19:25:42 | 000,000,196 | RHS- | M] () -- C:\BOOTNXX.BAK
[2004/08/04 05:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/04/17 22:21:51 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2004/08/07 12:03:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/17 01:20:27 | 000,034,792 | ---- | M] () -- C:\DEBUG.TXT
[2010/12/20 23:34:33 | 000,004,314 | ---- | M] () -- C:\Disc1.mds
[2011/10/20 15:34:43 | 000,018,434 | ---- | M] () -- C:\hpfr3500.log
[2005/03/11 13:18:42 | 000,000,216 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/07 12:03:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/10/14 14:22:23 | 000,000,221 | -H-- | M] () -- C:\IPH.PH
[2011/10/06 23:29:01 | 000,079,623 | ---- | M] () -- C:\Junction.zip
[2004/08/07 12:03:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/23 17:40:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/24 10:23:28 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2011/01/04 13:39:27 | 000,000,411 | ---- | M] () -- C:\rkill.log
[2005/08/18 15:44:55 | 000,003,681 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 04:54:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/07 04:54:11 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/07 04:54:10 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 23:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 23:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 23:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 23:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 23:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 23:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< End of report >

 

OTL Extras logfile created on: 10/24/2011 11:04:05 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 122.59 Mb Available Physical Memory | 24.36% Memory free
1.20 Gb Paging File | 0.67 Gb Available in Paging File | 56.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 128.61 Gb Free Space | 71.25% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive K: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.26% Space Free | Partition Type: FAT

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe" = C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos.
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet 5100 series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.2.73
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{8FD62EBB-3175-4907-A326-989B14E5C757}" = hp deskjet 3500
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FBCFA617-1856-4BE2-BA3C-BADD374757E7}" = 2500
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BackWeb-309731 Uninstaller" = Updates from HP
"BroadJump Client Foundation" = BroadJump Client Foundation
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photo Printing Software" = HP Photo Printing Software
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Open DVD ripper_is1" = Open DVD ripper 1.70 Build 430
"PlexUtil" = SmartPack 1.20.5
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 12:00:04 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 10/22/2011 8:54:59 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4ec674b2.

Error - 10/23/2011 12:22:16 AM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/23/2011 12:22:21 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Security Client | ID = 5000
Description =

Error - 10/23/2011 1:34:32 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 10/23/2011 2:55:40 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.0.0.2014, faulting
module icm32.dll, version 5.1.2600.5512, fault address 0x0000433c.

Error - 10/23/2011 2:58:49 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.0.0.2014, faulting
module icm32.dll, version 5.1.2600.5512, fault address 0x0000433c.

Error - 10/24/2011 1:25:30 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/24/2011 1:25:34 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Security Client | ID = 5000
Description =

Error - 10/24/2011 1:25:48 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

[ System Events ]
Error - 10/19/2011 1:50:02 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.113.1445.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7702.0&avdelta=1.113.1445.0&asdelta=1.113.1445.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.7702.0 Error code: 0x80070008 Error description: Not
enough storage is available to process this command.

Error - 10/19/2011 2:03:36 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.113.1445.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/19/2011 2:05:55 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/20/2011 1:59:56 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/20/2011 10:57:03 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/21/2011 4:42:34 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/21/2011 6:23:41 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/22/2011 2:23:02 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/23/2011 12:22:13 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 10/24/2011 1:25:29 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.68.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

 

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-24 11:28:00
-----------------------------
11:28:00.546 OS Version: Windows 5.1.2600 Service Pack 3
11:28:00.546 Number of processors: 2 586 0x304
11:28:00.546 ComputerName: YOUR-AE066C3A9B UserName: HP_Owner
11:28:02.796 Initialize success
11:28:37.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
11:28:37.937 Disk 0 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
11:28:39.968 Disk 0 MBR read successfully
11:28:39.968 Disk 0 MBR scan
11:28:39.984 Disk 0 unknown MBR code
11:28:40.000 Disk 0 scanning sectors +390700800
11:28:40.078 Disk 0 scanning C:\WINDOWS\system32\drivers
11:28:45.546 Service scanning
11:28:46.015 Service MpKsla1c15887 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92FF43C0-6976-4E32-85B0-3D2D159980A2}\MpKsla1c15887.sys **LOCKED** 32
11:28:46.671 Modules scanning
11:28:52.031 Disk 0 trace - called modules:
11:28:52.093 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:28:52.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f8a030]
11:28:52.125 3 CLASSPNP.SYS[f8602fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x82fce830]
11:28:52.140 Scan finished successfully
11:29:09.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
11:29:09.687 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBR.txt"

 

Hello, jacquefromla.

I can see the errors for updating MSE. I don't see anything obvious. Let's fix a few minor items and get another scan.

You can also uninstall the Ask Toolbar.


Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

• Please download erunt-setup.exe to your desktop.
• Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
• Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

We need run an OTL Script

1. Please download OTL from one of the following mirrors if you do not still have it.
   • This is first Mirror
   • This is the second mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Paste the following code under the Custom Scans/Fixes box at the bottom.
   
   Code:

   :OTL
   O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
   IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
   :Files
   C:\Documents and Settings\All Users\Application Data\nA01602EgMcH01602
   

5. Click the Run Fix button at the top.
6. let the program run unhindered and reboot when it is done.
7. You will get a log when it is done, please post that in your reply.
8. Please then create a new OTL report....
9. Click the "Scan All Users" checkbox.
10. Push the button.
11. A report will open, copy and paste it in a reply here.

Step 3

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

etavares